Over 1 million tech questions and answers.

problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Q: problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

After putting an usb drive that i use for printing avast started notifyng me of wscript.exe  trying to access this sites: (http://etpsoprc.ru/a/, http://specrtop.org/a/).
 
i dont know what to do and i cant initiate a lot of the cleaning tools mentioned on other sites. any help will be aprecciated.

RELEVANCY SCORE 200
Preferred Solution: problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500601 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 2 answers
RELEVANCY SCORE 93.6

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers
RELEVANCY SCORE 83.6

Hi all,I appear to have this malware and came across bleepingcomputers looking for solutions. It seems like plenty of other people have had this rotten thing. On the surface it doesn't appear to be doing anything but obviously I'm very wary of what could be happening behind the scenes.Norton AntiVirus pops up the security alert at random intervals warning of an intrusion attempt. Here's the latest one:Intrusion: HTTP Tidserv Request.Intruder: 30xc1cjh91.com(85.12.46.158)(http(80)).Risk Level: High.Protocol: TCP.Attacked IP: OFFICE(192.168.0.100)Attacked Port: 1210and another shortly after:Intrusion: HTTP Tidserv Request.Intruder: 19js810300z.com(91.212.226.67)(http(443)).Risk Level: High.Protocol: TCP.Attacked IP: OFFICE(192.168.0.100)Attacked Port: 1330(thankfully) I'm a complete newbie handling viruses etc. so any help would be great appreciated!

A:HTTP Tidserv Request warnings

Hello,It looks like you've got a bad rootkit aboard which will require specialized tools to remove. Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 79.2

Firefox Adds Warnings About Insecure Login Forms Hosted on HTTP Pages

The "feature" will be added to Firefox 44
Richard Barnes, Mozilla head of Security Engineering, has announced on Twitter that Firefox will start marking any Web page that hosts login forms on HTTP connections as "insecure" and display an appropriate icon to warn users of the danger.

This is a significant step towards making the Web a safer place, because even if the login form submits data to an HTTPS connection, attackers could still use JavaScript code loaded on the page to steal the user's password before it is sent to the more secure HTTP connection.



Technically, as explained by Mr. Barnes, any HTML "input" tag set to work as a password field will automatically trigger this warning if the page's URL is HTTP. This means that it will also show up on sign up (registration) forms.

The icon and popup displayed for this warning are the same as for the errors you see for insecure HTTPS certificates, but this was done on purpose since most Firefox users are trained to catch this type of error out of the corner of their eye and investigate the issue further.

The feature is primed for launch in Firefox 44 but is already part of the Firefox Nightly edition. Firefox 44 will also add better SSL error notifications.

Firefox Nightly is available for download via Softpedia for Mac and Windows operating systems. There's no Linux version for this edition.

PSA... Read more

A:Firefox Adds Warnings About Insecure Login Forms Hosted on HTTP Pages

Luckily we wont be marked
 

Read other 1 answers
RELEVANCY SCORE 78.8

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

A:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLAY ANTI SEEK\IDOLDEAD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

A:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

Read other 9 answers
RELEVANCY SCORE 78.8

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\... Read more

A:Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Read other 7 answers
RELEVANCY SCORE 78

Hi
Everytime I run Google Chrome Avast warns me with a window popping up saying that "avast Web Shield blocked a harmful webpage or file."
I ran some securitycheck and these were the results:
 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

A:AVAST! Object: http://codegv.ru/ - infection: URL:MAL

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/551629 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 78

I need some help, thanks
 
 
I'm getting this message"malicious url blocked
Avast! Network Sheild has blocked a harmful site
Object:  Http:\\k9x6zxj8.com/icf
Infection: URL:Mal
Process: C:\progran files\...\firefox.exe
I got the internet working again by removing the proxy se

A:Avast says malicious url blocked? Http:\\k9x6zxj8.com/icf

VT Results: https://www.virustotal.com/en/
 

Read other 3 answers
RELEVANCY SCORE 77.6

Hi, When i am trying to record and web application which is launched on Sharepoint i have below scriptweb_custom_request("ProcessQuery",         "URL=http://vc1cgr01cgi006:9090/_vti_bin/client.svc/ProcessQuery",         "Method=POST",         "Resource=0",         "RecContentType=application/json",         "Referer=http://vc1cgr01cgi006:9090/Lists/DSPortalBase/Home.aspx#",         "Snapshot=t2.inf",         "Mode=HTML",         "EncType=text/xml",         "Body=<Request xmlns=\"http://schemas.microsoft.com/sharepoint/clientquery/2009\" SchemaVersion=\"15.0.0.0\" LibraryVersion=\"15.0.0.0\" ApplicationName=\"Javascript Library\"><Actions><Query Id=\"23\" ObjectPathId=\"2\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query><Query Id=\"24\" ObjectPathId=\"5\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query></Actions><ObjectPaths><Property Id=\"2\" ParentId=\"0\" Name=\"Site\" /><Property Id=\"5\" ParentId=\"... Read more

A:HTTP Status-Code=403 (FORBIDDEN) for "http://vc1cgr01cgi006:...

hi ! Same problem here, have you find a solution?

Read other 6 answers
RELEVANCY SCORE 77.6

This is one of the pop-ups that I consistently have. The following is my log file. Every time my internet explorer loads, it pops up. I hardly every use it - I mostly use Mozilla Firefox. I also get a popup from Smashhits, but I don't know the url to that one. Thanks for your help!



Logfile of HijackThis v1.99.1
Scan saved at 5:58:24 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alarm\AlarmMonitor.exe
C:\Program Files\Alarm\Alar... Read more

A:http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 76.8

Avast pop up's on my laptop and a link to my resolved desktop issue with the same problem http://www.bleepingcomputer.com/forums/t/623628/avast-pop-up-httpk9x6zxj8comappc-emng-chrome-malware/
 
Object
http://k9x6zxj8.com/appc & http://k9x6zxj8.com/emng
 
Infection
URL: Mal
 
Process
C:\Program Files (x86)\Goggle\Chrome\Application\chrome.exe
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Michelle (administrator) on MICHELLE (19-08-2016 13:37:25)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudS... Read more

A:Avast pop-up http://k9x6zxj8.com/appc Part #2 Laptop

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Michelle (19-08-2016 13:37:51)
Running from C:\Users\Michelle\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-17 02:47:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2034359778-875807661-3169004759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2034359778-875807661-3169004759-503 - Limited - Disabled)
Guest (S-1-5-21-2034359778-875807661-3169004759-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2034359778-875807661-3169004759-1003 - Limited - Enabled)
Michelle (S-1-5-21-2034359778-875807661-3169004759-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled man... Read more

Read other 2 answers
RELEVANCY SCORE 76

Hi Guys,
 
I'm getting pop-ups from Avast on both my laptop and my desktop pc. It's happening almost every time I open a new tab.
 
Object
http://k9x6zxj8.com/appc & http://k9x6zxj8.com/emng
 
Infection
URL: Mal
 
Process
C:\Program Files (x86)\Goggle\Chrome\Application\chrome.exe
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Michelle (administrator) on ALPHA-7VNY322 (16-08-2016 16:50:34)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle & Alpha Console)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(... Read more

Read other answers
RELEVANCY SCORE 76

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:48 PM, on 11/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exec:\PROGRA~1\mcafee.com\ag... Read more

A:Getting re-routed to http://alphawipe.com/ and http://destroytracks.com/

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 75.2

I posted a question a few weeks ago about getting a virus from youtube. Well, I feel like a total dolt considering I ignored Quietmans suggestions about youtube. Actually, I didn't ignore his thoughts, just didn't think anything would happen to me because I hardly look at youtube, but I had a lot of down time, so......
I've been watching a lot of youtube music videos this week, and two days ago I started getting the avast threat detected and stopped, no further action is necessary.
I've been on here long enough to believe further action surely may be necessary, so I ran mbam, sbsd, sas, no infections were found. But I have yet to scan in safe mode. I also use Comodo Firewall and all of these are the free versions.
Before I download all kids of stuff, I must say that I cannot update my os because I accidentally deleted 2 necessary files some time ago. I've tried everything I knew about to try to recover those files but have been unsuccessful.
My thinking is maybe I should just create the system restore discs and just reformat the system and start from scratch? 
What do you think?

Read other answers
RELEVANCY SCORE 75.2

hello,

From yesterday, i have been getting pop up from avast about differentia .ru/diff.php. I think this happened after I plugged in a infected USB (pendrive). How to solve this?
 

A:avast free antivirus popup of http://differentia.ru/diff.php malware

no particular symptoms **
 

Read other 3 answers
RELEVANCY SCORE 73.2

i have a problem call redirect virus in my firefox need help i try everything

A:Need Help Removing Scour (http://63.209.69.107, http://8.26.70.252)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 26 answers
RELEVANCY SCORE 73.2

Hi,

One of my sites had a virus (code injection) but I have managed to remove it.:

http://www.gavindouglasfashion.com/

However, on Google webmaster tools there is a message saying that it is still present on http://gavindouglasfashion.com/ (i.e. without the www. after the two slashes //)

Is anyone able to advise as to how I can resolve this as there is no virus present any more but I can't get a successful review from Google.

Thanks.

Read other answers
RELEVANCY SCORE 72.8

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - 69.42.67.204 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - 89.248.179.94 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers
RELEVANCY SCORE 68

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 68

Hi, A friend of mine gets an error when trying to connect to a website I host. If he types in www.website.com it says that the address is not valid. In the address bar it displays http:///?%20www instead of http://www. This only seems to happen when he tries to connect to my website. Other websites connect fine. I have run Norton, ccleaner and Spy Sweeper with no luck. Anyway, I saw someone else had a similar problem here and posted a HijackThis log. So heres his:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:26:29 PM, on 12/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS ... Read more

A:Getting Http:///?%20www Instead Of Http://www

Anyone?

Read other 2 answers
RELEVANCY SCORE 68

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?
 

A:What is the difference between 'http://www.**.com' and 'http://**.com

lagopi said:

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?Click to expand...

What's the point? THey both open Google.
 

Read other 2 answers
RELEVANCY SCORE 68

Running XP home and inadvertently typed:

http://http://abc.com or whatever
http://http://forums.techguy.org

In Firefox, I get redirected back to Microsoft (!) while in I/E, Opera, I get an error (as does a Mac system).

Why does Firefox redirect to Microsoft on this obvious error?

Just curious, yet puzzled Ivan
 

A:Double http://http://

For what it is worth, Mozilla also returns an error page. Seems obvious. But Firefox, the browser redirects me to Microsoft when I click on any double http, ie

http://http://google.com

Right back to Uncle Bill's. How come, Ivan
 

Read other 1 answers
RELEVANCY SCORE 66.8

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 66.8

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 65.6

Hi I have a case of my IE start page always heading to http://win-eto.com/hp.htm?id=9 (actually it didnt use to be 9, 543 i think) and there is no way i can change it. Also can't seem to sign in to hotmail anymore.Ive run Adware SE, Spybot, and ive also run my system through AVG virus scan. By removing most of it. When i restart my comp it seems to try to get on the internet to reinstall itself totally. And because of the AVG auto protect, Virus prompts of .DLL's continue coming up over and over and i tried to heal some of it, vaulted some it, deleleted some it and now i realize im screwing myself up even more since its bascially all the same thing. ( Ive shut it off now so that i dont get the endless prompts) SO this is my current Hijackthis Log after messing around. Logfile of HijackThis v1.99.0 Scan saved at 4:14:17 AM, on 12/21/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MPREXE.EXE C:\NAGENT\NSDUAGT.EXE C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\ESSNDSYS.EXE C:\WINDOWS\SY... Read more

A:Pls Help.http://win-eto.com/hp.htm?id=9 problem.

Please follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.Step 1:Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer.Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.SpybotAd-awareIf you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.When you scan with both programs, fix everything that it finds.When you are done with the scan and fixing the items. Please continue with the next step.Step 2:It is important that you run Spybot and Adaware before you proceed with this step. Fixing enties with Hijackthis may leave behind unwanted files on your computer if the previous step was not done first.Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.Download HijackThis from:HijackThis Download SiteSave this file into the directory you made previously and then run the program. Click on... Read more

Read other 1 answers
RELEVANCY SCORE 65.6

I have a problem with malicious adware and have generated a log using hijackthis:Logfile of HijackThis v1.98.2Scan saved at 16:05:58, on 12/12/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\WINDOWS\System32\x9vznxyjnmu9j7thd.exeC:\WINDOWS�... Read more

A:Problem with http://win-eto.com/hp.htm?id=9

Hello mandakiniparihar and welcome to BleepingComputer.New.net is an optional removal, but it's removal is highly recommended.Download LSPFix and unzip into it's own folder. If the next step leaves you without a functioning internet connection, you will need to run this.To remove New.net please go to Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.While you are in Add/Remove Programs, also uninstall the following if listed:Windows AdToolsIf you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.Note: Misuse of LSPFix can cause loss of internet connectivity. Do not use it if it is not required.You are seriously behind on Windows updates. If is important to keep your operating system up to date as this will help prevent reinfection. After we get you cleaned up here, we will discuss this further. We don't normally recommend running two antivirus programs together. The program I am going to tell you to install has been successful removing this particular variant in the past.Could you disable your current antivirus for now and go here to download the free version of Grisoft's AVG AntiVirus program. Install AVG AntiVirus, check for updates and scan your system allowing it to remove whatever it finds. D... Read more

Read other 1 answers
RELEVANCY SCORE 65.6

do you think you guys could look at my codes.
ive tried some of the stuff already posted an i think i might be missing something.
id appreciate assistance.
reply if youd like hijack this list. '
thanks.

~winmix
 

A:http://0ml.net/cat problem

Read other 16 answers
RELEVANCY SCORE 65.6

This url has taken over my computer despite running spybot, spysweeper, etc.

I do not have alot of experience with computers but would appreciate any attempts to help me.
 

A:http://0ml.net/cat problem

Read other 16 answers
RELEVANCY SCORE 65.6

I hope someone can help me out. I know it probably came from a previous virus or spyware program I once had, but now a few sites I try and visit repeatedly get "http:\\\%20www.ifcustom.com". I know the site works because I can view it on my roomates computer. I searched google for a while and came across IEFIX.reg program that supposedly solved the problem. But now when I try the site I get: "http://search.msn.com/dnserror.aspx?FORM=DNSAS&q=www.ifcustom.com"

I hope someone can help this madness come to a hault. Thanks.
 

A:http:\\\%20 problem

HIJACK THIS:
Try not to reboot
Currently the Spyware identified by the security experts and especially the morphing and breeding .exe`s in the new variants of CWS, after every re-boot required by Ad-Aware and Spybot etc, just spawns more and more files for the poster to find and delete. This is making the advice the security experts give just too hard to follow.
One of the security experts recently had one log with over a hundred files, they guy had to format c: drive.

Download and copy hijackthis to its own folder , it makes backups so keeping them separate and available can be useful.

Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

http://www.tomcoyote.org/hjt/
http://209.133.47.200/~merijn/downloads.html
http://www.thespykiller.co.uk/
http://www.majorgeeks.com/download3155.html
http://www.sherrylynn.us/privacypolicy (this has an older version 1.97 - if you can not get to any of the above sites)

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”.
Click on “Save Log” and then save it to NotePad.
Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this softw... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

I have Windows XP and when I run diagnostics, it says that it has a problem connecting to the HTTP, HTTPS, and FTP ports. Also, it states that it may be in part because of my firewall settings. I have looked at my firewall settings and they seem to be correct. Spyware Begone and Microsoft Security Essentials are my anti-virus software. My firewall is Microsoft Firewall. Can someone please help me?

A:HTTP, HTTPS, FTP problem

Some sites say to download firefox to see if it works, and it doesn't work for me. it says that the proxy server is refusing connections.

Help would be appreciated.

Read other 4 answers
RELEVANCY SCORE 64.8

I can go to HTTPS sites just fine but can not go to HTTP sites. When HTTP sites do load I get a lot of gibberish. Secure sites no problem, I have explored all settings to no avail. Any ideas? My outlook mail works just fine, the TCPIP stack is good, same problem with Firefox and Internet explorer. I know of two other instances this has happened on other machines. The other 2 machines the OS was reloaded. I would like to get to the heart of the problem. Every thing else on the machine works. Thanks..
 

A:Browser HTTP Problem

It is fixed, the latest Symantec anti virus software (version 2007) had a conflict with Zone Alarm Pro. Removing the Symantec left the registery corrupted and running the Symantec remove tool corrected and removed all reminents of Symantec from the registery. Another problem dealt with WinFax pro and Office Macros, once Winfax pro was removed this cleared the problem with Office. Enough is enough, I have gone with Bit Defender as their customer service is outstanding.
 

Read other 2 answers
RELEVANCY SCORE 64.8

Please I made the mistake of gettin this strange home page that won't go away. How do I get rid of this?

Logfile of HijackThis v1.99.1
Scan saved at 7:07:39 PM, on 2/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\mrtMngr.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Expl... Read more

A:http://0ml.net/cat problem...I need help Hijack This

dd1nonly2k, Sorry for the delay, but I've moved your log to the HiJack This section where one of our Analysts will peruse it and help to get you up and running again!

Read other 2 answers
RELEVANCY SCORE 64.8

every time I want to download file it just keep showing me the same downloading page again n again n it happen to all kinds of files(video,audio,...) i wait 52s to get the download link but when i click on the link to start downloading it just keep showing the same downloading page n the timer starts over again.....
what should I do?

how I can download from www.zshare.net?
 

Read other answers
RELEVANCY SCORE 64.8

when i used my new card i opened chat sites where i used to go regularly it didnt opened the answer came TCP CONNECTION FAILED HTTP CONNECTION FAILED all the sites except the chat sites opened but the chat sites didnt i contacted to my server but they said the fault is from ur s side what should i do to open that sites where would possibly be my fault help me out i will be thankful to u ok bye
 

A:http problem strange

Read other 6 answers
RELEVANCY SCORE 64.8

I open IE and it's my default page, I can't change that, etc. I get pop-ups like crazy, etc. It's all messed up. I have a fairly short HJT report, and I tried everything you said to try.

Logfile of HijackThis v1.99.1
Scan saved at 10:29:12 AM, on 10/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\MMediaCodec\isamonitor.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6B... Read more

A:http://isafetypage.com/ (Same Problem)

That's really your entire HJT log?

It's most unusual for there to be no entries after the O4s.

Read other 7 answers
RELEVANCY SCORE 64.8

Nice new popup problem. Ad-Ware and Spybot S&D been ran. Still popping up

here is log:

Logfile of HijackThis v1.99.0
Scan saved at 19:14:55, on 15/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
E:\WINDOWS\system32\msupd4.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atipta... Read more

A:http://searchmiracle.com problem

furyweb, welcome.

Please print this out and follow ALL these directions carefully and completely.

Save yourself a LOT of TIME and Frustration by doing a CLEAN install of WinXP as this is a NASTY infection and VERY hard to remove.

* Back up all important data
* Gather up all installation CDs
* Download a copy of ZoneAlarm and copy it to a CD
* Physically disconnect the system from the Internet
* Boot the WinXP CD or a DOS recovery diskette
* FORMAT the hard drive and re-install WinXP
* Enable the WinXP firewall on the Internet connection you will be using
Note: If this is not done the system will be infected by a virus/worm/trojan in a mater of minutes.
* Install WinXP Service Pack 2 and ALL Critical Updates
* Defrag the hard drive
* Install needed applications
* Defrag the hard drive
* Restore important data to the correct locations
* Install the prevention protection below and help your friends from being infected on the Internet.

"An ounce of prevention is worth a pound of cure."

Install the prevention protection on ALL User Account IDs.

Empty the Recycle Bin frequently.

Run CleanUp! as the Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.
http://cleanup.stevengould.org/
Then reboot to let it clean out what it found.

By the way, in order to improve Internet Explorer (IE) performance the Temporary(TIF)should be cleaned out periodically.
Also, it is a good... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

Hi, I'm using Win98

I can't seem to find the problem when I run HiJackThis...

I may have already deleted other useful **** but this still shows up everytime I scan.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
________________________________________________________________

This is the whole log:

Logfile of HijackThis v1.98.2
Scan saved at 9:40:01 AM, on 12/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:... Read more

A:http://213.159.117.134/index.php problem (Need help with log please)

Read other 6 answers
RELEVANCY SCORE 64.8

Hi all. It has been going swimmingly lately with no computer problems and relatively no one asking for my help and then BAM!!!!! I get a problem of my own. Here goes: When I type a URL into the address bar of IE 6 like this: www.yahoo.com, it goes nowhere. However, if it type the complete address of: http://www.yahoo.com, it works fine. No, it isn't really a big deal, but I'm lazy and don't care to type http:// everytime. And besides, when I'm surfing I usually lapse into a coma like state and don't remember to type http://, until that is I am not going anywhere. What a pain!!! Any ideas?
 

A:IE 6 - problem with not typing http://

Hi..if you type the address in the address bar with out http:// then press Ctrl and Enter at the same time..IE will type http:// and .com for you..works for me...
Click on help on address bar...tips of the day...worth a look..
 

Read other 1 answers
RELEVANCY SCORE 64.8

For several days I am having a problem with several pop ups when i browse the internet via IE or Firefox.The most usuall one of these is fp.pc-on-internet.com which prompts me to download and install a certain file and also my pc is running lower as it used to be since the start of the pop ups.Any kind of help to resolve this problem would be appreciated,i have windows xp,norton 2007 and i have also run a scan via Hijackthis and got the following results

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:52:15, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\vent... Read more

A:http://fp.pc-on-internet.com pop up problem

Read other 11 answers
RELEVANCY SCORE 64.8

Hello. I've run in to a bit of a problem with my machine and I'm having some problems getting rid of it. It started Friday night when I got infected with Antivirus Soft. I was able to get rid of that but now it seems as if I've got a problem with Tidserv. I've done a good amount of reading and have seen recommendations that range from "run these tools to fix it" to "reinstall you machine and be prepared for identity theft". I'd obviously much rather deal with the first choice.

I've decided to post on here as opposed to trying anything myself because I have no experience with this type of virus and most of the posts I've been reading are very user specific.

Symptoms:

I'm running Symantec Endpoint Protection. I'm seeing things in two logs. First is the Client Management - Security log. About 5 times every 10 minutes it's posting Tidserv intrusion prevention messages mostly all coming from firefox.exe. They go to random 91. or 85. addresses. The second set of logs I'm seeing are my Network Threat protection Traffic Logs which is blocking IPv6 traffic to to tune of 18 a second.

Your help would be greatly appreciated.

Thanks.
 

Read other answers
RELEVANCY SCORE 64.8

Hi, I contracted this virus at some point earlier today. Norton 360 repeatedly informs me that my machine is being attacked by the HTTP Tidserv and HTTPS Tidserv 2 issue. Ran a full norton system scan, but this failed to even locate the problem. Have attached the DDS output but the GMER program continually crashes, always at the same point, when it scans the directory called \Device\Harddisk\VolumeShadowCopy1. I properly followed the instructions for the use of this program.As a further symptom, Google Chrome browser has stopped working entirely and MSExplorer has intermittent redirect issues. I am also now seeing Blue Screen system memory dumps.Please help!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Alex Beavis at 18:37:55.55 on 01/07/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2045.761 [GMT 1:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcG... Read more

A:HTTP Tidserv Problem

Hello beavoboyWelcome to BleepingComputer ========================One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.If you choose to proceed please do the following=======Download TDSSKiller and save it to your Desktop.Right click on the file and choose extract all extract the file to ... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

i can only view websites when i type http:// before the www.... otherwise it displays a random search on http://103.nowfind.biz/pps.php
it has also added 4 porn sites to favourites

any idea how to get rid of all this? i've read some other threads and cant understand the procedures

i have run hijackthis and here is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:50 PM, on 1/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\tcpcheck.exe
C:\Vet\VetTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\udpcheck.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Karen\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Softwa... Read more

A:http://103.nowfind.biz/pps.php problem

Hello and Welcome to TSF, I'm Geekgirl

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

You have placed HJT in a Temporary location. Please move to a proper location before doing the fix.
(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DS... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

I have some problem with windows opening each time I go on internet with the title ~http://fp.pc-on-internet.com. I tried many things but no result so far. I have a hijackthis log file if you want to see.

Can someone help me please!!
Thx

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:10:40, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\iPod\bin\iPod... Read more

A:problem with ~http://fp.pc-on-internet.com

Please download Navilog1Right-click and Extract all to the Desktop
Double click on navilog1.exe to install
When the installation is complete, the tool starts automatically. (If it doesn't start automatically, please double click on the Navilog1 shortcut on the Desktop)
From the language menu, press E for English
In the next menu, type 1 to select Search and press Enter (Please wait for the Scan to finish (It may take a while)
Press any key as requested
The tool produces a document: fixnavi.txt

~~~~
Also download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Now, run HijackThis once again to obtain a new log.
However, since you are using the Beta version of HijackThis, please remove the version you have, and download the HijackThis Installer
Save to the Desktop.
Double-click on HJTInstall.exe to install the program.
A prompt appears showing that, by default, it installs to C:\Program Files\Trend Micro\HijackThis
Click: Install

Please use version 2.0.2 of HijackThis from now on.

~~~~
Please post the fixnavi.txt, the ComboFix.txt, and a new HijackThis log in your reply.

Read other 7 answers
RELEVANCY SCORE 64.8

hi i'm at my wits end trying to figure out why i keep getting this to pop up every time i try to log onto a website (normally i wouldn't care but this is my college's website and i do need it). i thought i'd post here to see if anyone has any suggestions.

hijack this log:

Logfile of HijackThis v1.98.1
Scan saved at 10:44:33 AM, on 8/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\GWMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsof... Read more

Read other answers
RELEVANCY SCORE 64.8

My internet has the following problem:
I cant open facebook or youtube with http. When I try, request times out.
all the time I want to open them I should change http >> to >> https. I know it's S stands for secure connection and thing but this is really annoying.
still It's simple to change http with https, but the most annoying part is, that all the external links I try to open from Facebook are opened with HTTP, like this :
Code:
http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DRQ5ljyGg-ig&h=SAQFjVP-_AQHPeSLtLXRD5fHpvggng9olROSkaihM9VfEBg&enc=AZPUnXfInCazM4cS0S9g9A9rlaH3tFGQvqlhlk8bfdRScNi7Bm8ZTMvZIYnIdrp2ZgaZ4p2Sb_9mv3cf_8F2PosL
So I had to change them with https too.

I have tried almost every browser: Chrome, Opera, Comodo, IE. It does same in every of them.

Last time I also discovered that my Live Messenger didn't connect also, when I 'Troubleshoot' the problem it says Problem is in- Key Ports. maybe this information also will help you.

any solutions?
Thanks in advance

A:Http > Https problem

BUMP BUMP

anyone? :s

Read other 1 answers