Over 1 million tech questions and answers.

Strange Firewall requests

Q: Strange Firewall requests

I recently got 3 firewall requests from these pieces of windows software:explorer.exedllhost.exeruntimebroker.exe all 3 originating from their proper folders. Why are they requesting firewall access?

RELEVANCY SCORE 200
Preferred Solution: Strange Firewall requests

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Strange Firewall requests

Can you tell us what firewall access these processes requested exactly?

Read other 2 answers
RELEVANCY SCORE 80

I recently got 3 firewall requests from these pieces of windows software:explorer.exedllhost.exeruntimebroker.exe all 3 originating from their proper folders. Why are they requesting firewall access?

A:Strange Firewall requests

Can you tell us what firewall access these processes requested exactly?

Read other 2 answers
RELEVANCY SCORE 78.4

I have the Zone Alarm firewall and I have been getting outgoing requests to IP sites that I have blocked since I do not think that these are good sites.

A few months ago I was somehow infected by a Smitfraud trojan and I blocked all sites mentioned in bulletins as those that this trojan might call. I still get outbound requests to some of these sites. I may have been infected by other trojans as well....sites that I have blocked too. (Cadux family perhaps??)

The sites in question are realsearch.cc, www.nymex.com (I may have been infected by a unvise32.exe trojan variant), www.topadwarereviews.com, ecjnoe3inwe.com, among others. Zone alarm allows you to put in a web address and find the IP address.

I have tried to protect my computer as much as possible. I put on IE-Spy-Ad, SpyBot, SpyBlaster, and I try to use Firefox. I previously had Norton Internet Security and I now use a different Antivirus program. I have done numerous online scans Panda (Activescan2, nanoscan), BitDefender, Kaspersky, Trend-Micro among others and my computer seems clean at present.

How can I find out what is triggering these outbound requests so that I can put a stop to it.. Somehow I must have gotton a file, trojan, or registry key that has activated this behavior.

I have traced the outbound IP address from my Zone alarm log (program log). Is the IP address necessarily bad or could another computer be accessing mine through using those IP addresses?

Please advise!! Thank you.
 

A:Strange Outbound IP Requests Blocked by Firewall

Maybe you should post a HJT log.
 

Read other 3 answers
RELEVANCY SCORE 57.6

I logged into MSN messenger tonight and had two people asking to be accepted on my friends list. I have never heard of either of them. Niko Lo Mas Mejor...[email protected]....and Liefde Is Een Plek Waar Je Niet Kan Krabben...[email protected].. Oh maybe I should have not put their e-mail addys on here because a bot may pick them up. Bad me. I suspect there intentions were not good. Anyone had a similar experience lately?
 

A:Strange Requests on Messenger

It could of been someone who found you on MSN's directory, but odds are those are in fact bots. I would ignore them.
 

Read other 1 answers
RELEVANCY SCORE 57.6

My firewwall is getting strange outgoing requests for net access from a Temp folder. I have run scans and have cleaned out temporary files but somehow something keeps trying to send data out.Log followsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 16:06, on 2008-10-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvraidservice.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Active SMART\ActiveSMART.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Log... Read more

A:Strange outgoing requests

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computerhttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dllhttp://www.bleepingcomputer.com/startups/c....dll-21047.htmlhttp://www.sophos.com/security/analyses/vi...ojagentgjr.htmlSince malware can change quickly, if you still have issues, please describe the symptoms, include any error messages word for word and a fresh HJT log.Thanks

Read other 7 answers
RELEVANCY SCORE 57.2

Please tell me how to configure the Windows Firewall to block, drop, and ignore ping requests!

A:Windows Firewall ping requests

For record:
https://social.technet.microsoft.com/Forums/windows/en-US/5bf17b89-e588-45ae-a7c2-34c1bf0bdf43/windows-firewall-how-block-icmp-echo-ping-response-?forum=w7itprogeneral
https://technet.microsoft.com/en-us/library/cc786463%28v=ws.10%29.aspx

Read other 27 answers
RELEVANCY SCORE 57.2

Please tell me how to configure the Windows Firewall to block, drop, and ignore ping requests!

Read other answers
RELEVANCY SCORE 56.8

Hi.
 
I help run a network, and have noticed a number of users devices hitting strange URLs - one for example is pasted below. All appear in the same format with a static IP and an encoded path. 
 
http://198.11.189.91/X%8E%5Ci%DF%1E%90%B4%A6%E4%02%5B%A3%D5%AC%A5%8C%11%BCOm%AB%0C%B5%B6%E1%08:%A5;h%B9%B2%06%BE%O%12i%FD%A6%87%D6%D3
 
For all of the URLs I've checked, they all seem to be operating a web server on port 2080, which is "Powered by wjas". I haven't found any useful information about this sort of web server

# curl http://198.11.189.91
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server. Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://198.11.189.91:2080/</td>
</tr>
<tr>
<td>Server:</td>
<td>aserver010103188140.et2</td>
</tr>
<tr>
<td>Date:</td>
<td>2016/09/20 19:33:57</td>
</tr>
</table>
<hr/>Powered by wjas</body>
</html>
Does anyone have any information about what type of server these clients are connecting to, or what the data is in the encoded str... Read more

Read other answers
RELEVANCY SCORE 56.4

Can log onto my ISP but then my IE6 won't open. Instead I'm getting download request windows - one refers to a missing file sp something or other. Tried reloading my netzero software since it links with IE but it isn't listed in the add/remove software list and if I try to just delete the file it says its write protected. Uninstall icon doesn't work either - says it can't find the file.

Here's my HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 11:57:37 AM, on 12/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\FRU\Remind32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 -... Read more

A:Can't access browser - getting strange download requests instead

I would suggest downloading Ad-Aware and Spybot Search & Destroy
Lifted this from $teve...follow these directions with these programs and repost a HJT log after you finish

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan itīs just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)
Now re-boot...

Then
Search & Destroy

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have ... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

Hello,I use Windows XP and Firefox is my default browser. Google searches have been redirecting to random sites.Also, since I have AVG (Free) firewall installed, I am getting unusual requests from new exe files to connect to the internet.I am attaching DDS and GMER logs with this post. Any help is appreciated.Thanks in advance.El Guapo.

A:Google/Firefox redirects, strange exe sending n/w requests

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 55.6

To cut a long story short, not long ago my system contained a virus; one of those fake antivirus programs. I ran combofix which sorted the problem. However, since then comodo firewall has been plaguing me with messages asking me that system or svchost.exe wish to receive a connection from the internet. Initially I accepted the first few connections, but since then I've been blocking every single one. Despite this a window pops-up every minute or so. It's beginning to become a real pain in the ***.

I'm strongly suspicious that my system is infected.

I read the before posting procedure and posted the dds log below and attached the attach log to this thread. I followed the instructions for gmer but twice it gave me blue-screen crashed during scanning.

Thank you for taking the time to read this post.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Colin Deane at 16:15:40.39 on 28/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2449 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\... Read more

A:[SOLVED] Firewall frequently makes connection requests. dds log attached.

Problem solved. Scanned my system and deleted necessary files.

Read other 1 answers
RELEVANCY SCORE 44.4

Hi,I'm having several issues with my AVG Virus/Firewall combo.First, after every Reboot I get the message that My firewall has stopped and that I am not protected. There is a long pause, maybe 5-10 sconds and after that the firewall shows as being active and acts (mostly) normal.This knd of worries me even though I test nightly with AVG and weekly with Bit Defender, Panda, and Housecall online scanners. Also use spybot SD regularly. I have never found anything other than the usual tracking cookies, etc.Occasionally the firewall will pop up at totally random times with a message that SYSTEM is trying to establish a connection with an outside site, which I don't allow, having not done anything to initiate this. I wrote down the external address that it is trying to connect with but have misplaced it .Also, for the last few days a message has been popping up that the firewall profile has changed and go's to the default, block all traffic, at which point the modem disconnects and I need to reboot to re-establish a connection. This has happened maybe 4-5 times in the pst 24 hrs.Here is my log.Logfile of HijackThis v1.99.1Scan saved at 2:03:15 PM, on 10/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\... Read more

A:Strange Firewall Behavior

Hi r.herkelmann,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 12 answers
RELEVANCY SCORE 44

Hey Gang,

I've been using Norton Firewall for over a year now, no problems. Within the last week I've changed to a DSL from a dialup connection, no issue with firewall.
But yesterday I upgraded to a new screensaver, Aquatica 3D and although the screensaver works fine the firewall is now preventing me from visiting sites I usually go to on a regular basis, like this one!!!

It even slows down or stops me from visiting my home page, Yahoo.com.

When I disable the firewall, everything runs smoothly.

Does anyone have any ideas?

Thanks,
HULK
 

Read other answers
RELEVANCY SCORE 44

Hi, I hope you can help me out here. My PC has just begun behaving really strangely, with either my PC or Internet Explorer having to shut down intermittently, various warnings when I start up my spyware / virus programs "Spybot has been changed since last used. As Spybot does not change itself, we strongly recommend scanning for malware / viruses". I also noticed that my Commodo Firewall had been uninstalled. I've scanned with Spybot / Adaware / AVG Anti Virus & all have come up clean. I've attempted to scan with Trend Micros' Housecall, PandaSoft Onine AV scan and Kaspersky's online scanner & Internet Explorer always shuts down before the scan completes. I'm sure I'm infected with something, but need help to identify what & to get rid of it. I've attached a Stinger Scan here :-McAfee? Stinger Version 3.8.0 built on Sep 10 2007Copyright ? 2007 McAfee, Inc. All Rights Reserved.Virus data file v1000 created on Sep 10 2007.Ready to scan for 191 viruses, trojans and variants.Scan initiated on Sun Jan 06 19:48:54 2008 Number of clean files: 337532and a HJT log here :-Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:42:56, on 06/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDO... Read more

A:Pc & Ie 7 Shutsdown/strange Warnings/firewall Gone

Welcome to the BleepingComputer HijackThis Logs and Analysis forum SteveB1My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use ... Read more

Read other 11 answers
RELEVANCY SCORE 44

I just saw this entry in my sunbelt kerio firewall, does anyone know what this is for?
Thanks

documents and setting\name\local settings\temp\is-ioqaj.tmp\is-f1itl.tmp?

I also have this one:

is-Op9rl.tmp\sssetup.tmp (with all the above ahead of it)
 

Read other answers
RELEVANCY SCORE 44

Hi,

My Kerio Personal Firewall 4.0.16 has blocked several incoming connections.
Here are some of them- I have checked these IP's with whois, and they are located in different countries, and belong to some companies or network coordination centres totaly unknown to me:

Direction: incoming
Local Point: , port 8
Adapter: Verat
Remote Point: 79.0.97.1 [79.0.97.1]
Protocol: ICMP
RuleId = 134217749

Direction: outgoing
Local Point:
Adapter: Verat
Remote Point: 224.0.0.22 [224.0.0.22]
Protocol: 2
RuleId = 134217749
Direction: incoming
Local Point: , port 8
Adapter: Verat
Remote Point: dv01.tomasini.de [217.160.187.217]
Protocol: ICMP
RuleId = 469762069
Direction: incoming
Local Point: , port 8
Adapter: Verat
Remote Point: 0x503e2392.arcnxx12.adsl-dhcp.tele.dk [80.62.35.146]
Protocol: ICMP
RuleId = 536870933

Can anyone give me some explanation- why my computer is trying to connect (send or receive) data to these addresses.

Thanks!

Kuk
 

A:Firewall blocks strange connections

Read other 7 answers
RELEVANCY SCORE 43.6

Thanks to a very helpful user here I discovered a problem I was having with my firewall (ZoneAlarm) preventing my network from working.

I have a laptop on a wireless connection to my DSL router. If I use the laptop after reboot, I can connect to the internet. If I just close the lid and come back to the machine, it will randomly be unable to connect to the internet without a restart.

But, sometimes, after my first IE window times out, I can open a second one and it'll connect fine. Sometimes. After a few days, I almost always have to reboot.

Since setting up my file sharing with my desktop, I've noticed a new issue: now when IE times out after trying to load a page, the laptop will bring up the modem dialer; it will also say that I need to connect to the internet. This didn't happen prior to setting permissions in Zone Alarm.

I'm guessing there's a setting within ZoneAlarm that will allow me to connect to the internet freely from the laptop, but I don't know exactly where to look. Any ideas? Or is there a way to refresh an internet connection on wifi?

Many thanks!
 

A:Solved: Strange network dropouts -firewall?

"If I just close the lid ..."

Wanna give us a hint of what closing the lid does? If hibernate or standby it will take a few moments for the wireless adapter to reconnect and it will not always be successful.

"After a few days, I almost always have to reboot."

If you use your PC sparingly, turn it off between uses. If you use it a lot, reboot daily to keep it "fresh."
 

Read other 3 answers
RELEVANCY SCORE 43.2

Hello everyone,
I recently did a teamviewer session with a person. After that day, a teamviewer process would show up on my firewall as i started windows showing the name of a "macbook.XXX". I uninstalled Teamviewer but still this "MACBOOK" shows up in "windows host processes" when i start my computer. This person confirmed me he has a MacBook so I am pretty sure this is related to that teamviewer call. How do I fix this? And why does it make that connection when I start my laptop? Here is a screenshot of what happens.
 
http://imgur.com/a/lu8IE
 
 
The first in the list is the macbook i am referring to, the second in the list fully deleted is the name of my laptop.
 
what is happening?
thank you in advance for your help

A:strange host service in Glassdoor firewall after TW session

I would suspect this shows as one of the exceptions added within the "Firewall" tab of Glasswire? If you never intend to use it again, you can click on the 'grey flame' icon on the left to block it, if it being there concerns you.

Read other 1 answers
RELEVANCY SCORE 43.2

Hello everyone,
I recently did a teamviewer session with a person. After that day, a teamviewer process would show up on my firewall as i started windows showing the name of a "macbook.XXX". I uninstalled Teamviewer but still this "MACBOOK" shows up in "windows host processes" when i start my computer. This person confirmed me he has a MacBook so I am pretty sure this is related to that teamviewer call. How do I fix this? And why does it make that connection when I start my laptop? Here is a screenshot of what happens.
 
http://imgur.com/a/lu8IE
 
 
The first in the list is the macbook i am referring to, the second in the list fully deleted is the name of my laptop.
 
what is happening?
thank you in advance for your help

Read other answers
RELEVANCY SCORE 43.2

My problem is sometimes during the day, at different times, I can't get online unless I disable Norton Firewall 2001. I'm usng it with Norton System Works 2003 and NAV 2002

I don't know what causes this, I've never seen it before. I'm using Win98Se, Qwest DSL, IE6.0 and Yahoo.com as my email service.

After a few hours the problem dissappears and I can go back online with a firewall.

Any ideas?

HULK!
 

A:Solved: Strange Norton Firewall Problem with Qwest DSL

Finally got ahold of QWEST and they said DSL already came with a firewall..Case Closed
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hello, recently i noticed that out of nowhere, my internet was going very slow; loading pages at a very slow pace, and basically 'choosing' when it wanted to load the pages or not. Just some really strange behavior. I ran a full scan and boot time scan about a month or two ago, and it detected an incredible amount of infected files, in the range of about 1,000 - 10,000. Many of them were some type of google update files, folders with crazy amounts of letters and numbers in their name between curly braces '{ 8sdfkjsdf8...etc,etc}'.
 
After quarantining and delting these, the internet problems seemed to dissapear. But ofcourse they come back. A few days ago i ran a boot time scan and it detected about 3,000 viruses. Again, these were mostly those strange google update files/folders. Here is the DDS.txt:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.5.0
Run by David at 11:27:40 on 2013-10-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2038.947 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe... Read more

A:Strange files, errors, unable to turn on windows firewall

Hello Dankaru, and welcome to Bleeping Computer!
My name is bloopie and I'll be helping you with your problems as best I can! A few things to keep in mind while we are working together:
If you have since resolved the original problem you were having, I would appreciate it if you let me know.
If you are unsure about any of the steps just post what you can and I will guide you!
Please tell me if you have your original Windows CD/DVD available.
Please copy and paste all logs here unless otherwise instructed!
Upon completing the steps below I will review your topic an do my best to resolve your issues.
Please do not run any other tools without my instruction to do so!
==========
Now, I must warn you...the reason these detections keep coming back is because your machine is infected with the ZeroAccess rootkit:One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely comp... Read more

Read other 10 answers
RELEVANCY SCORE 41.6

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SteeL at 16:27:38 on 2011-12-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.4094.2360 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:&#... Read more

A:Please help, cycbot.b infection, firewall not working. Some strange proxy settings keep coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432052 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 36.4

I don't know if this should go here or elsewhere but I am attempting to find a new gamertag for my xbox profile on the xbox.com account management page. After I make 20 or so checks for availability an error shows up below the input field saying an unexpected
error has occurred. This message does not stop showing up unless I wait a couple days which makes finding a new name very difficult. Am I being blocked by the server or is this another issue?

Read other answers
RELEVANCY SCORE 36.4

i cannot enter captcha on any site as i cant see it for some reason i have attached few images which shows the cause of my problem.i have scanned my pc with multiple antivirus but nothing found."]3rd image is tested using Ubuntu but of no use. hope some one can help me as i found no solution for my problem which is causing problems in registering on various sites.i can enter captcha on very few sites eg. - YouTube.but it also says too many request from my network.thank you.

A:too many requests but from where??? help!!!!!!!

Hmm, have you tried clearing you cache?

Read other 4 answers
RELEVANCY SCORE 36

Hi there all,

I am using a Vodafone 3G Modem om my pc, however I cant send receive USSD commands .. is the software that you can direct me towards that I can use. I am using the Cell C Network in South Africa. I have searched on the net and most of the stuff I find simply doesnt work. If possible could someone assist me wit this request? Just a nice & simple interface that actualy works.
Kind regards

Read other answers
RELEVANCY SCORE 36

I set up family safety for my 12 year old daughter, and ticked all the apps she can use freely. Every time she logs on the computer it pops up little messages telling her to request permission to use all the apps that I didn't give her access to. It's very annoying, so how do I stop it, other than the obvious but unhelpful step of letting her access everything?

A:Permission requests

Hello Andy, and welcome to Eight Forums.

The apps that are checked are the ones that are blocked instead. Only the unchecked ones are allowed.
Family Safety App Restrictions - Set and Manage in Windows 8
When you get a request to allow an app and either allow or block it as per the tutorial below, you and the user should not see the messages for that app anymore.

Family Safety Requests - Send and View in Windows 8
Hope this helps for now,
Shawn

Read other 1 answers
RELEVANCY SCORE 36

pl plllllllllllllllllll help
its urgent as my windows is showing stop screen error
i hav done antispyware scanning an then it asked for reboot i said yes an wen i started da windows its saying multiple irp requests
i cant even uninstall antispyware in safe mode as it is sayind windows installer is not proper pl reply soon..........

A:multiple irp requests

Hello and Welcome to TSF

You should have been patient and let the security team in the Hijackthis forum help you remove your infection, improper removal has caused your issue.

Use System Restore to a previous date to see if you can at least access windows in normal mode, then Look over the First Steps at Removing Malware and post the logs requested in the thread you started over in the Hijackthis forum.

Read other 1 answers
RELEVANCY SCORE 36

Well, when I installed IE8, it requested to run add-ons on websites:On some web-sites I ran this add-ons:but, when I run add-ons IE displays Security Warning:I have already installed Adobe Flash Player 10 ActiveX and Adobe flash player plugin, but I think one of them is Opera's Which of them should I run? Run add-on on each website or run add-ons on all websites?

A:IE 8 requests to run add-ons on websites

You can safely run Adobe flash player. That warning is just to let you know that this add-on was already there and asks you to confirm that you want to run it.
Its up to you if you want to decide for every site apart with flash-content if you want to run it or if you want to enable it for all sites. Its no security risk to allow it for all sites.

Read other 5 answers
RELEVANCY SCORE 36

It's time for me to replace my old HP 200LX, and I can't seem to find a PDA that is suitable. Here are my search criteria:

I am 50 & my eyes aren't as good as they used to be.
I need a decent sized display (Palm Pilot types are
too tiny).

Besides the usual PDA (calendar, contacts, etc.), I want
to be able to run some Excel spreadsheets. My spread-
sheets can be robust, so I prefer a landscape display,
not the portrait shape of Palm Pilot type PDAs). Bonus
points for syncing up with my Quicken on my PC.

Connecting & syncing with my Windows PC is a good
idea. This device should augment my PC, not replace it.
(I do use MS Outlook).

My handwriting is horrible -- I need a keyboard, but
the keyboard can be small -- I don't mind hunting &
pecking on the PDA. I also don't mind navigating with
arrow keys.

Ideally, I'd like something about the size of a paperback book. I don't want a full sized laptop -- laptops are a bit big & too expensive. Finally, it would be nice if the device had modern conveniences, like ability to play MP3 files, surf the net, play some basic games, etc. I also wouldn't exclude from consideration any PDA / cell phone combination (although I don't have/use a cell phone yet).

Thanks in advance.run some Excel spreadsheets
 

A:PDA Recommendation Requests

Read other 6 answers
RELEVANCY SCORE 36

Please read this carefully before posting.
The idea:
This thread is meant to collect user's request of new features to add to Windows 7, or to bring back features that were taken out since XP / Vista, and are sorely missed.
The idea is to create a list that MS might want to take a look at.
For this to have a chance, we need to keep the thread clean, and free of unnecessary comments and discussions.
So we need a set of rules.
The rules:


   Information

1. No rants, no debates or discussions, no personal comments, no reactions to other posters, no MS bashing, period!

2. Maximum of 10 lines. So make sure your post is clear and to the point.
One or two words more won't matter, but don't push your luck.

3. Posting of screenshots is allowed to clarify your point.

4. No utopian requests, keep it reasonable.

5. Double posts and posts with features already requested by others will be deleted.

6. Adding a reason why you want it is allowed, but remember the 10 line rule.

7. If a user posts a problem that can be fixed, no help allowed other than saying poster should open a thread about his problem.


   Warning

Not complying with these simple rules, will get your post removed.


   Information

1. Please examine the list to see if your request is already there.

2. Please think about what you're requesting is a good thing for less knowledgeable users.
Example: Making editing the context menu easier, could lead to u... Read more

A:Requests to Microsoft.

A small (IMO not needed) but greatly requested feature reinstated. Put back the wireless icon activity in the tray of the Superbar

Read other 9 answers
RELEVANCY SCORE 36

Is there a place that we can leave feedback or requests for the ATA product?

There are a few things i would like to see changed.  

1.  Alerting
We get alerts during backup windows that the ATA cant keep up but it doesn't seem to have anything to do with CPU or RAM.  In addition, we have no users in the system at that time so i find it very hard to believe
that this is true.  I would like to set time windows where we can exclude these alerts or maybe thresholds where if it is seeing that for 5 minutes, 10 minutes etc.
2.  Email Audience
I would like to be able to say these types of emails go to this distribution list and those go to another so that we keep the number of alerts the team gets down a bit.  
3.  Suspicious Activity
When we get an alert warning of suspicious activity and click the link to take a look, the first thing you have to do is answer whether it is normal or not, but we cant click the link to see the suspicious activity unless
we open the excel file in the email.  This should be adjusted.  

Read other answers
RELEVANCY SCORE 36

I'm a programmer, and installed wireshark on my xp machine to do some tcp/ip work. I noticed, even with no programs running I get a constant stream of dns requests to my routers ip.

the requests look like this:
46189 3959.607565 192.168.2.2 192.168.2.1 DNS Standard query PTR 4.160.15.219.in-addr.arpa

46247 3991.834562 192.168.2.2 192.168.2.1 DNS Standard query PTR 210.168.161.188.in-addr.arpa

46201 3972.852314 192.168.2.2 192.168.2.1 DNS Standard query PTR 20.71.103.82.in-addr.arpa

and the responses look like this:
46212 3985.801191 192.168.2.1 192.168.2.2 DNS Standard query response PTR WL.hsd1.fl.comcast.net

46206 3980.680231 192.168.2.1 192.168.2.2 DNS Standard query response PTR pool-173-67-9-33.bltmmd.fios.verizon.net

46199 3968.951943 192.168.2.1 192.168.2.2 DNS Standard query response PTR c-75-70-255-177.hsd1.co.comcast.net

From what I can gather, the requests all look like home isps. There also seems to be a lot of foreign countries like .br and .jp a lot. Has anyone seen anything like this before?
 

A:weird dns requests

welcome to TSG

have you googled all those names? there seems to be no warnings about them
 

Read other 1 answers
RELEVANCY SCORE 36

The network that I am currently trying to patch up is peer to peer with about 20 machines (win 98 and nt workstation). The company is not willing to switch to a server based configuration at this point. However I am trying to do as much centralized administration as possible.
I want to be able to view the connections (net watcher) to any given computer on the network from one 98 machine. It was easy to set this up on all of the 98 machines, how can I view this information on the nt boxes from the 98 machine. When I try to access the nt machines with net watcher it tells me that the computer does not accept remote requests. If this is not possible can you tell me how to view this information on all of the nt boxes from one nt box.

Thanks,
Monty
 

Read other answers
RELEVANCY SCORE 36

I certainly appreciate your position. Indeed you are correct that I originally posted a request for assistance on another forum. After getting a reply from another user on that forum and nothing from the moderators for 2 days I decided to post on your site/forum...thinking that the user reply had suggested to the moderators on the other site that I was already receiving assistance.I have since received a request for my HJT log and info files from the other site so I will rely on them for assistance, My apologies for any confusion this may have caused. It was not my intent. More it was my misunderstanding of how these forums work.Thank you again and again, my apologies for duplicate postings. It was not my intent to over-tax either forum. I was simply getting impatient and after some reading thought erroneously that the user reply to my original post suggested to them that I was already receiving assistance when I was not.

A:Multiple Requests for help

This thread will now be closed since the issue seems to be resolved.If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Read other 1 answers
RELEVANCY SCORE 36

I suspect some kind of phishing bug but I am not sure what might cause this issue.
In the 17 years since I started using a computer I have gotten only a few requests to log into the server when I opened my email client. It has been more than a decade since I saw one.
In mid October this happened randomly and I ignored it. Instead I opened my properties folder and checked each tab and closed it. Then I was able to get my email.
After that I think the next day maybe a couple of days later it came back only this time it wouldn't let me get my email when I checked the properties. I ran an MSE scan and it seemed to fix the problem.
Then a week later the same thing happened. This time checking properties and doing an MSE scan had no effect. I was able to send a test email but I did not receive it. I ran an ESET online scan. This seemed to "fix" whatever was causing the log in request. Since about 28 Oct until today there was nothing then this morning it has come up again with a twist; When I check the properties folder my user name and password lines were blank!
I am running an MSE scan and ESET is on deck to run right after. I feel like I am getting a bug from somewhere that is raising a false need to log in so that my password can be gotten. IDK ?????
 

A:Suspicious log in requests

Read other 7 answers
RELEVANCY SCORE 36

Hello I am looking forward to an updated P72!! Some features I would like to see added vs P71: HDMI 2.0a support and DP 1.44k touchscreen option and a precision stylusTablet mode like the yoga hasHDR optionGsync external and LCD variable refreshUHD optical drive option10GB Ethernet or the interim 2.5/5Gb would be fineLatest WiFi standard .axtitanium to reduce the weightintel real3d camaracamera mechanical cover

A:P72 and features requests

Agree with all suggestions. Hoping for pen digitizer support mostly as I have the P51 version with digitizer presently.

Read other 8 answers
RELEVANCY SCORE 36

O2 - BHO: (no name) - {cd6caa5d-7035-43dc-abea-a89090a098fd} - C:\WINDOWS\system32\boheyuje.dll
O4 - HKLM\..\Run: [kagizoriha] Rundll32.exe "C:\WINDOWS\system32\kuririme.dll",s
O20 - AppInit_DLLs: C:\WINDOWS\system32\rirebuva.dll

The above lines from hijackthis seems suspicious and is persistent (returns after deletion). I think they are linked to the problem I am having with kasperski detecting requests to get to the address 77.74.48.105 to download what it thinks is malware from programs IE and win 32 services. It may even be causing my IE7 to not function once opened (currently using firefox).

A:PC slowdown; requests to 77.74.48.105

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, f... Read more

Read other 3 answers
RELEVANCY SCORE 36

hello mates... i am facing problwm from few days back that when i send request then i get a message i forgot.. can any one plz help me?

A:MSN requests problem

plz help me frieds..

Read other 2 answers
RELEVANCY SCORE 36

this keeps coming up day in day out and it's getting o be a pain

pic of IRQ's from device manager attached

is there a fault/issue with any?
 

A:Multiple IRQ Requests

This May Help
http://forum.notebookreview.com/showthread.php?t=54401
 

Read other 1 answers
RELEVANCY SCORE 35.6

Recently I am seeing these pop up's for updating.   Are they safe? 1.  Evernote 2.  7-Zip 3.  Out of date driver detected How do I know when a pop up is safe to download? thankyou  

A:do not recognize update requests that pop up

> Recently I am seeing these pop up's for updating.   Are they safe?> 1.  Evernote> 2.  7-Zip> 3.  Out of date driver detected> How do I know when a pop up is safe to download? They are "safe", but they are commonly called 'PUP' (Potentially Unwanted Programs). Chances are that you do NOT need any of these programs on your computer. Also, some of these 'PUPs' will ask you to "pay for a subscription".  Do not! I would access "Add/Remove Programs", click to select each program, and click "uninstall".  

Read other 1 answers
RELEVANCY SCORE 35.6

On a notebook (XP Home SP3 Polish), on which I've used Firefox for a long time, all attempts to go to e.g. www.xxxxx.com now lead me to api.mybrowserbar.com/gci/errors/......................www.xxxxx.com............... and a "Cannot find the server" error message. Googling on another machine produces alternative suggestions that a) some kind of malware is at work (possibly introduced by pdfcreator, which I've never used) - I've run Malwarebytes' Anti-Malware and SuperAntiSpyware and found and killed one item - or that b) this is something dumped on the machine by Dealio Toolbar, a Yahoo Add-on, which it's easy to install by mistake. I killed Dealio Toolbar and Yahoo Toolbar yesterday, after it had been on the machine, unwanted, for some time. The problem persists. I've uninstalled Firefox and installed a new 3.5.2 downloaded on another computer. No change.

I have no problems of this kind with a desktop, which I've just been told by Malwarebyte's product has lots of malware on it, or with a netbook connected by WiFi to a D-Link router.

Has anybody got any ideas?

A:requests for pages go to api.mybrowserbar.com

It looks like your computer is still infected. Please follow these instructions and start a new thread in the Virus/Trojans/Spyware forum where an analyst will help you as soon as possible.

Read other 1 answers
RELEVANCY SCORE 35.6

I don't know if I have a malware problem or not. I know enough to know that I don't know enough about hijackthis. So, if someone with the knowledge will take a look at the hijackthis file below and let me know what I should do, It will be much appreciated.

Thanks in advance,

karic123

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:39 PM, on 2/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ... Read more

Read other answers
RELEVANCY SCORE 35.6

Hello All,
My computer keeps telling me to install a driver on a brand new M-Audio Keystation 49es Midi controller, that is advertised as a "plug and play", class compliant device. Have the same problem with a Casio CDP120, also advertised as class compliant. How do I tell the computer that these devices do not need a driver? No drivers exist for these products. I am trying to access the virtual instruments feature in Pro-Tools 11.1., which worked fine till I went to 8.1. Does anybody have a fix?
Thanks in Advance!
TonyAmadore

Read other answers
RELEVANCY SCORE 35.6

One of my user accounts is not receiving meeting requests in Outlook 2003. From the sender's computer they seem to be going through but the attendee never receives them?

Any suggestions on a resolution?
 

A:Outlook Meeting Requests

If they are using contacts have them refresh the e-mail address for this person.
 

Read other 2 answers
RELEVANCY SCORE 35.6

Hello have an old acer F6 and installed XP from disc  with a view to using it for games so have not connected it to the internet,however every time I power up and log on I get a "lets activate XP" message.Anybody know how to disarm this requirement in windows please. Have trawled the web and tried various fixes but none have worked and the day counter keeps counting down so its looking like a de install,re install every 30 days.Greatfull for all advice. thanks Ally 

A:persistant activation requests

ally,
 
There is a method to activate by phone if you do not have Internet access.

Read other 3 answers
RELEVANCY SCORE 35.6

I am using below code to validate the text in the textboxes. And when i enter the text in that textbox, immediately web service calls and returns the response and based on the response the cursor will move to respected Amount text box. Here , i am getting the
alerts in Google chrome, regarding that entered account is invalid or inActive,,etc but the same code is not working in IE. 

And i need one more help i.e, We've totally 7 textboxes, if the user is entering the text in the 7th textbox if the above textboxes are empty ,, we need to display the alert message like ,, please enter the text in the 1st or 2nd, 3rd,..etc empty text box.

I've written the code for the same as well but it's displaying the alerts twice even the above textbox has the values..



 function AccountData(txtseq) {

        var acc;

        var accountno = "";
        var textbox = "";

        if (txtseq == "Acc1") {
            accountno = document.getElementById('<%=Acct_Number1.ClientID%>').value;
            CheckForValidAccountNo(accountno, document.getElementById('<%=Acct_Number1.ClientID%>'));
        }

        if (txtseq == "Acc2") {
            accountno = document.getElementById('<%=Acct_Number2.Cl... Read more

Read other answers