Over 1 million tech questions and answers.

Help: Slow comp, missing address bar and weird chinese popup

Q: Help: Slow comp, missing address bar and weird chinese popup

Hi im looking for someone who could analyze my HijackThis log. It said that i have a lot of hijacked domain and it requires me to delete the said "01 host files" in my C:/WINDOWS/System32/etc/hosts. . The problem is I notice that my address bar or the bar where i could type the destination is missing and I can't seems to fix it. Other symptoms I've experience in my comp is that I keep having those weird chinese popup ads and my comp seems to slow down as I connect to the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:15 PM, on 12/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\GuideMan\GMSoft.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\RSBS PROPERTY\My Documents\boom's stuff\ATF-Cleaner.exe
C:\Documents and Settings\RSBS PROPERTY\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kzxf.net/?x
R3 - URLSearchHook: (no name) - _{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: survey88.allyes.com
O1 - Hosts: adtaobao.allyes.com
O1 - Hosts: code.qihoo.com
O1 - Hosts: union.mop.com
O1 - Hosts: js.kkunion.com
O1 - Hosts: v.kkunion.com
O1 - Hosts: v.21cn.com
O1 - Hosts: iplusms.allyes.com
O1 - Hosts: mms.t2t2.com
O1 - Hosts: ivr.dobig.net
O1 - Hosts: www.u8u.com
O1 - Hosts: u.u8u.com
O1 - Hosts: img.zhangxiu.com
O1 - Hosts: tl.linktone.com
O1 - Hosts: channel.e78.com
O1 - Hosts: u.7town.com
O1 - Hosts: union.95ol.com.cn
O1 - Hosts: mms1.95ol.com.cn
O1 - Hosts: mfs.95ol.com.cn
O1 - Hosts: tl.a8.com
O1 - Hosts: ad01.a8.com
O1 - Hosts: u2.caiku.com
O1 - Hosts: mms.caiku.com
O1 - Hosts: code1.caiku.com
O1 - Hosts: pub.lele.com
O1 - Hosts: u.lele.com
O1 - Hosts: 7town.com
O1 - Hosts: tvsend.7town.com
O1 - Hosts: ivrsend.7town.com
O1 - Hosts: tlt.7town.com
O1 - Hosts: gsend.7town.com
O1 - Hosts: smssend.7town.com
O1 - Hosts: mmssend.moyu.com
O1 - Hosts: 91ivr.com
O1 - Hosts: myad.91ivr.com
O1 - Hosts: u.91ivr.com
O1 - Hosts: union.91ivr.com
O1 - Hosts: cm.p4p.cn.yahoo.com
O1 - Hosts: un.265.com
O1 - Hosts: union.qq.com
O1 - Hosts: view.aliunion.cn.yahoo.com
O1 - Hosts: union.narrowad.com
O1 - Hosts: ln.heima8.com
O1 - Hosts: www.fboat.cn
O1 - Hosts: cpro.baidu.com
O1 - Hosts: unstat.baidu.com
O1 - Hosts: y.cnxad.com
O1 - Hosts: www.ewowo.com
O1 - Hosts: template.union.163.com
O1 - Hosts: new.is686.com
O1 - Hosts: creative.unionsys.bolaa.com
O1 - Hosts: www.qyule.com
O1 - Hosts: 99e.cc
O1 - Hosts: www.91ivr.com
O1 - Hosts: mg.ukaka.com
O1 - Hosts: kooxoo2.ad4all.net
O1 - Hosts: www.8fff.com
O1 - Hosts: union.pomoho.com
O1 - Hosts:
O1 - Hosts: www.end123.com
O1 - Hosts: w1.7clink.com
O1 - Hosts: w2.7clink.com
O1 - Hosts: union01.com
O1 - Hosts: click.8le8le.com
O1 - Hosts: stbanner.allyes.com
O1 - Hosts: mms1.moyu.com
O1 - Hosts: u.moyu.com
O1 - Hosts: mmsu.moyu.com
O1 - Hosts: show.moyu.com
O1 - Hosts: ivrsend.moyu.com
O1 - Hosts: ivru.moyu.com
O1 - Hosts: ivr1.moyu.com
O1 - Hosts: corep.dmcast.com
O1 - Hosts: m081.dmcast.com
O1 - Hosts: dcww.dmcast.com
O1 - Hosts: renren.dmcast.com
O1 - Hosts: files.henbang.net
O1 - Hosts: bannerbox.cn
O1 - Hosts: www.bannerbox.cn
O1 - Hosts: action.coopen.cn
O1 - Hosts: u4.sky99.cn
O1 - Hosts: u1.sky99.cn
O1 - Hosts: u2.sky99.cn
O1 - Hosts: u3.sky99.cn
O1 - Hosts: sky99.cn
O1 - Hosts: u.sky99.cn
O1 - Hosts: u.ete.cn
O1 - Hosts: ip.alexaanywhere.com
O1 - Hosts: www.365tan.com
O1 - Hosts: www.winopen.cn
O1 - Hosts: www.tanip.com
O1 - Hosts: alexaanywhere.com
O1 - Hosts: jssb.alexaanywhere.com
O1 - Hosts: ns250.alexaanywhere.com
O1 - Hosts: sb.alexaanywhere.com
O1 - Hosts: ip.alexaanywhere.com
O1 - Hosts: pop.9v.cn
O1 - Hosts: xuni.myad.cn
O1 - Hosts: iebar.t2t2.com
O1 - Hosts: error.newcell.cn
O1 - Hosts: auto.search.msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\System32\ef71.dll
O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
O2 - BHO: (no name) - {A0CB0C8A-BA9D-4B91-B659-5A6556C6F477} - C:\Program Files\scNine\Boos.dll
O3 - Toolbar: (no name) - {70969795-AC9C-4116-94A9-BE5383549A0E} - C:\Program Files\scNine\scNine.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows SSL File] winssv.exe
O4 - HKLM\..\Run: [Rout111] serv454.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tblgloqg] C:\Program Files\Ivpd\Lozq.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exE
O4 - HKLM\..\Run: [scNine] C:\WINDOWS\windates.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [gmsoft] C:\Program Files\GuideMan\gusetup.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kawdcaz] C:\WINDOWS\system32\kawdcaz.exe
O4 - HKLM\..\RunServices: [Rout111] serv454.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] hpazlhehx.exe
O4 - HKCU\..\Run: [Windows SSL File] winssv.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [Rout111] serv454.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Offices] msnmgd32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - HKLM\..\Policies\Explorer\Run: [w4m2ce] rundll32 "C:\WINDOWS\Downlo~1\w4m2ce.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [w3i4] rundll32 "C:\WINDOWS\Downlo~1\w3i4.dll",Run
O4 - HKCU\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Windows SSL File] winssv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows SSL File] winssv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows SSL File] winssv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows SSL File] winssv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - DefaultPrefix: http://searchnine.cn/response.php?search=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-...5.cab?fgiocv=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB68D92A-7A91-4784-A719-2361CFC74347}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB136EDD-AB4B-4DCF-811A-573705C96132}: NameServer =,
O20 - AppInit_DLLs: kvdxskma.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Hhqclf32.dll (file missing)
O21 - SSODL: G0EBICIH - {3D4F05BA-0BD9-29C9-13C0-4C7538BA022C} - C:\WINDOWS\System32\Jofdqc32.dll (file missing)
O23 - Service: 309A17B - Unknown owner - C:\WINDOWS\System32\5F2C37EA.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetWork Service (nkserv) - Unknown owner - c:\program files\common files\system\serv.exe (file missing)
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Advanced Manager (wamer) - Unknown owner - C:\Program Files\Microsoft Office\SYSTEM\dodolook_7493.exe

End of file - 20546 bytes

Any help would be nice. Thanks

Preferred Solution: Help: Slow comp, missing address bar and weird chinese popup

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Help: Slow comp, missing address bar and weird chinese popup

We will need to get Service pack 2 later so I need this info....

Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please.



Download Download SDFix from here and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


This will help to identify any malware on your system.
Please download Combofix from any of these locations:


Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

Read other 1 answers

my computer has been going a bit slow, and i have gotten some weird error messages when i do some things, avg did say i was infected but i dont know if i got rid of anything.
unfortunitly, I didn't copy and paste any of the weird error messages...
heres my HJT log, thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:25 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\AVG\AVG8\avgr... Read more

A:help,comp slow, weird error messages.

please help

Read other 1 answers

I keep on getting this pop up on my desktop (bottom right corner).
I don't know what it is or how to remove it.
Can you please help me?

A:Chinese Popup

Hello marceventer and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and t... Read more

Read other 3 answers

I keep on getting this pop up on my desktop (bottom right corner).
I don't know what it is or how to remove it.
Can you please help me?

A:Chinese Popup

Hello marceventer,Sorry, this topic is closed.Look here please, i have written answer.http://www.bleepingcomputer.com/forums/t/595085/chinese-popup/?p=3854823Have a nice day.

Read other 1 answers

Scan saved at 12:47:59 PM, on 12/14/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Sqwire\uc.exe
C:\Program Files\syslaunch.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\Program Files\SuperBar\sbhc.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Common Files\slmss\slmss.exe
... Read more

A:Friends comp... u know, the ol' popup not online... close IE/ freeze comp... HIJACK

Read other 11 answers

I'm trying to sort out a PC for a couple who look after Chinese kids when they're not at school, and it looks like the kids have got the Pc infected with some sort of Pop-up dialer or auto loader. I've tried various spy-ware and virus scans but nothing has stopped the pop-ups.

The computer has been infected with WinIogon.exe hidden in the System32 folder, but I've deleted this (but not from the registry - just dissabled it using msconfig). Firstly could you instruct me on how to delete it from the registry and startup list, and secondly could you take a look at my HiJackThis log and give me some hints as to how I might prevent the popups.

There's always one popup at startup, and then they load fairly regularly after that, often just after a WLLoginProxy.exe connection attempt is blocked by their firewall.

Logfile of HijackThis v1.99.1
Scan saved at 19:41:33, on 27/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\W... Read more

A:Chinese Popup Issues

Read other 7 answers


Recently I've been getting a popup on the bottomright corner of the screen. The popup is in chinese with a english title on the header and a penguin icon. when clicked it opens an article or news at hudong.com which after some googling around I've found out is the biggest encyclopedia site in China, which I'm guessing is harmless.

But since I have no relations to China or Chinese whatsoever I'm guessing this popup can be harmful since it is there without my permission. I couldn't find the source myself but hopefully you experts will. Heres the DDS log:
Attach file is packed (rar) in the attachment. GMER did not find anything so there is no log file from GMER.

In addition, I would also like to get rid of anything unnecessary to speed up my PC. Thank you in advance.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Sonti at 17:42:34.37 on 20/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4095.2186 [GMT 1:00]

============== Running Processes ===============

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe... Read more

A:[SOLVED] Can't get rid of a Chinese Popup

bump please

Read other 10 answers

My comp is seriously infected by annoying chinese spywares... i've tried using every possible remover to remove them but they don't seem to work. I tried spybot,avast antivirus,ad aware,dr web cureit and malware.This is my hijackthis log. I've also tried removing the hosts but it says the file is being in used. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:04:36 PM, on 6/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wordpad.exeC:\WINDOWS\System32\360up.exeC:\WINDOWS\RavNT.exeC:\WINDOWS\qqshel.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Softw... Read more

A:Comp Infected By Chinese Spywares

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 10 answers

hello, usually when i have trouble with my computer i clean install windows XP, also this time i did that but it was of no use, even after i made new partitions and formatted the partitions. the problem is that i get QQ popups on the websites i am visiting (not all though) and when i scroll down the popup will stay in the right corner (after a while there will be a second one that stays in the left corner). ever since i reinstalled XP and downloaded firefox (via IE) i also have the problem that IE will open with some Chinese ads. the QQ ad also takes the place of some ads that are usually on the websites. when i reload the site, the QQ ads do not always return. I always ran free AVG to scan for viruses but i can't anymore somehow because when i update the virus database it tells me that the file is damaged. in my attempt to get rid of it i downloaded spybot s&d, it tells me about a 1000 errors concerning C:/windows/system32/drivers/etc/hosts cannot be checked because it's being used by another program. before i re-installed my XP i experienced that it got more and more difficult to actually open a website through a link on a page. sometimes it was necessary to click at least a few times and sometimes it was just impossible. I tried to make my HJT logfile (although it started also with an error message about 01 hosts file redirection and after it saves my logfile it crashes) and the i found out that the HJT logfile is empty.

the sdbot logfile says:
Error durin... Read more

A:QQ popup ads and IE explorer opens with chinese ads

first of all here is my HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:43:41 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gyzz\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ~.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04... Read more

Read other 2 answers

Every time I start up windows XP, but before I can select a user, I get a window with what appears to be chinese charters in it that will only let you select the OK button before you can procced.

I have tried running anti-virus (macafee), anti-spy wear, anti-ad wear and a registry cleaner but nothing so far has removed this thing. It is slowing down my system a quite bit but (it is really noticeable when accessing g-mail if that helps)

Here is my log using dds.

Deckard's System Scanner v20071014.68
Run by Colin on 2007-12-08 01:22:43
Computer is in Normal Mode.

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-12-08 06:22:48 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-08 01:25:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\s... Read more

A:Chinese popup when starting windows XP

Hello colin1 and welcome to TSF,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**


1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert your flash drive, or whatever is usually the F: drive.


Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 13 answers

I just tried playing Minecraft, and in-game what seems to be English to Chinese. I can't use my keyboard at all in Minecraft, it automatically is typed into the translator. It most likely has something to do with changing my region locale to Chinese from English, but I changed it back to English and it still pops up. I've used my keyboard in other games but it has only happened in Minecraft. I have no idea how to get rid of it, it doesn't appear in applications. I wasn't sure if this would go into the Gaming thread, so I put it here.

Read other answers


Have any of y'all seen a box that pops up with a blue border, at the top there is a penguin with 4 Chinese characters beside it. Below is another with QQ: then a box with 10000 in it, two or three more characters, another box with 10000 in it, then a small box with the image of a person in it, followed by 8 more characters.
Then below that is a larger box full of Chinese characters and some numbers. After this pops up, things deteriorate rapidly. The first thing we noticed was that the Task manager would not open. Others had other problems, eventually not being able to work at all.

I'm not asking for a solution. We have been looking High and Low, and we know how to use the tools available. I just want to know if anyone out there has come across this and if anyone knows where it came from?


Read other answers

Dear All,

I'm having an issue with a popup in Chinese characters.
it pop up always at the start up and then few times during the day.

it looks I have not other problems on the machine but I've tryed all type of antivirus and malware.
Avast, spybot, on line scans,
the machine were running Antivirus,andimalware and firewall since beginning, not only after "infection"

no one finds andy issue but the popup still comes.

I'm running windows 7 64 on an ASUS noteboook, i7, with ATI card.

Does anyone have the same issue? anyone knows how to wipe out?

Thanks in advance

Best Regards


Read other answers

Hello, I have some weird chinese programes (or malwares i dunno*) that I cannot delete, also Malwarebytes Quarantine doesnt let me press the finish button.
Some weird chinese programs tend to appear out of nowhere.
Please help.
*didn't install any of them, but left my laptop for an ahour and came back to find it crowded on my desktop
attached latest malwarebytes scan


Read other answers

i must have some type of virus or persistent malware embedded in this laptop.  The computer is slow,  the battery will not charge,  at startup their are missing dll messagesreferring to (python25.dll),  spybot and super-antispyware show multiple registry errors that can't be corrected due to administrative login not being recognized,  and windows updates repeatedly fail.  Please advise.
Toshiba laptop with windows 7 home premium 64 bit

A:slow computer, missing dlls, popup addware, failed updates, battery not charging

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 15 answers

i can't used i chinese programs like QQ a chat program like MSN the words show up as weird symbols

A:why does chinese show up as weird symbols?


Read other 1 answers


If I type something into the address bar, instead of going to the usual MSN search results page, I get an entire page of Chinese.

I've searched my internet settings (IE6) but everything appears ok.
Any suggestions?

Read other answers

I have a user within AD who is getting a chinese popup error everytime he presses a key in excel for the 1st time or even outlook. However on the 2nd occasion everything is fine and it works well and no error occurs.

I hvave done everything you can think of from a

Full Uninstallation of the app + registry removals of Office 11 and Re-installation

Checking that his AD I.D. has full rights within the Registry

Re-created his profile both Locally and Server Side

Re-installed the keyboard driver under his AD login

Tested using regmon and filemon and seen few failures here and there and got the registry keys elsewhere and imported

All of these still results with the user getting the popup error with Chinese Writing when the 1st key is pressed still

Any of you guys came across this and resolved??

A:Office 2003 Excel Displays Chinese font popup on 1st key entered in cell

Actually, I have heard of this- something in an update caused the problem. There should be a fix:

This was the update: http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx

This is the Caveat: See http://support.microsoft.com/kb/927198

For # Microsoft Office 2003 Service Pack 2, when used with:
* Microsoft Office Excel Viewer 2003
* Microsoft Office Excel 2003

Read other 2 answers

the folder icon in in some weird chinese symbol or something. all the top of the reply or delete as well what is going on

Read other answers

So I have been playing a PC game (Windows 7) called "Don't Starve Together" (linked to the official Steam download page).  It's a multiplayer game and you can mod it.
I started noticing this weird program popping up when I hold the ctrl key and press any of my letter keys, especially WASD, which I use to move my character.  It looks like some kind of translation program, as best as I can tell, but it's all in Chinese.  I managed to find the "About this program" setting option, which offered a link to a website.  Please proceed with caution.  I didn't ever visit this website, so I doubt the website will cause you to acquire the program, but regardless, you've been warned.
I have run Advance System Care, and Malwarebytes Pro. Neither are catching it, I can't find how to remove the frickin' thing.  It is not showing up in my list of programs, so I can't uninstall it that way.  I even tried hunter mode with Revo Uninstaller, and it targeted the video game rather than whatever... this thing... is.  It's ridiculously difficult to find any information on since it's not even in english.  =/
Thank you very much for any help you can offer.

A:Weird Chinese Translation(?) Program Won't Uninstall--Affecting Videogame Play

Welcome to BC !
Uninstall Advanced System Care....can cause serious damage to your computer and most likely installed adware.
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically o... Read more

Read other 7 answers

Yesterday, I did a scan of my network with WireShark 3.2.6  Scan was done on my hardwired Ethernet connection. I am somewhat new to advanced wireshark and I do not know everything there is to know but I am in the process of learning.
While looking at the results of a short scan I saw some unsettling IP Addresses that were appearing on my network. I do a lot of schoolwork online and I need to setup Windows 10 Professional's Firewall to block this IP Address or possibly even a range of
IP Addresses. 
Problem is: When I do searches with keywords such as "Blocking an IP Address with Windows 10 firewall" I end up receiving results that are intended for businesses or results that are meant for a Windows Server.
I need an understandable solution to this potential security problem. One that I can use Microsoft tools to fix and not some 3rd party app if possible.
My system:
Windows 10 Professional build 18363.1016
MS Office 365 Enterprise Edition subscription through my school
Dell Optiplex 790 with the latest BIOS update
Dual drives  SSD system drive and Mechanical ATA drive for data storage.
WireShark 3.2.6 results
Source:    Destination: My private IP Address for my PC. 
Protocol used: TCP   Note: 3 instances.
Below is my PC sending out an 89 byte message to   4 different times.
Source: My Private IP,     Dest:,  Src Prt: vpad 1516,&nb... Read more

Read other answers

There are several post like mine out there already but none of the solutions have worked for me. When I am connected to my company LAN I can go to Google (my home page) in IE7 on an XP Corp SP3 Laptop. about every other time I click on a link I get the following error box.Whether I click ok on the error or click the X, a new browser window opens maximises and opens my home page.When I am on my home network the behavior is different, (probably because my home firewall is not blocking the site) When i click any link from my home page there is no error box but my click gets hijacked to an advertisement or fake virus protection sites.Here is what I have tried:1. Full scan and immunize with Spybot S & D (found a lot of cookies etc. didn't fix this issue)2. Full scan with Symantec Endpoint protection (finds trojans once a day, probably friends of this issue)3. Full scan with Malwarebytes (fixed other issues it found but not this one)4. Purchased full version of Spyware Dr (found and fixed 4 issues but not this one)5. Disabled all browser plugins, including those that run without permission. (did not impact the issue)6. Searched for any files or registry enties with "hpprintspool" in them (there were none)7. Installed HijackThis and created the following log -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:09 AM, on 11/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WI... Read more

A:Malware Cannot find http://(chinese characters) Make sure the path or internet address is correct

Hi jgardner,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.One or more of the identified infections is a backdoor trojan.A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still try to clean this machine but I might not be able to make sure it will be 100% secure afterward. Please tell me if you want to go on with cleaning.

Read other 2 answers

You guys have helped me a lot in the past and i appreciate the help again. Here are my logs.
Problem is avast wont activate and ive crashed a couple times, comp is running very slow.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Brian (administrator) on BRIANASUS on 03-06-2015 20:48:22
Running from C:\Users\Brian\Downloads
Loaded Profiles: UpdatusUser & Brian (Available Profiles: UpdatusUser & Brian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.... Read more

A:Something is wrong with my comp. Avast wont activate, comp running slow, crashin

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove these programs in bold using the Add/Remove Programs applet.Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTIONRewardsArcadeSuite (HKU\S-1-5-21-2814915296-174591460-2764255659-1001\...\RewardsArcadeSuite) (Version: - 215 Apps) <==== ATTENTIONSearch Protection (HKU\S-1-5-21-2814915296-174591460-2764255659-1001\...\Search Protection) (Version: - Spigot, Inc.) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2814915296-174591460-2764255659-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2814915296-174591460-2764255659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
URLSearchHook: HKLM-x32 - (No Name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No File
URLSearchHook: HKU\S-1-5-21-2814915296-174591460-2764255659-1000 - (No Name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No File
BHO: TmIEPlugInBHO Class -> {1CA1377B-D... Read more

Read other 2 answers

I have been reading on different sites to download different anti-spyware programs. Right now I have:

1. Ad-aware
2. Spybot
3. IE Spyad w/ Zoned Out
4. PC pitstop driver alert
5. Spyware Blaster
6. ATF Cleaner
7. PC Pitstop Driver Alert
8. Hosts Xpert
9. Windows Defender

Will these slow down my system, or make it take longer to shut down and restart my comp? Is there anything on this list that I should not have? If it's not a big deal, does anyone recommend any more apps I should download or things to do to make my system better?

If I install almost all of the reputable spyware removers and system optimizers, etc. on my comp, will it slow down my system? Will there be any negative consequences?

Right now I would opt for a faster computer over a secure one, so I would prefer speed over an increased possibility of a virus, etc (still want an anti-virus though). I'd like my comp to shut down and restart quickly, but of course it's not that big of a deal.

With that in mind...I was wondering what the computer "gurus" think is the best way I can optimize my computer? If you have a lot of experience, then what would/do you do, and what do you download for your comp? What programs should I download or buy? I'm willing to pay money for programs that I can buy at the store or pay to activate full versions of trial software, etc. if it will help optimize my computer or help my computer's speed. My system specifications are at the bottom of thi... Read more

A:Newbie questions. Will anti-spyware, etc. slow down comp? Best way to optimize comp?

As a rule, you use:
1 firewall
1 antivirus
* Norton is not the best program around, and it's a resource hog, but since you bought it, you'll have to live with it until it expires.
* Using more then one of each is asking for problems (conflict).
As for antispyware programs, you can have as many, as you want, however, I wouldn't use more then 2 as startups, since you want fast computer.
Your computer specs look very good, but the lower number of startups, the better (this is another thing to check).
As for antispyware, I'd keep Spyware Blaster as a startup program, and I'd add a-squared: http://www.emsisoft.com/en/software/free/
You may want to run others, you have once in a while, or when any problem arises.

In addition, you want to keep your computer clean of garbage, and for that purpose, you want to get CCleaner: www.ccleaner.com

Once a month, you want to run defrag. I recommend free jkDefrag: http://www.kessels.com/JkDefrag/ instead of Windows defrag.

That's about it. If you have more questions, please, ask.

Read other 2 answers

My computer has been running a bit slow lately, and i get constant popups in sets of 20 or 30 that will not close, and randomly my computer will have black and blue lines run across the screen, or will completely blank out, i have had some issues with freezing and then it wil begin to make noises at me if i touch any keys or click, not sure whats wrong i suppose i just post my log?

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies... Read more

A:Comp a bit slow, uncloseable popups, random comp shutdowns, freezing

Welcome to TSG

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

Read other 1 answers

I have been reading on different sites to download different anti-spyware programs. Right now I have:

1. Ad-aware
2. Spybot
3. IE Spyad w/ Zoned Out
4. PC pitstop driver alert
5. Spyware Blaster
6. ATF Cleaner
7. PC Pitstop Driver Alert
8. Hosts Xpert
9. Windows Defender

Will these slow down my system, or make it take longer to shut down and restart my comp? Is there anything on this list that I should not have? If it's not a big deal, does anyone recommend any more apps I should download or things to do to make my system better?

If I install almost all of the reputable spyware removers and system optimizers, etc. on my comp, will it slow down my system? Will there be any negative consequences?

Right now I would opt for a faster computer over a secure one, so I would prefer speed over an increased possibility of a virus, etc (still want an anti-virus though). I'd like my comp to shut down and restart quickly, but of course it's not that big of a deal.

With that in mind...I was wondering what the computer "gurus" think is the best way I can optimize my computer? If you have a lot of experience, then what would/do you do, and what do you download for your comp? What programs should I download or buy? I'm willing to pay money for programs that I can buy at the store or pay to activate full versions of trial software, etc. if it will help optimize my computer or help my computer's speed. My system specifications are at the bottom of this ... Read more

A:Newbie questions. Will anti-spyware, etc. slow down comp? Best way to optimize comp?

Well dude.. i would just go with ad aware.. it wont really slow the comp down

somthing activly scanning such as norton avast etc.. will slow your comp down by taking resources... just go with a scanner like adaware that doesnt use resources..

EDIT: Norton sucks... seriously

Read other 5 answers

And then Mozilla firefox and mozilla thunderbird both crashed. Mozilla thunderbird eventually worked, firefox would boot up and then crash. I could not get on Firefox or IE.

So I rebooted (stupid stupid move) and now it goes through post etc. and then right before it is supposed to show the windows vista screen with the bar loading, it just is a black screen that just sits there.

Sounds like a trojan or something to me, some quick pop up showed up on mozilla saying it was some sort of trojan but couldn't catch the full name then the window closed.

I run Nod32 antivirus and this was the first time it seemed to not catch something.

I tried safe mode no luck, booting with the vista cd to do a clean or repair but after it loads windows files, and the bar fills completely it just sits there for ever and does nothing.

I tried putting the hard drive in a diff comp as a slave, but it would only work as a master for some reason even after playing with the jumpers etc. So i did a boot device menu and chose the correct hard drive to boot windows vista off the normal hard drive that computer uses. My hard drive showed up in bios but when vista loaded on the other computer it didn't have it listed in my computer. It also said it was trying to download the drivers and failed. But then i checked device manager and it said the drivers for the SATA hard drive (my drive) were working properly.

So i can't get on vista, cd won't work, safe mode won't work, last kno... Read more

A:Do I have the Chinese trojan or sometype of trojan,HELP, need comp for finals week

i got it hooked up to another computer and did a check disk on the hard drive, no erros, did a full scan, no viruses, found 1 or 2 trojans with trojan hunter and it removed them both. I tried to do a fixmbr and fixboot through the windows xp recovery console but it said there were 2 os's installed the 1 for the computer itself and 1 on my hard drive, but it said the directory for my hard drive was drive D, but when im in windows it says my drive is drive G, does that mean anything?

So I chose drive d and tried to type in my administrative password and it said it was incorrect. Odd right? I know my administrative password and it kept saying it was wrong. So i was unable to try a fixmbr and fixboot.

Any other advice or ways to try to fix the mbr and the boot?

Or anyone have any advice on what else it could be.

Oh and I could view all my files on another computer with the hard drive plugged in so it doesnt seem like the hard drive is corrupt, but it seems like some part of the boot up process is messed up.

Any replies would be great, thanks.

Read other 3 answers


Recently had a virus on my computer. Had to take it to the geek squad to get it fixed. Brought it home the other day and it would not connect to my wireless network (I am on the other laptop in my house that does still connect). It would connect before I got it "fixed". I brought it back to the store the next day and they tried a few things. I will connect to their wireless in the store.

I originally had Geek Squad come out earlier this year to set up my wireless router and the guy who helped me at the store said it might be because of a certain way he set my computer up to connect to the router which got erased when my computer had to be restored.

Now they want to charge me an extra $89 for them to come back out to the house and fix it.

Is there anything I can do to try to fix this myself without forking over even more money?

A:Comp just restored, network will not assign network address to comp

uh, maybe you would want to check what is the setting looks like now and post it here? maybe someone can help you out. also if possible, mention what brand?

Read other 3 answers


my pc is painfully slow at the moment and i keep getting these weird chinese porn pop ups, if anyone can please help!!

here is my HJT file:

Logfile of HijackThis v1.99.1
Scan saved at 7:48:28 AM, on 11/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
C:\WINDOWS\System32\wuauclt.exe... Read more

A:Extremely slow pc and chinese pop ups!!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 16 answers

i have no idea wut happend to my computer. adawear doesnt work for me. Popups always occure when im surfing and it always changes my homepage everytime. The same popup always occure when i go to forums and then it shuts my internet browser sometimes and says "ERROR needs to end" , somthhing like that. I cant get rid of that . can anyone help me? i think sometimes it says sumthin IE. '

A:HELP...COMP POPup & HomePAge changing!

Read other 16 answers

Hello, I have some weird chinese "anti-virus" virus that I cannot delete, also Malwarebytes Quarantine doesnt let me press the finish button.
Some weird chinese programs tend to appear out of nowhere.
Please help.

A:Weird chinese "anti-virus" virus + malwarebytes quarantine doesnt let me finish

Hi Snajpi My name is Aura and I'll be assisting you with this issue. Please give me a few hours to review your logs and prepare a reply.Thank you!

Read other 15 answers

Recently I started getting one line in the upper portion of the IE windows with Chinese characters:

系统检测发现您正在使用低版本IE浏览器,可能存在安全隐患,强烈推荐您在windows系统使用更快速!更安全!更稳定!的浏览器: FireFox火狐浏览器,点击下载
McAfee and Spybot scans yield nothing. Ad-Aware 2007 results in 5 registry entries but is unable to clean them. The two categories identified:
Root: HKCR Path: clsid\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{385ab8c6-fb22-4d17-8834-064e2ba0a0a6f0}

Hijackthis generated log which is attached. You can see that the same entries

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll

Aside from having the aforementioned line in every IE screen, some of the sites, including this site bleepingcomputer occasionally cannot be accessed, usually when you have to drill 2-3 levels down into the website. It changes though. Occasionally it will dive... Read more

A:Win32.adware.cinmus, Chinese Spyware - Chinese Line In Ie Windows, Unable Access Some Sites

Here is the log pasted instead of being attached:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:37 AM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1�... Read more

Read other 18 answers

I just received delivery of a mini camera/voice recorder that has an instruction sheet in both Chinese characters and also broken English...very broken! In fact, it's basically incomprehensible. Is there anyone viewing this that may be able to help me translate the instructions, because I can't get the recorder to work yet. The colors of the light indicators on the recorder and the instructions don't even match. All that I can observe is red and blue, while the instructions refer to a yellow and green in addition to red.....go figure. And yes, I've contacted the seller about this but they haven't responded yet. I strongly suspect they don't have a clue either...they're just merchandisers, not tech folks.

I've attached a copy of of the so-called English instructions, but if you can read Chinese please contact me and I'll send you or post the instructions written in Chinese characters.

Thanks for your interest.

A:Solved: Can you read Chinese characters and/or Chinese broken English?

Read other 9 answers

Just recently this popup appears every once in awhile. It doesn't always popup when I can online, but it is annoying. I was wondering if anyone knows how to get rid of it? Any help would be greatly appreciated....thanks

A:Weird popup

Read other 6 answers

Hi, I got this really weird popup that come randomly just recently and I wonder what this is all about.The popup link to a site: http://microsoft%20/??????This is my hijack log:Logfile of HijackThis v1.99.1Scan saved at 00:36:11, on 19/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\nvsvc32.exec:\windows\system32\lm12\wdfmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\Program Files\internet explorer\iexplore.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5&... Read more

A:Weird Popup

Hello,Since you are already being helped here, this topic will now be closed.

Read other 1 answers

Hi. I restored my laptop to it's factory settings as windows decided it didnt want to work anymore.I have installed AVG free and downloaded the security updates from the Microsoft homepage.But when I turn on the laptop and the desktop opens up, I keep getting a strange pop up that says "Software/microsoft/windows/currentversion/run" in a grey box that only allows me to click on ok.It seems really weird.here is my hijackthis log, any help and advice would be greatly appreciated. Thank you Logfile of HijackThis v1.99.1Scan saved at 19:27:38, on 03/09/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\necmfk\necmfk.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier... Read more

A:Weird Popup.

Hello Dazarooni,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.



Read other 3 answers

Hi I was wondering if anyone could help me. My friend has a Chinese version of Windows XP with SP3 and an English Office 2007 installed on her computer. All worked fine until the day after Office was installed. Now some of the Chinese characters have been replaced with squares. I tried changing the settings in the Regional and Language Options but as the Chinese characters have been replaced by vertical lines.

If someone can help me resolve this problem it would be greatly appreciated.


A:[SOLVED] Problem with Chinese text in Chinese Windows XP

Problem solved

Read other 1 answers

My mom's virus protection software keeps popping up with a virus warning for Trojan horse BHO.BLD. We cannot find a virus protection program to remove this. Is there a way to fix this without having to reformat? We can't really post any logs or anything of that sort.

A:Mom's Comp Has A Weird Virus

Hello what programs have you already run?
Is this machine XP SP2?
Have you scanned from safe mode?

Read other 1 answers

I am having very weird comp probs..its kind of a flash back of what happened a few months ago...i cant access ANY system utilities (eg: i click on user panel, sys restore, disk defrag, ect...) and i can not see any words typed on yahoo msgr....whats the problem...???...i will post hijack this log if needed...

A:Very weird comp probs...

Read other 15 answers

hi there gurus of technology...:-)

i have a really weird thing going on. Each evening i close down my computer, go to work and in the evening when i come back, the comp is running! It turns on by itself as I live alone there could be noone else turning it on. Is this a new virus?

Besides this, already for a long time when I open My computer and get the windows folder view, if i do anything inside this windows view I get an error message and the whole screen reboots. I have to select folder view and then I can browse through my folders without error messages. The third thing is that I have this message constantly popping up from internet security and i can only turn it off when I select symswc.exe and in the windows task manager and end that process.

PLS i need help as I'm afraid something is pretty wrong with my comp!!!!

here's a HIJACK LOG:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:22, on 5-9-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Progr... Read more

A:Weird: comp starts up by itself!! HELP!!

no replies??? Help plz! How about the hijack log?

Read other 1 answers

Hey all...I got a weird one here. I know you guys will be able to solve it though. I have my cousin's computer here beside me, but I am working form mine. The reason being, it has some sort of virus that keeps putting icons on his desktop, and giving him pop-ups. It also won't let me run any virusware programs that are installed, OR online programs. (Trendmicro.) So...I ran hijack, and here are the results. Sorry for being so vague, but unfortunately all I am able to run is Ad-Aware, and it came up with about 217 problems...which I cleaned up. Let me know what you think. Thanks in advance for the help.

Logfile of HijackThis v1.98.2
Scan saved at 7:31:44 PM, on 15/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\av... Read more

A:Cousin's comp..this is a weird one

Hi Luddite and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".


Read other 11 answers

Please please help. --Got Viruses after visiting a stupid dumb trivia website. (Got WebHancer. Mirar. ezshieldprotector. dyfuca. surfsidekick)--Tried to delete the folders the virus added to my comp, could'nt. Got Norton, ran it. Also ran ad-aware, spybot, webaso, registry mechanic(?), Stinger, and Avast!--Plugged drive into another computer and ran Norton until it says its clean, still does'nt work.--Now as soon as logon screen comes up, and I click on it to enter Xp, it says saving settings, logging off. I can't get into XP at all! Sometimes the desktop will flash on for a second, then go back to login screen.--Tried to use F8, F12, F2 keys. Tried Safe mode. Tried to make boot discs from web, but they just don't activate? Tried to make dos prompt boot disc too. --Tried 3 differnt Xp cds, plus Nopix, failed.--Took drive out and copied all my important files to another computer.--When I go into BIOs and do 'boot from from CD', it gives me the message, SATA Secondary drive 0 not found.Primary Drive 1 not found.--In Bios I can see that it labels both drives correctly. One is SATA (main c:) another is IDE.--Please help. Please use baby language. Really. I've asked on another board too, but seems am out of options, If you'd like a copy of their suggestions I could paste them here maybe?Please helpDell Dimension 4600Mod Edit: Moved topic to more appropriate forum. ~ Animal

A:Comp Doing Weird Things

Can you boot to safe mode?

Read other 2 answers

anything unusal here?? and how do i fix it??
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32... Read more

A:comp acting weird

Read other 6 answers

so my gf was surfing the web and all of a sudden she started getting popups and she got scared and just shut the comp down. we i tured it back on there was a wanna be antivirus program that had been installed. the desktop logo was poor quality and the program was saying the comp was infected. she said she had downloaded no particular program. i did a system restore for a couple days earlier and thought that would be a simple fix. ive ran lavasoft ad-adware...super antispyware...malwarebytes' antimalware. avg found a few things and sent them to the vault. it seemed to run ok for a bit but the popups havent stopped. the computer kept shutting down after awhile and i noticed that the power options had been altered to shut off the hard disk and monitor after 5 hours. not the way i had it. the audio device nowhere to be found. sounds from the comp itself work but audio from the internet does not. also tabs on my IE are not visible as well? also from time to time the comp gets close and i noticed that one particular svchost is requiring alot of usage. i end the process...despite the warning. this may not even be related but thought i would put it in. i need help. any ideas? thanks in advance.

A:popups and weird changes to comp

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

Read other 11 answers

Ok guys...I'm new here so if I don't get the lingo quite right please forgive me.
I found this site while doing a search on ways to get rid of things that have been installing themselves on my computer.
First I had something called lop.com. I read that this thing does a lot of bad stuff...the worst thing I ever experienced with it was that nearly every internet page i tried to open it went into a lop.com search engine and I had to close my browser to get out of it. Using the back button did not work at all. I think that I have gotten rid of that--hopefully anyway.
Then today I went to open my home page (which for me is Yahoo!) and found that my home page has been switched to something called Xupiter?!?!
I have tried a few suggestions I've seen here and thereand while it is no longer taking over my homepage it is still in my program files and will not let me delete it. It says access denied. Make sure disk is not full (??)or write-protected and that file is not currently in use. I downloaded Ad-aware (which I used for the lop.com problem) but it does not seem to detect this Xupiter thing. I am open to any and all suggestions.
OH Yeah and here is the other thing. Last night my Norton Antivirus found something called Trojan.Irc Bounce. Anybody know anything about this. NAA said that it could not be repaired but it did quatanteen it.
Thanks all...I can be reached on willowmoon36 (yahoo messenger) from time to time but the best way to get me is email [email ... Read more

A:Weird S*** installing on my comp...

Welcome to TSG!
Here is the information onn the trojan you requested.

Until the Virus Doctors come on line later you may want to download, setup and run Spybot to uncover all the spyware you have on the system.
Once spybot is set up double click Icon and select online, then select updates. When updates appear select them and the click download updates. After updates are incorporated click settings, then Files sets and uncheck "System Internals and also Usage tracking" now click Spybot S&D and select "Check for problems"
After Spybot completes its run copy and paste what it found back here for review. Do not remove the stuff yet becuase some of it may have to be disabled or uninstalled before hand.


Also while your at the download website download the startuplist and run it. Paste the results back here so the doctors can have a look.


Read other 2 answers

Is there a way for me to find ALL the IP addresses of every computer on a LAN without
having to go to each computer and doing an IPCONFIG.
Somwhere we have a conflict as that cause an error
Description: The name "WorkGroupName :1d" could not be registered on the Interface with IP address nnn.nnn.nnn.nnn. The machine with the IP address mmm.mmm.mmm.mmm did not allow the name to be claimed by this machine.
Event Source: NetBT

Event Category:None

Event ID: 4321


A:Solved: getting the IP address of every comp on a LAN

Read other 11 answers