Over 1 million tech questions and answers.

Weird PC activity

Q: Weird PC activity

Hey, I have a somewhat new PC, only about a month old. I bought a few computer games for my PC the same day I got the computer, they played fine. Up until recently my system has been acting weird, taking longer to load pages, taking longer to open programs, and gaming performance seems to have decreased. I scanned with norton antivirus, and ad-aware, cleaning up everything I found. Could you maybe take a look at my hijackthis log?

Logfile of HijackThis v1.98.0
Scan saved at 12:21:13 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Update] webcam.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [t3rQ34S] rsreng.exe
O4 - HKLM\..\Run: [indexm] C:\WINDOWS\System32\indexm.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Update] webcam.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

Any help would be appreciated.

RELEVANCY SCORE 200
Preferred Solution: Weird PC activity

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Weird PC activity

Read other 16 answers
RELEVANCY SCORE 51.6

I have had really strange messages. 1 is you are not the adminstrator and I am the only person and the administrator of this system. By looking at this can you see anything ODD? I ran one in October too and it is copied below. Wasn't sure if having both would help? If there is any more info you need to help assess whether I have any "wares" please let me know.
I am running Vista

Logfile of HijackThis v1.99.1
Scan saved at 9:24:26 PM, on 11/25/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\mobsync.exe
C:\Users\Margaret\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/
R1 - HK... Read more

Read other answers
RELEVANCY SCORE 51.6

Must be that time of the year again, as my PC is acting weird. Not sure if it is the full moon or did something creep into my system. My PC is slower than normal and has rebooted itself several times.

I am using XP Pro and McAfee Total Protection which is up to date. I did a scan using McAfee and it comes back clean. I rebooted into safe mode with networking and ran a Panda Online scan. First time it restarted in the middle of the scan. The second time it said it found stuff, but it was mostly tracking cookies.

I am attaching a HJT log and the Panda results. Suggestions?
 

Read other answers
RELEVANCY SCORE 51.6

Was working on some homework earlier and noticed AVG E-mail Scanner popping up above my tray bar. I didn't have Outlook or any web-based e-mail service open at the time, and I've never noticed this happening before... The screenshot won't display for some reason, so here is a text version of what the e-mail scanner was displaying:

Connecting to i222-150-69-88s04.a014.ap.plala.or.jp
Connecting to i222-150-69-88s04.a014.ap.plala.or.jp
Connecting to i222-150-69-88s04.a014.ap.plala.or.jp
Connecting to i222-150-69-88s04.a014.ap.plala.or.jp
Connecting to i222-150-69-88s04.a014.ap.plala.or.jp
Connecting to i222-150-69-88s04.a014.ap.plala.or.jp

Over and over about six times, each time.

Any thoughts on what could have caused this? The same thing popped up three times in a period of about two minutes.

A:Weird AVG Activity

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 51.6

My laptop has been restarting on its on, freezing up a lot. I shut it down last night and when I started it this morning, it started up with my user account like it was brand new. My desktop is a windows desktop, not the one I had on, my favorites are erased. My home page is the "welcome to windows" page. It's like starting from scratch. I tried to do system restore and I got a message saying "system restore is not able to protect your computer. Please restart your computer and then run system restore again." When I shut it down, everything was normal, it has been running weird but my stuff was as I had it, now its gone! I don't know if I need hjt or now but I'm posting it just in case. Ive done AVG and its clean, and Malware bytes is clean. I hope there's something I can do to get it back to normal. Just noticed all my pics and music are gone too.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:39 AM, on 11/7/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft... Read more

A:weird activity HJT log

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

In my Windows Task manager I have this: "rundll32.exe msvcrt.dll,sleep". This process hogs memory and CPU time like crazy. It can go to 550MB of RAM and 50% of CPU time pretty quickly one it starts up. I end this process from time to time, but it comes on again after a while. I end it 3 to 4 times a day. I was wondering if my msvcrt.dll is hijacked by some virus?
 

Read other answers
RELEVANCY SCORE 50.8

hi i went from facebook to a website through a link....to look at something anyway i copyed the web link to send to my brother through facebook message and when i pressed send instead of the link being sent it sent a copy of facebook along with a picture of someone i was talking too at the time on skype so i knew it was a picture of my desktop. This is the second time this has happened to me. I am on a new hp laptop only a few weeks old with windows 8. I am scratching my head to how a link copy turned into a picture of my desktop showing my open facebook page along with a photo box of someone i was talking too on skype? Oh i was using google chrome as a browser at the time if that helps and i have norton as security....If anyone has any ideas please let me know...thanks ..glory
 

A:Hacked? weird activity

I am serious about this issue i still have the link i was trying to send and a copy of the pic it sent instad of my desktop with my browser open and my skype open on it. I am a bit computer illeterate to say the least so if you think this is a joke its not...i do not understand how copying a link to a page turned into a pic of my desktop so if you can explain it to me please do.....if its something i am unaware of great if not what is going on
 

Read other 1 answers
RELEVANCY SCORE 50.8

Ok, my 1st time here, seemed like a good place for some advice.

My basic problem i'm connected to a network and it seems to be changing its security type. jumping from WPA2-PSK to WEP.

I'm using this same wifi antenna. What's weird is no other detectable network does this. my pc's network access menu only rarely shows the change from wpa2-psk to wep but I did get inSSIDer for checking this thing, and it does show its changing security types about every minute or so.

The other strange thing it would never let me connect at all with just entering the key, only by manually making a network. sometimes it shows full bars, others (like now when i'm typing) it shows a red X over the icon.

I went and checked 192.168.0.1 for any strangeness but can't find anything in there, but it is broadcasting 2 separate frequencies, 2.4 and 5 GHz at the same time. I can see that both frequencies are set to use WPA2-PSK, with the same password but different SSIDs.

The noticeable thing is when it has the red X the internet seems slower, and tends to just not let anything after the 1st few minutes of using the net.

Any ideas what's going on with this stuff? i've never seen any network do this.
And yes, i'm on neighbors wifi, and they do know i'm poking around. any help would be appreciated.

P.S. I can do screenshots if needed/appropriate.
 

A:Weird Wifi Activity

howdy and welcome. Whether or not the neighbor knows about your using their wifi is immaterial, as it's the ISP that makes the call as to whether or not it's legal. And ISP's do not allow that, unfortunately, so I'm going to have to close this one up.

thanks for understanding,

v
 

Read other 1 answers
RELEVANCY SCORE 50.8

My laptop is fairly new (only got it 3 weeks ago), but already i have experienced a BSOD around 2 weeks ago and two crashes, both a few days apart.

Today's crash was odd though: I forced a restart when it became unresponsive (i was installing updates at the time) and as it loaded it came up with the usual safe mode suggestions, but then, after telling it to start normally, it came up with a black screen with some white text and was cycling through registry keys. It was over very quickly so I'm afraid i cannot give more details, but i remember seeing "600 items" or something similar. Is this a vista recovery operation or something more sinister? After it was done, the computer didn't continue to load up but restarted itself, at which point it loaded fine.

Anyone know what this was? Thanks.

Oh, i also checked the reliability tool but nothing reported for the 13th.

A:crash then weird activity

Hi. . .

Given the fact that you experienced a BSOD on a 1 week-old new laptop and now seeing the information on subsequent crashes, I would recommend that you reset the laptop back to factory condition by re-installing Vista via the recovery partition.

Usually you press an F key to invoke the recovery partition - it may be F10, F11, ctrl-F11, or the esc key. Look in your owners manual for the exact key/combination.

This will place your system back to the way it was when you turned it on for the first time.

If you have difficulties or questions, please let me know.'

Regards. . .

jcgriff2

.

Read other 3 answers
RELEVANCY SCORE 50.4

Sup forum?
Decided to come here before I decide to reformat and be left in the lurch and basically updateless.

Backstory: OK so the household has never had 'decent' internet as such and it has always been quite slow because of where we are, old house, etc etc.
We must be on some sort of low band 'talktalk' internet which has to be 3mb or 4mb at the most 5mb, nothing major. It is forever lagging out often reconnecting seconds later or there has been problems with our regional providing tower which means we've been out of internet due to technical problems or weather
Speed.net tests have resulted in around the 4.5mb on a good day and that's if noones using except on person. When everyone is using it its considerably slower because of the obvious bandwidth consumption.

So lately, and realising the problem it must be for a good 3-4 months now, things have been becoming a bit temperamental to do with the internet connectivity from the wireless router to my laptop. But it was only little things so I just assumed it was bandwidth or our provider had done something etc.

Well anyway, things like messengers started signing themselves out and then back in again, often lagging out before it happens meaning I don't get what people have said or messages haven't been sent. This happens mostly for Live Messenger and Skype. Only Skype now because I no longer use Live Messenger and for ever have to appear offline to save them from me constantly loggi... Read more

A:Weird wireless internet activity. Any help?

Read other 7 answers
RELEVANCY SCORE 50.4

Two day ago my system began acting weird and having pop ups in the lower right corner about problems found.
I also now have tagasaurus on my desktop. I have run spybot, adaware and symantic. ALso bought Prevx CSI thinking it would help...

Computer is acting very slow and strange.
Below is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:02 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\poin... Read more

A:2 minute startup and weird activity PLease Help

I was running Norton 360 but have since uninstalled it to keep it from interfering with scans.

Here is a new HJT log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:03 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\So... Read more

Read other 1 answers
RELEVANCY SCORE 50.4

Hi
I'm trying to set up a computer that has given me trouble in the past.
It runs VERY slow and acts weird at times.
I attempted to run GMER but it errored out every time.
I hope the files that I have attached help.
Yesterday I noticed that there was an Internet proxy going somewhere. I disabled the Ethernet interface and deleted it.
Thanks for the help!
Jim

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11
Run by jim at 19:58:37 on 2012-10-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.106 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application... Read more

A:Very slow desktop and weird activity

Hello and welcome to BleepingComputer! I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.Please generate another DDS log (download it from http://download.bleepingcomputer.com/sUBs/dds.com'>here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.Also download and run GMER from this link: GMER download link.Thank you very much for your patience. Regards,Elle

Read other 66 answers
RELEVANCY SCORE 50.4

have had no issue at all for a long time and all was well. Then this week I was on my pc (Windows XP) and went to shut down the pc, but when I went to Start to look for shute down it was not there and neither was the Run command. I researched online and found out it maybe called the quickinfo virus. I followed a few steps and got back the run command and shutdown button. I though all was fine but now when I go to open Adobe Photoshop CS I get and error I must have Admin rights to load program and it shuts down. I looked at user accounts and their is only one mine and it has admin rights. Also if I hit ctrl+alt+delete it says it has been diabled as I do not have admin rights.

How do I fix this issue?

Is this the name of the virus I have, or is it something else?

I pasted what I followed to get links back below just as FYI. Please help as I can not do any work. Thanks Much
Open a command prompt (CMD) from accessories menu -> type "gpedit.msc" expand the user configuration node -> expand admin templates -> click "Start Menu and Taskbar -> int he right pane look for "remove run menu from start menu from start menu" it should be set to "not configured" if it is double click it set to enable, click apply, then set to disable and click apply. if it's set to enabled then set to disable. Reboot and see if run's back on the start menu.
 

Read other answers
RELEVANCY SCORE 50.4

Hello All,

I have a weird activity going on with my HP laptop. The laptop is a custom DV3. Here are the specs:

Windows 7 Ultimate 64-Bit (upgraded in place from Windows Vista Home Premium 64bit)
Intel Core 2 Duo P7550 @ 2.26 GHz
BIOS version: F.12
4GB DDR3 ram
NVidia Geforce G 105M w/ 512MB dedicated video ram
HDD: WDC WD2500BEKT-60F3T1
I have been noticing that my computer has been slow lately and that every time I restart, Win7 starts the chkdsk command at boot. The abnormal thing is that it hangs at the end of the "hit any button to skip check" countdown. The other issue that I have is that under Disk Defrag, my C: drive does not show up. I believe that this is due to the "dirty bit" being active on the C: drive.

I have tried to do the commands listed on this page: http://forums.techguy.org/windows-xp/465184-volume-dirty.html
and unfortunately I am in the same position. I do not want to let this issue run rampant and I feel that I am at a stand still with it.

Any help or advice would be awesome. I am hoping I do not have to format to fix this issue.
 

A:Weird CHKDSK activity....need some advice

Read other 7 answers
RELEVANCY SCORE 50

Hello, I've got this weird " bug " lately where i open google crome with the icon in the activity bar and a new icon shows up next to it, one is a google crome startup icon, and one is the accual browser (will set up a picture)

http://www.sevenforums.com/attachmen...1&d=1374486107

How do i fix this so it only is one icon when i use the browser:
like this:
http://www.sevenforums.com/attachmen...1&d=1374486205

A:My google crome icon in the activity bar is weird!

Hi there ... Have you tried to unpin all of them .. What happens when you do that ?

Read other 9 answers
RELEVANCY SCORE 50

Hello! I did have this problem before, i did make it work " i thought " by unpin the icon and pin the running icon, Unfortunatly te problem is comming again after using the new pinned icon 2-5 times so i have to re-do it again, Is there another way to fix this?
This is how it looks, one is the start icon and one is the " program Running Icon "

A:My google chrome icon in the activity bar is weird!

If you unpin both the icons, run google chrome from Start menu and pin the running icon, what happens?

Read other 1 answers
RELEVANCY SCORE 50

So I keep getting this thing that's trying to download something on my computer. There are multiple instances of mshta.exe that show up on task manager, and after having a look with Process Explorer, the same url that's trying to connect to my computer is in the command line of these mshta.exe's. Also, when using Mozilla Firefox, it can't connect to sites like this and won't even open. I also get random tabs opening in Firefox.
Any help?

http://img13.imageshack.us/i/51979454.png/

Note: I don't regularly use IE6, I used it this time because Mozilla wasn't working.

A:Reoccurring connection attempt and weird activity

Also, the url is hxxp://www.funnypinguinshow.com/sdad.php?kxasdasddkhjk= and after updated definitions and scans with SAS, MBAM, and NOD32, it still couldn't find the problem.

Read other 1 answers
RELEVANCY SCORE 49.2

Hi,

My dell laptop has been doing weird things lately. The mouse moves and clicks all on it's own. I tried uninstalling the driver and reinstalling it but now it doesn't always recognize when I touch the mouse pad and it still moves around the screen voluntarily. Also my windows update install all updates that were down loaded except for these: 'Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)'. Additionally my norton live update installation doesn't completely install all downloads either.


I have scanned for viruses and nothing so this is my next stop.

Here is my hijackthis log file, please help me... this wondering mouse is driving me up the wall.

Thanks,
Mouse Trap

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:25 AM, on 6/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 49.2

When I first start up my pc, whenever I open a folder with files in it, if I haven't opened that folder since it was shut down, my hard drive starts accessing and my mouse pointer turns into the little circle while it's waiting for something to finish. At that point I can't do much of anything until it's finished, which takes around half a minute or so usually. It happens with a folder with media files in it, and even just text files. What could be causing this? It's very annoying. Could it be my antivirus (Avira)? Is Windows doing this? Could I have some setting enabled in Windows that causes this to happen? Once the folder is opened and it stops whatever it was doing, it won't happen again until I shut off the pc and open that folder again. It seems something is scanning the files in the folders when I open them.

A:Weird hard drive activity when I open folders

Quote:
Could it be my antivirus (Avira)?


Quite possible.





Quote:
Is Windows doing this? Could I have some setting enabled in Windows that causes this to happen?


Probably, might check the Indexing function.

Read other 6 answers
RELEVANCY SCORE 49.2

Hey all,

So I've been having this problem where my computer is constantly laggy and I noticed that my computer tower is constantly "loading". I'm not sure if thats the correct term but the yellow light that shows processing activity is constantly blinking and you can always hear certain sounds coming from it, even if I'm doing nothing at all. Even at startup, I will constantly get clicking sounds from the tower and I noticed that a disk boot sound comes on once after I login to my user name. This had never happened before, and usually only get a disk boot sound directly after turning on the computer or when scanning for viruses. I dont know if its a virus or just a system problem but I remember getting viruses which will constantly cause activity the computer.

This started when my virus scanner McAfee expired. I uninstalled it and installed Trendmicro. I had to uninstall Spybot and Malwarebytes prior to installing Trendmicro but reinstalled it after. I also installed AV antivirus because I thought it was similar to Spybot and Malwarebytes where it would be like a secondary program I can use as backup. But when I installed AV, it started automatically and interefered with my Trendmicro and I had to do a bunch of things to uninstall it or disable it. On Trendmicros first scan, it found one virus, Malwarebytes found nothing and Spybot found a couple things. I had not run Spybot in a while though, but usually only get cookies. This time it found cookies but also ... Read more

A:Computer acting weird, slow and constant activity

Hello and welcome.

I think the issues stem from remnants of multiple antivirus programs.

For AVG

After uninstalling AVG from the Control Panel, also run the AVG remover from their site.

AVG - Download tools

direct link to the AVG Remover:

http://download.avg.com/filedir/util..._2011_1184.exe


For McAfee


Download the McAfee Removal Tool
http://download.mcafee.com/products/...tches/MCPR.exe


Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y


After running both tools, post new DDS logs.

Read other 13 answers
RELEVANCY SCORE 41.6

So norton keeps giving me pop ups of 2 things than require manual removal, but nothing I do works. I also seem to have what others say is the re-direct virus which I'm assuming is related to the Rootkit and tidserv activity. I have tried everything I know of but nothing has worked so far. I've tried Power eraser, malwarebytes, spybot, ad-aware, TDSSKiller, followed symantec's recommended directions, but so far nada.

I have tried cleaning in safe mode and have had windows crash on me a few times, leading me to have to use the OS disk to repair.

Not sure if you need this, but tossing it in here anyway. My norton is up to date and every so often is being hit with the below. 28 attempts yesterday and 17 attempts so far today.

5/17/2012 1:28 PM,High,[email protected] (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required
5/16/2012 4:51 PM,High,[email protected] (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required
5/16/2012 2:38 AM,High,[email protected] (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\u\[email protected]

As a side note, I also had the Norton error 5013, 3 but have subsequently fixed that.

Reading through thr forums I saw someone with my exact problem, but I figured I'd create my own thread in case something is different.

Okay, back on track now. I followed the instructions from the Preparation guide and results are below. I'm running 64-... Read more

A:System Infected: ZeroAccess Rootkit Activity 4 & Tidserv Activity 2

Good evening. When you ran DDS it should have created a second log, Attach.txt, which i'd like to see the contents of. If you didn't save a copy you'll need to run DDS again.Also, when you ran TDSSKiller it should have created a log, which i'd also like to see. It will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.. Please check that you get the one with the right date and time as I want to see what, if anything, the tool actually detected and removed.

Read other 33 answers
RELEVANCY SCORE 41.6

Continued from: http://www.bleepingcomputer.com/forums/topic453955.html

Sorry it took me so long to reply, I was out of the country for a few days. I still can't get into repair mode normally, however after a few tries, I was able to get to the command prompt via the recovery disk. Here are the results of scan. I hope that's everything.

Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 19-06-2012 18:55:40
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell ... Read more

A:System Infected: ZeroAccess Rootkit Activity 4 & Tidserv Activity 2

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 41.6

Norton 360 windows appear with "Threat requiring manual removal detected: System Infected: ZeroAccess Rootkit Activity 4" and "Threat requiring manual removal detected: Tidserv Activity 2". Both windows contain a link to the Norton website to "Tell me how". Have tried them both but still have the infection. Found your forum topic 34773 and have followed the instructions there. DDS.txt and Attach.txt files from those processes are below and ark.txt is attached. I await your instructions as to how to proceed. Thank you in advance for your help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by W.L. Rust at 11:29:20 on 2012-03-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.211 [GMT -6:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Fi... Read more

A:System Infected: ZeroAccess Rootkit Activity 4 & Tidserv Activity 2

Additional information:

Running Windows XP Home Edition
Version 2002 SP3

on a Dell VOSTRO_200
GMER ended with the window "Warning!! GMER has found system modification caused by ROOTKIT activity."

Read other 11 answers
RELEVANCY SCORE 41.2

Running on a WinXP Pro SP3 system with Norton Internet Security (NIS). NIS reports that the system is infected with Zero Access Rootkit Activity 4 and Tidserv Activity 2 and offers manual removal instructions but I've tried those and the don't work.

The dds.txt output file appears below. The attach.txt from DDS and the output from GMER (ark.txt) are attached.

Thanks for your help,
Gary

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 16:09:39 on 2012-02-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.814 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files ... Read more

A:Infected with Zero Access Rootkit Activity 4 and Tidserv Activity 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 33 answers
RELEVANCY SCORE 41.2

I have a Win XP Pro SP3 system running Norton Internet Security. It reports that my machine has been infected with "Zero Access Rootkit Activity 4" and "Tidserve Activity 2" and that both require manual removal. I've followed the instructions provided by Norton but those instructions fail to help clear the problem. Also, other strange things are happening. I can't reach the Windows update site via IE. When I try to ping it, the mysterious domain suffix nsatc.net is appending to the domain name but that suffix doesn't show up in my TCP/IP properties.

Please advise as to how I can remove these threats.

Thanks,
Gary

A:Infected with Zero Access Rootkit Activity 4 and Tidserv Activity 2

Hi Gary, to remove this we need to repost as we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run skip it and move on.Let me know if that went well.

Read other 2 answers
RELEVANCY SCORE 41.2

My Windows7 32-bit computer is really slow and some operation take an extremely long time. I would like to see what steps I can take to begin diagnosing. Several times I have run Hi-Jack this 2.0.5 to try and see if anything obvious comes up. I have not seen anything that I believe is unusual.

A:Slow Browser Activity and Computer / Unusual Activity

Hello, my name is GLaDOS and I will be helping you today.
So first thing is download malwarebytes antimalware from here
after you download it install it and update the database, after that run a quick scan and wait for it to finish and post the log here.
Thank you.

Read other 4 answers
RELEVANCY SCORE 40.4

I get random BSOD when I do a full antivirus scan, or any medium application activity from MS office or graphics programs

A:BSOD while AV scan activity or medium app activity

Welcome to the forum.

A "stop 0x124" is fundamentally different to many other types of bluescreens because it stems from a hardware complaint. Stop 0x124 minidumps contain very little practical information, and it is therefore necessary to approach the problem as a case of hardware in an unknown state of distress. You can read more on this error and what to try here... Stop 0x124 - what it means and what to try: Stop 124 - What it means and what to try





Quote:
Recurring BSODs before/after startup

Windows 7 32bit freezes at random







Quote:
Based on the bugchecks, I would recommend you follow and complete the steps given below:1. If you are overclocking any hardware, please stop. Reset any changed values back to default and reset/clear CMOS: Clear CMOS - 3 Ways to Clear the CMOS - Reset BIOS. Uninstall any overclocking tool as these can also be a reason of blue screens.

2. Uninstall your current antivirus software. It can be a cause of BSOD very often. Please remove it with its removal tool and use Microsoft Security Essentials in its place. Malwarebytes is a great combination with it. Go through this thread for more info.

3. Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log

4. Run SFC /SCANNOW Command - System File Checker to check windows for integrity v... Read more

Read other 1 answers
RELEVANCY SCORE 38.8

The following is a list of alerts from my daughter's Norton History on her Vista Home Premium PC (I'm posting from a separate PC):

1. Low item shown for googleupdatesetup.exe
2. Low item shown for Unauthorized access by Norton
3. Low item with PC configuration changes by wrxnsecaom.exe
4. Low item with PC configuration changes by setup1285330688.exe
5. Low item with PC configuration changes by setup1683134592.exe
6. Trojan block of Fake AV!gen42
7. When running quick scans on Norton shows Trojan cookies
8. High blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOXILLA FIREFOX\FIREFOX.EXE (most when doing google searches)
9. Other high blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE. (I've gotten this one without opening the browser)

Other symptoms:
1. I'm also getting some window (not browser) popups "Microsoft Windows - Host Process for Windows services stopped working and was closed" (wermgr.exe). I'm not sure what services were being stopped.

2. I've tried running an older version of Malwarebytes that was already on the PC. It will not run saying "The dependency service or group failed to start". I also get this if I try running Windows Explorer in Administrative mode. I can run Windows Explorer in normal ... Read more

A:Infected by Tidserv Activity and Activity 2

Please ignore this request - I had not done the proper steps of getting the DDS files and GMER. I've therefore went thru those procedures and created a new Post today (same topic title) with those files (and a few updated notes from this previous post). Sorry for any confusion and for not following the correct procedures to begin with. I misread and failed to remember the steps I followed originally and I found those steps again.

Read other 2 answers
RELEVANCY SCORE 38.8

The following is a list of alerts from my daughter's Norton History on her Vista Home Premium PC (I'm posting from a separate PC):

1. Low item shown for googleupdatesetup.exe
2. Low item shown for Unauthorized access by Norton
3. Low item with PC configuration changes by wrxnsecaom.exe
4. Low item with PC configuration changes by setup1285330688.exe
5. Low item with PC configuration changes by setup1683134592.exe
6. Trojan block of Fake AV!gen42
7. When running quick scans on Norton shows Trojan cookies
8. High blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOXILLA FIREFOX\FIREFOX.EXE (most when doing google searches)
9. Other high blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE. (I've gotten this one without opening the browser)
10. I've created the attach DDS.txt and attach.txt files and the gmer.txt. The GMER did find rootkit activity.

Other symptoms:
1. I'm also getting some window (not browser) popups "Microsoft Windows - Host Process for Windows services stopped working and was closed" (wermgr.exe). I'm not sure what services were being stopped.

2. I've first tried running an older version of Malwarebytes that was already on the PC. It would not run saying "The dependency service or group failed to start". I was also... Read more

A:Infected by Tidserv Activity and Activity 2

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 18 answers
RELEVANCY SCORE 33.2

I am completely perplexed with this.

Ok so I have the installation file for Alcohol 120% v1965529 on a DVD, so when I try copy pasting it to my E:\ drive I get an Access Denied - Make sure the file is not in use or write protected error.

However, I can copy it with no problem to my C:\ drive. Once I do that, if I try to run the installation, I get the "Windows cannot find the specified path, device or file. Make sure you have the appropriate permissions to access the item." error.

Trying to copy it from C:\ to E:\ gives me the access denied error again, and I've already removed all atributes, like read-only. What the hell is going on here? I'm system administrator, and in the 4+ years I've been using WinXP, I have never seen this problem! The file isn't corrupt, it works on other computers.

Right clicking on it, the context menu takes a good 6 seconds to show up.
 

A:Solved: Weird weird problem with Alcohol 120% - ACCESS DENIED

Read other 13 answers
RELEVANCY SCORE 32.8

I ran rKill & MABM to get rid of Antivirus Security Pro (have my suspicions where it came from), it is gone .. thanks.  However now my IE pages are strange (e.g., when I logged in to this account, no login, etc button I just hit enter & hoped; boxes are not complete outlined (or your search box in upper right of page is completely missing, however I can click & type in the space).  The Start button is no longer round with the windows icon on it, just a black & white button with the word Start.  Not sure that is a bad thing, but apparently something is hinky.   Suggestions?

A:Ran MABM, now IE windows are weird, Start button looks weird

Never mind, I figured it out ... the theme I was running was the issue.  Thanks...

Read other 2 answers
RELEVANCY SCORE 32.8

Hello everyone,

i'm having a weird problem in my setup, it's not a real problem but it's very annoying.

i can't post a screenshot right now, but the situation is pretty simple:

i have a "login button" (see attached example) floating on the left of my third screen. It's the same exact button from the login screen.

The button can't be moved, it doesn't react to right-click but it does react to left click, showing the account control panel

If i try to change resolution (forcing a redraw of the screens) the button goes away, then it comes back in the same position after some time (minutes)

how can i get rid of it?
thanks

Read other answers
RELEVANCY SCORE 32.8

My computer (windows XP) was working completely fine for over a year now and all of a sudden it started running strangely. I get these strange links when I go to sites, and when I scroll over them I get popups. And I got a popup today that just said "monitor" which really freaked me out. It's just running overall very slowly and programs keep "not responding" and stuff ever since all of this. Here's my log of HijackThis if that helps:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:25 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sq... Read more

A:Slow computer, weird links, weird popups..

Anyone? Please? heh.
 

Read other 2 answers
RELEVANCY SCORE 32.4

Hello,
Currently I have a big problem with my Computer, i can't run Windows in normal mode, and currently using Safe Mode
I will describe the problem and Windows_NT6_BSOD_jcgriff2.zip
DESCRIPTION
My computer have some BSOD a few days before, but it's rare and after it restarts, Windows works like normal. Those BSOD happens randomly. But, just 3 hours ago i got a BSOD just when opening windows explorer, but this time the Blue Screen takes 1 minute and it shows a lot more texts than usual. After my computer restarted, it took 10 minutes on Loading and welcome screen (Usually it only take 10 seconds). After loading finishes, my monitor shows nothing (black) but i can see my pointer mouse, the pointer can still move. I also can do CTRL+ALT+DEL and starts Task Manager. I waited for 30 minutes and suddenly the screen turns light-blue and some icons and the taskbar comes out. But when i opening Windows Explorer or any applications, it shows an error that username and password is invalid in the config. Then i frustrated and restart my comp in Safe Mode with Networking. It works without those errors and runs normally, but i can't do any working on Safe Mode...
--------------------------------------------------------------------------------

That's the description of the problem i have on my Windows. A help would be very appriciated.
I running Windows 7 Ultimate 32 Bit (OEM) my computer is 8 months old (same with the OS)
Note : when i typed perfmon /report , the viewer show error... Read more

A:Weird system error after weird BSOD

Hello Freedom975 and welcome to SF,

Bugcheck 0xc5_2 and 0xd1 could be caused by 3rd driver, memory or viruses.

First uninstall AVG completely then download and install Malwarebytes.
Update its database and perform full scan.
(You may do this in Safe Mode Windows with Networking)

Install MSE as replacement of AVG.
http://www.microsoft.com/security_essentials/

Then uninstall Alcohol 120% and remove sptd driver with this tools. → http://www.duplexsecure.com/download...t-v178-x86.exe
For alternative CD/DVD virtual software, you may use MagicIso.

Last, upgrade your Windows into SP1.
Learn how to install Windows 7 Service Pack 1 (SP1)


Code:
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82c1b000 PsLoadedModuleList = 0x82d63810
Debug session time: Thu Apr 7 01:22:37.233 2011 (GMT-8)
System Uptime: 0 days 0:18:18.638
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *... Read more

Read other 2 answers
RELEVANCY SCORE 32.4

Ok so i thought my computer had a virus i ran Hi jack this and then a spy ware remover did all that good stuf and now it is still acting up I thought that it was only IE so i tried Firefox and still wont load them, I mean some pages aresimple ones and some are like Google and others that should work it acts like it is going to load then doesnt and says Check Url spelling internet connection etc Did all that it still doesnt help, Ne one know why my computer is doing this Oh and alot of pages they dont load the 1st time or the pics wont load at all, also sometimes there are message boxes that say socket error Socket closed
 

A:IE 7 Wont load some pages Weird Weird

Sounds like you are dropping internet packets. I've seen this a lot and you can usually load small pages fine, but anything with pictures have a hard time transferring. goto a command prompt ( Start - Run - CMD) and type 'ping -t www.google.com' (without the 's). This will continuously ping google and give you a response time in milliseconds. If you have broadband, an average response time is between 10 ms and 100 ms. Anything above 100 is simply a poor service provider. But what your looking for is the connection to time out. Let it respond about 100 times and watch to see if it ever responds "Request Timed Out". If it does, then you have confirmed that your internet is dropping packets. To fix this, you have to first determine if its your equipment or your isp's. If you are connected directly to a cable modem or dsl modem/router, then call your isp and tell them you are dropping packets. If you are not directly connected to a cable modem or dsl modem/router, then do so and run the test again to verify that it is the isp. Good Luck
 

Read other 2 answers
RELEVANCY SCORE 32.4

IS there any way to plug phono video cords into a computer moniter? For example. Is there a cord I could buy at Radio Shack that would let me plug my Gamecube into my computer moniter (via the yellow video cord) and play it?
 

A:A Weird, Weird, Weird, Weird question.

You could do it with a TV tuner card, but most of the time game console's don't display well on a monitor due to the difference in framerates. But it's worth a shot, Newegg has a new Kworld model for $33 right now!!!!

http://www.newegg.com/app/viewproduct.asp?DEPA=&submit=Go&description=kworld

It's a excellent card. Rips straight to mpeg as well.
 

Read other 3 answers
RELEVANCY SCORE 31.2

Hello,
I have just installed ms office professional recently. I usually open this program for a game. When i open it it gives me this -- Imageshack - 85374956
It happened with this program. I dont think it does with the other ones..
This has not happened until i installed ms office 2007. im really pissed now because i have had quite alot of problems with it. I might just uninstall it and never install it again because its interfeiring with other programs. If anyone can help cool if not ill just uninstall it.

A:Weird - Very weird annoying problem

Nothing happens if you wait for it to "finish configuring"? May I suggest trying to run it as administrator? Even if you're running an administrator account, you may want to try and give the program administrator privileges; right-click on the program you're running and select Run as Administrator.

Read other 6 answers
RELEVANCY SCORE 31.2

Hello, new guy here, now for my problem, the problem i seem to be having is Remove Disk or other media, but its not on start up of my computer, but its on System Recovery, then when i hit enter it will then go to disk Boot error, i am on windows xp and i have a HP Pavlon, the reason i want to use my System Recovery is i am fixing to start a new project for a website for my city, and i want to setup a localserver, so i want my computer to have a fresh start, and since i haven't used system recovery in like 6 or 9 months its dued. so if anyone can help me pass this Remove disk or other media on system Recovery would be appriciated. the only thing i have plugged in is my dsl connection and kordless keyboard and mouse, i completely disabled my printer and camera and there is no disk in either of my disk drives, and yes i have stuff in D drive HP_Recovery, i do not believe the stuff i have in the drive would cause this error as i have put the same things in it before.

so if anyone knows this problem on System Recovery would be appriciated for any help

Thanks
 

A:Weird Error in Weird Place

Did you try changing the boot order in the bios? Or if you are trying to boot to a recovery partition I am fairly certain HP uses the F10 key when you are going to boot to go into system recovery. But I don't have an HP so I could be wrong but it should be one of the F Keys.
 

Read other 1 answers
RELEVANCY SCORE 28.8

Hi

how can i know GPU activity ?

i like a lot process hacker , i have the last version and under w8.1 pro 64bit ,system information gpu is empty (there is always 0% activity

is there a program that let me monitor?

maybe free and portable...

thanks

A:how can i know GPU activity ?

GPU-Z is one.

Read other 2 answers
RELEVANCY SCORE 28.8

I have a feeling that somebody is interfering with my PC at night although a password is used.. Is there in "7" an activity log? or can I install one? that I can view to find out.
Thanks for reading.

A:Activity Log

Hi RogerAshley, Windows 7 has no "activity log" per se as you define it. It does have an Events Log Viewer (START | eventvwr.msc) but would be difficult to acertain the info that you want.There are commercial software programs available: http://download.cnet.com/windows/monitoring-software/. (I have not used any of these)I'm also not sure if there are any free programs out there.

Read other 1 answers
RELEVANCY SCORE 28.8

Should I be concerned if I see a large amount of network activity on a computer that only had AOL Instant Messenger (Not AOL as ISP) running while someone was away and did not use the computer for 4 or more hours? Like 32M Packets? I have run SpyBot and Adaware and have had the HJT log looked at am still working on it but I have not asked this question before.
 

A:Activity

I'd say that 32 million packets would cause me to look for the source!

If none of the virus scans or spyware scans turns up anything, perhaps you need to download www.ethereal.com and try monitoring the activity to see what's happening.
 

Read other 1 answers
RELEVANCY SCORE 28.8

I woke up this morning and noticed my system had rebooted itself, this is the second time in 2 months I have noticed this. I have no scheduled tasks and was wondering if there was a log of events that show activity as far as when the system starts up and shuts down to see what caused it. Thanks
 

A:Activity Log

hi..and welcome..
You could run a HJT log to see what is running on your system..
www.thespykiller.co.uk/files/HJTsetup.exe
Close all windows..let it scan and save to notepad>edit>select all>edit>copy>paste on your thread..install in its own C:\ program file..
A log expert will help you...
 

Read other 1 answers
RELEVANCY SCORE 28.8

If someone has an ip obtained via email, what information can they see regarding my web browsing history, and how is this done?

Anyway to "remove these tracks" or logs once they're out there?

A:If someone has my ip, what can they see about web activity

They can't access your data, if you have an effective Firewall enabled.

Read other 1 answers
RELEVANCY SCORE 28.8

Is there a way to check the log in history on your AOL account.
That is to say, when the last time an account was accessed or webmail was accessed from another computer?
Thanks
momo4
 

A:AOL Activity Log

Usually you can go to Keyword: Billing
You have to be on the primary screen name though.
You were able to view the current bill summary there - it gave you a list of what screen names were online and what time.
This worked on my older version of AOL, it may be slightly different for the newer ones.
 

Read other 3 answers
RELEVANCY SCORE 28.8

Hey all,
Here's my dilemma.... I am running Windows 98 SE. I installed a Logitech web cam and a HP Scanjet via USB. The moment I installed the drivers for the scanjet and attempted to use the scanner... my PC rebooted by itself. After several tries I uninstalled the software for it and haven't used the USB ports since. No problems until I buy a digital camera. Now about every fourth or fifth picture I transfer from it to my PC (via USB) causes my PC to lock up for a second and then reboot.
I feel it's obviously the USB ports, since the problem only arises when they are in use. Does anyone out there have any ideas what about the HP scanjet software could have caused this (since it never happened until the exact moment I installed the scanner) and how it could be corrected?

Tool1248
 

A:Odd USB activity?!?!

Read other 7 answers
RELEVANCY SCORE 28.8

Hello everyone, does anybody know how many volts or watts does the hdd activity led needs? I need to connect it to the smallest battery which has enough power & its needs to be on a bicycle pedal. I have no clue about electrical,circuitry stuff. thanks.
 

A:HDD activity led

Although this circuit states 9V it's more likely 3.5Volts

I found this really easy page to understand here: http://www.kpsec.freeuk.com/components/led.htm

Have fun making your circuit
 

Read other 2 answers