Over 1 million tech questions and answers.


Q: http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

This is one of the pop-ups that I consistently have. The following is my log file. Every time my internet explorer loads, it pops up. I hardly every use it - I mostly use Mozilla Firefox. I also get a popup from Smashhits, but I don't know the url to that one. Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 5:58:24 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alarm\AlarmMonitor.exe
C:\Program Files\Alarm\Alarm Tray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Cody\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [HPWebUpdate] "C:\Program Files\Hewlett-Packard\HP Software Update\ShellExWin.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EQArticle] "C:\Program Files\EQArticle\EQArticle.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WNW Tray Agent.lnk = C:\Program Files\Wiley\Webster's New World\HKML_SRV.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...49/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - AppInit_DLLs: knjciglo.dll,Runner.dll,EQMini.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files\Alarm\AlarmMonitor.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Preferred Solution: http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers

Hello!I have two sepaarte problems.1- I am infected with an ad that keeps popping-up using internet explorer. I use firefox usually but still have explorer on my computer.This is the adress that pops-up: http://newads1.com/cmapp/zx-adredirect.php?target=Can you help please?2- When I open my computer, this message appears: ''error loading p2esocks_1022.dll The specified module could not be found''How do I get rid of it?I ran my antivirus as well as Ad Aware and Spy Bot but I am still infected.Thank you in advance for your help!I am including the Hijack This logfileThanks a lot!Rami MassieLogfile of HijackThis v1.99.1Scan saved at 10:09:25 PM, on 15/04/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files... Read more

A:Infected With Pop-up: Http://newads1.com/cmapp/zx-adredirect.php?target=

Hello bobio and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.htmlO2 - BHO: Yvakt Class - {2335EA94-74D6-46B4-BA93-8567DAC6CC9B} - C:\WINDOWS\system32\fpdrnznx.dllO2 - BHO: (no name) - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - (no file)O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)O4 - HKLM\..\Run: [yqvbxvnavai] C:\WINDOWS\system32\mchvna.exeO4 - HKLM\..\Run: [4F51515157585856] 90929292989999.exeO4 - HKLM\..\Run: [kVdtBOn] "C:\WINDOWS\system32\spytiqwuy.exe"O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccessO4 - H... Read more

Read other 3 answers

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers

So whenever i surf the net, even just on facebook or in my email. i am CONTINUOUSLY getting the HTTP 404 error.. and i find it hard to believe that this can happen all of a sudden .. its been happening for like 2-3 days .. i dont think that all the sites i use can be having this same problem.. this is what shows up when it happens:OMG! i cant even get photobucket to log me in! because the next page is a consistent http 404 error!!!!!! OVER and OVER. i refresh and go back and try again.. refresh.. sometimes after 5 refreshes it actually shows me the page i want.. but usually not. >so here is retyped version since i can't give you the image *arg*: The webpage cannot be found HTTP 404 Most likely causes:There might be a typing error in the address. If you clicked on a link, it may be out of date. What you can try: Retype the address. Go back to the previous page. Go to and look for the information you want. More information This error (HTTP 404 Not Found) means that Internet Explorer was able to connect to the website, but the page you wanted was not found. It's possible that the webpage is temporarily unavailable. Alternatively, the website might have changed or removed the webpage.For more information about HTTP errors, see Help. WHAT IS WRONG WITH MY INTERNET?!?!?!? i can't stand it!!! i can barely reply to emails!! i can't attach files! or post on facebo... Read more

Read other answers

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

A:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

Read other 2 answers

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\... Read more

A:Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Read other 7 answers

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

A:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

Read other 9 answers

After putting an usb drive that i use for printing avast started notifyng me of wscript.exe  trying to access this sites: (http://etpsoprc.ru/a/, http://specrtop.org/a/).
i dont know what to do and i cant initiate a lot of the cleaning tools mentioned on other sites. any help will be aprecciated.

A:problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500601 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers

Hi, When i am trying to record and web application which is launched on Sharepoint i have below scriptweb_custom_request("ProcessQuery",         "URL=http://vc1cgr01cgi006:9090/_vti_bin/client.svc/ProcessQuery",         "Method=POST",         "Resource=0",         "RecContentType=application/json",         "Referer=http://vc1cgr01cgi006:9090/Lists/DSPortalBase/Home.aspx#",         "Snapshot=t2.inf",         "Mode=HTML",         "EncType=text/xml",         "Body=<Request xmlns=\"http://schemas.microsoft.com/sharepoint/clientquery/2009\" SchemaVersion=\"\" LibraryVersion=\"\" ApplicationName=\"Javascript Library\"><Actions><Query Id=\"23\" ObjectPathId=\"2\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query><Query Id=\"24\" ObjectPathId=\"5\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query></Actions><ObjectPaths><Property Id=\"2\" ParentId=\"0\" Name=\"Site\" /><Property Id=\"5\" ParentId=\"... Read more

A:HTTP Status-Code=403 (FORBIDDEN) for "http://vc1cgr01cgi006:...

hi ! Same problem here, have you find a solution?

Read other 6 answers

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:48 PM, on 11/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exec:\PROGRA~1\mcafee.com\ag... Read more

A:Getting re-routed to http://alphawipe.com/ and http://destroytracks.com/

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 12 answers


One of my sites had a virus (code injection) but I have managed to remove it.:


However, on Google webmaster tools there is a message saying that it is still present on http://gavindouglasfashion.com/ (i.e. without the www. after the two slashes //)

Is anyone able to advise as to how I can resolve this as there is no virus present any more but I can't get a successful review from Google.


Read other answers

i have a problem call redirect virus in my firefox need help i try everything

A:Need Help Removing Scour (,

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 26 answers

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?

A:What is the difference between 'http://www.**.com' and 'http://**.com

lagopi said:

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?Click to expand...

What's the point? THey both open Google.

Read other 2 answers

Hi, A friend of mine gets an error when trying to connect to a website I host. If he types in www.website.com it says that the address is not valid. In the address bar it displays http:///?%20www instead of http://www. This only seems to happen when he tries to connect to my website. Other websites connect fine. I have run Norton, ccleaner and Spy Sweeper with no luck. Anyway, I saw someone else had a similar problem here and posted a HijackThis log. So heres his:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:26:29 PM, on 12/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS ... Read more

A:Getting Http:///?%20www Instead Of Http://www


Read other 2 answers

Running XP home and inadvertently typed:

http://http://abc.com or whatever

In Firefox, I get redirected back to Microsoft (!) while in I/E, Opera, I get an error (as does a Mac system).

Why does Firefox redirect to Microsoft on this obvious error?

Just curious, yet puzzled Ivan

A:Double http://http://

For what it is worth, Mozilla also returns an error page. Seems obvious. But Firefox, the browser redirects me to Microsoft when I click on any double http, ie


Right back to Uncle Bill's. How come, Ivan

Read other 1 answers

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers

Just curious...

when using IE or Netscape, and i type in a URL, for example, amazon.com (without the www. in front of amazon.com), in the address box, the website will come through.

however, when i type in other URLs, for example, paperdirect.com, it requires the extra www.paperdirect.com for the website to come through.

why does this happen?

thanks in advance.


A:http://www.domain.com versus http://domain.com

Read other 7 answers

My OS is Win XP Pro SP3 and Browser Firefox 5

Sometimes when I click on close (Red X top right hand corner) from a page on the FF browser I am getting another page with the domain name http.com.

This is a page of parked domains and I have attached a screenshot of the top half of the page. There is a privacy link at the bottom of the page and when I click on this the url is http://www.gstatic.com/domainads/privacy/ which is Google Adsense for Domains.

I haven?t a clue why this is happening although it is becoming more frequent.

I have run a scans with NOD32 and Spybot which are clean.

Can anyone help please?

A:What is http.doc

Take a look, http://forums.comodo.com/general-discussion-off-topic-anything-and-everything/httpwwwhttpcomcomodocom-t1156.0.html .


Read other 15 answers


I hope someone knows how to help me fix my problem. I cannot look at links, or look at profiles because appears in my browser. I have Spybot, Hijack, Bugoff, and CCleaner that cannot detect the problem. I also cannot get on NetMeeting share activate. Here is a copy of my hijackthis scan and the problem I am having is I can't get rid of WarezP2P as it keeps popping up in a Spybot S&D scan.

Here is a copy of my scan... Thank you.


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\... Read more

Read other answers

running explorer 8 i just keep getting this message all over the net {This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage} can any one help cheers

A:http 403


The 403 error is basically the server hosting the website saying that you do not have permission to view the page you requested. This is mainly done for security reasons. What is the address that you are trying to access?

Read other 3 answers


OMG, this is crazy.....i've read forums and nothing seems to get rid of oml.net.... I donloaded hijack this to c:/programfiles/hijackthis......I ran the program, closed all windows and then fixed all oml.net extensions....then I immediately restarted in safe mode and deleted _sl and _hp files. After that I ran adaware and then I restarted again. I was able to set a different homepage but then it switched over to oml.net all over again! ahhhhh, someone please help....here is what my logfile looks like after I fixed the oml.net files

Logfile of HijackThis v1.99.0
Scan saved at 2:39:15 PM, on 12/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\hpcoretec... Read more

A:HELP! http://oml.net will not go away!

Thanks everyone, I kept my patience and figured out what to delete and in what manner to do it.

thanks anyway

Read other 2 answers

Is it relatively hard to setup RPC over HTTP.

Im looking for a proper procedure that wont inconvenience all my users.

I noticed that if you dont have an SSL certificate you have to mess with the registry so I am looking into getting that also.

Read other answers

Hi, I have a windows XP. I foolishly tried to download something from LimeWire for the first time ever and have completely wrecked my pc.
I have constant pop ups - CiC:http\adserver5 is the main one but there are many more.
I found your amazing site by searching the web, so hope you don't mind my asking for your help.
I was using Symantec Professional, which the last guy who fixed it installed for me but I added AVG Antispyware and As-aware SE by myself and that seemed to be ok until I did this. I have since downloaded Spybot search and destroy and Avast Antivirus which I have run several times. I found a thread on your forum from someone with a similar problem so I downloaded Hijack This and ran it. Here is the report
Logfile of HijackThis v1.99.1
Scan saved at 04:40:50, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\Q... Read more

A:CiD:http pop ups ...and much more

Getting desperate now.

Read other 2 answers

Hi allI am new here and sure hope you can help I followed the advice for"newbies" before postingI could not run the Kaspersky progam, it kept frezzing up but Ido have the report from Deckard's System Scanner (DSS) the problem is that everytime I open the internet, several pages open with the HTTP 404 error on itI sure hope someone can help, as I have exhusted all options that I could read about fixing italso I have run every free spywere program that I could find!and AVGThanks in advance to all who help me outHere is the reportDeckard's System Scanner v20071014.68Run by caprice on 2008-06-21 21:31:04Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 2 Restore Point(s) --2: 2007-07-31 16:22:16 UTC - RP32 - Scheduled Checkpoint1: 2007-07-29 05:23:03 UTC - RP31 - Removed Maxtor?MaxBlastBacked up registry hives.Performed disk cleanup.Total Physical Memory: 1015 MiB (1024 MiB recommended).-- HijackThis (run as caprice.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:33:47 PM, on 6/21/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\RtHDVCpl.... Read more

A:Http 404 And Pop Ups

Hello Dilaysisgirl and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comp... Read more

Read other 6 answers

Any website I try gives the same error. That is only on my main profile. When signed in as my son, I can reach the internet. I cannot even reach my router by entering Obviously something has been changed in my profile affecting the way I connect to the internet, but none of the advice I have found online has addressed this.

A:http 404, but not like the others

Read other 15 answers

Hi guys , im new to having a router and such , but i got one today .

a Sitecom WL-161 Broadband Router for my virgin media cable modem.

problem is when i first tried setting it up i connected to

and it connected fine , but i couldnt manage to get the internet working so i was messing around with some of the settings (big mistake) and i set DHCP to client instead of server.

Now ever since i cant connect to

help would really be appreciated



Read other 6 answers

Does anyone know what HTTP is other than (Short for HyperText Transfer Protocol, the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.
The other main standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and displayed.)
And how can you change the settings or fix a problem, if the HTTP stops working or part of it goes bad?

A:How to fix HTTP

Read other 16 answers


View Solution.



Read other 4 answers

Scotty alerted on the above, out of the blue, something about† an Active-X wanting to install.†A Google search††points to an update, KB 927977,†which has 3 choices†of varying size. The associated file is C:\Windows\System32\msxml6.dll. I have no idea what XML does or how it works and was wondering if it's OK to allow the install.Message Edited by dalem29 on 09-18-2008 06:58 AM


dale,†it should be okay.†to be extra sure, use Windows Explorer to navigate to that file. †RIGHT-click on it, select PROPERTIES, and under VERSION, i believe it should be listed as†6.0.3890.0 (for KB 92977)[or 6.10.1129.0 , if that file has been updated to an SP1 version]and the company should be Microsoft.†if that's what you have, let scotty allow it... otherwise, come back and let us know what you have.

Read other 3 answers

I have followed your instructions but while I'm running hijackthis the second time it will not let me delete the 04 - Global Startup: winlogin.exe it says to use the Task Manager to shut it down but it will not let me shut it down - says it is a critical process. Can you help please, this thing really sucks!!Logfile of HijackThis v1.98.2Scan saved at 2:05:47 AM, on 12/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\LTMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\System32\hkcmd.exeC:\windows\system\hpsysdrv.exeC:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS&#... Read more

A:I can't get rid of win-eto and http://t

HiWhen choosing anti-spyware protection, you should rely on products with deserved reputations and proven track records:SpyHunter is a rogue anti-spy software.http://www.spywarewarrior.com/rogue_anti-spyware.htmYou can use these free programs: Ad-Aware SE, Spybot Search & Destroy + SpywareBlaster.Please uninstall SpyHunter from Add\Remove Programs.You can install MSN toolbar or Google toolbar to block pop-up windows.We don't normally recommend running two antivirus programs together. The program I am going to tell you to install has been successful removing this particular variant in the past.Could you disable Norton Antivirus for now and go here to download the free version of Grisoft's AVG AntiVirus program. Install the program, check for updates and scan your system allowing it to remove whatever it finds.Download KillBox here: KillBox. Unzip it to your desktop.Start Killbox.exeSelect the Delete on reboot option.Copy and paste each of the following file(s) to the address bar:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exeC:\WINDOWS\System32\w8c6s4xcm66.dllC:\WINDOWS\System32\msrexe.exeC:\WINDOWS\System32\l82uw4r3y4lr17thd.exel7gdx78hctcfu3.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dllAfter each file press the Delete button (the button that looks like a red circle with a white X in it).A dialog box wil... Read more

Read other 4 answers
Q: http

My operating system is windows 7 and my problem is with the http. I used to have just plan HTTP but i click a button that said yes I want a secure connection and ever since then I have had nothing but problems. Every time I go to Facebook or Yahoo and click on an app I get an error message that says.
Switch to regular connection (http)?
Sorry! We can't display this content while you're viewing Facebook over a secure connection (https).
Would you like to temporarily switch to a regular connection (http) to use this app?
You will have a secure connection upon your next login.
How do i change it back to a regular connection



Read other 1 answers

Have just fired up pc and all that happens is http:/// flashes in the address bar. This happens on or offline. Any tabs I try to click on just close. Any ideas.
Thankyou Jamie

Read other answers

I keep getting pop ups from, even when I do not have IE open. I have tried SpyBot and SpyBlocs to get rid of this but it keeps coming back. How do I get rid of this?

A:Keep getting pop ups from

Read other 16 answers

My OS is Win XP Pro SP3 and Browser Firefox 5

Sometimes when I click on close (Red X top right hand corner) from a page on the FF browser I am getting another page with the domain name http.com.

This is a page of parked domains.. There is a privacy link at the bottom of the page and when I click on this the url is http://www.gstatic.com/domainads/privacy/ which is Google Adsense for Domains.

I havenít a clue why this is happening although it is becoming more frequent.

I have run a scans with NOD32 and Spybot which are clean.

Can anyone help please?

Read other answers

My OS is Win XP Pro SP3 and Browser Firefox 5

Sometimes when I click on close (Red X top right hand corner) from a page on the FF browser I am getting another page with the domain name http.com.

This is a page of parked domains and I have attached a screenshot of the top half of the page. There is a privacy link at the bottom of the page and when I click on this the url is Google AdSense for Domains which is Google Adsense for Domains.

I haven?t a clue why this is happening although it is becoming more frequent.

I have run a scans with NOD32 and Spybot which are clean.

Can anyone help please?

A:What is http.doc

Have a look in your Firefox's add-ons & extensions manager.

Read other 1 answers

ok guys, somehow i manage to fix it myself! yay
but still one huge problem
i have to type in "http://" in order to go to the desired site!
it will just bring up same error message if i just type in "www." first
how do i make it so i dont have to do that?

Read other answers

I have a wireless media player that plays streaming mms from the web, I want to play streaming asf , asx etc but the address is http. is there a way to change the http to mms so my media player can player the asf,asx?

Also would this work for motion jpeg?


Read other answers

Somehow my IE has stopped putting http:// in front of adresses automatically and it's kind of annoying. How can I fix it?

Read other answers

When using Microsoft Office Outlook 2007 remotely on my home desktop PC to connect to my work Microsoft Exchange Server 2003 using RPC over HTTP it stays disconnected. The only way I can connect is by using a VPN.(System=XP64bit & Office Enterprise 2007,all with current updates)
My other home desktop PC using Office Outlook 2003 has no problem connecting.
Both Outlook 2007 & Outlook 2003 have identical account settings configured.
I have not found a specific solution to this problem in Google or Microsoft.

Can anyone help?

Read other answers

My Internet Explorer (v 8) connects without problem to every URL I enter, with one exception. Every time I attempt to connect to that one URL I get a message indicating http 501/http 505 error. Several days ago I was able to connect to that site without problem but all more recent attempts have failed as described

Any clues or suggestions.

A:http 501/http 505

What is the site?

See here: Error Message: Error 501/505: Not Implemented or Not Supported

Try running IE without Add-ons then try the site again.

Click Start then Run, type iexplore -extoff and press Enter or click on Go.
-- or --
Click on Start, Programs, Accessories, System Tools, Internet Explorer (No Add-ons)

Read other 9 answers
Q: Http


I have windows isa server 2000 and a us robotics usr 9000 router in my office.

Today i have installed WWWFILESHAREPRO on one office pc. All i want is to share files from this pc to my clients, for whom we burn cds for large files. This software is to share large files.
This software says by entering internet ip address internet browser any person can access to the shared directory. Locally i can access the shared directory
by entering is my pc ip address) but not from the internet ip address.

what should i do on ISA server or usrobotics router to enable access to http?

pls help..

Read other answers