Over 1 million tech questions and answers.

Malware causing strange Internet Explorer behavior

Q: Malware causing strange Internet Explorer behavior

Recently I've been having trouble closing Internet Explorer successfully. Oftentimes I'll get a very suspicious error window that says "closing this window may cause serious problems." Generally when that happens I'll end the process via Task Manager rather than clicking on anything on the error window. I'm a bit paranoid that I may be infected with a key-logger of some type and I'd very much like to keep my online accounts secured. Once I've gotten the all clear from you guys I plan on creating new strong passwords for all my accounts. It seems like I haven't seen the problem since installing the latest Windows Updates recently (including the latest malware removal tool) but I thought I'd ask the pros just to be safe rather than sorry. Thanks for any assistance you can provide. Here are the logs I've created so far per your instructions:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Shane at 10:13:48.70 on Tue 09/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1410 [GMT -7:00]
============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shane\Desktop\Malware removal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: adobe.com
Trusted Zone: bethsoft.com
Trusted Zone: google.com
Trusted Zone: homedepot.com
Trusted Zone: microsoft.com
Trusted Zone: myspace.com
Trusted Zone: prepareforthefuture.com\www
Trusted Zone: wackychaco.com
Trusted Zone: wellsfargo.com
Trusted Zone: youtube.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236375108000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236375175421
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
TCP: {6DCD114E-F64C-4F1A-8CAF-22579A4FDD94} = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-6-11 1275584]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-6 33752]
S3 HwIOctl;HwIOctl;\??\c:\documents and settings\administrator\desktop\hwioctl.sys --> c:\documents and settings\administrator\desktop\HwIOctl.sys [?]
S3 Memctl;Memctl;\??\c:\documents and settings\administrator\desktop\memctl.sys --> c:\documents and settings\administrator\desktop\Memctl.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\utilities\sisoftware\sandra professional home 2009.sp2\RpcAgentSrv.exe [2009-3-27 98488]

=============== Created Last 30 ================

2009-08-29 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-29 12:40 1,188 a------- c:\windows\ImpTableL.bin
2009-08-29 12:37 <DIR> --d----- c:\program files\Ventrilo
2009-08-29 12:37 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-08-25 07:58 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-25 07:58 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 20:49 <DIR> --d----- c:\windows\system32\QuickTime
2009-08-11 10:31 <DIR> --d----- c:\program files\common files\Real
2009-08-10 14:53 <DIR> --d----- c:\program files\Fraps
2009-08-07 20:00 <DIR> --d----- c:\program files\NCH Software
2009-08-07 20:00 <DIR> --d----- c:\program files\NCH Swift Sound
2009-08-07 18:38 <DIR> --d----- c:\program files\WM Converter
2009-08-07 17:33 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-08-04 07:50 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-08-04 07:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-04 07:49 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-04 07:49 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 11:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-14 08:21 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-03-27 06:48 526 a------- c:\program files\InstalledCodec.cfg
2009-03-09 11:01 34,816 a------- c:\program files\InstalledCodec.exe

============= FINISH: 10:14:10.17 ===============

RELEVANCY SCORE 200
Preferred Solution: Malware causing strange Internet Explorer behavior

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Malware causing strange Internet Explorer behavior

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

Read other 3 answers
RELEVANCY SCORE 82

Hey all.

About a week ago my internet started disconnecting every 20 minutes. It happens both with wired and wireless. I'm on a college campus and everyone else is fine, its just my laptop. My sent and received bytes are also acting strange. As of right now, i have sent just over 1 million, but recieved over 14 million. I get disconnected from servers constantly and lose packet flow for the games i play. Here is my hijack this log and attatchmennt:

Deckard's System Scanner v20071014.68
Run by Ben Z on 2007-11-06 17:53:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2007-11-06 22:08:48 UTC - RP73 - Windows Update
4: 2007-11-06 06:45:22 UTC - RP72 - Installed VeohTV BETA
3: 2007-11-06 06:05:25 UTC - RP70 - Installed Rappelz_USA
2: 2007-11-06 03:22:36 UTC - RP68 - Windows Update
1: 2007-11-06 02:45:36 UTC - RP67 - Installed America's Army 2.8.2 Update Patch


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben Z.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:12 PM, on 11/6/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program File... Read more

Read other answers
RELEVANCY SCORE 82

Ok, I'm relatively new at the whole computer thing and I know, "What took you so long?"

I have Windows XP but just recently, when I try to open Internet Explorer, it may take a few attempts before it opens.(ya' know the hourglass expires before anything happens) However, when I log off, ending program task panel opens, then ending program iexplore.exe opens and keeps opening for the amount of times I tried to open internet explorer.
This leads me to believe that it in fact opened somewhere but not anywhere I can see it. Also on occasion, the task panel will turn blue for quite sometime when I close out an open window.
I tried searching for an answer to this problem but to no avail, so any advice here would be most appreciated.
 

A:Internet Explorer's strange behavior

Read other 11 answers
RELEVANCY SCORE 79.2

I hope someone can help me work this out, it's driving me crazy!
I'll try to explain it in as few words as possible!
There is a website we need to access on which we're having trouble getting some of the buttons to display.  In short it works when the internet zone is set to "Medium" but not when it's "Medium-High" (I have added it to trusted sites
but in properties it shows as "Unknown Zone (Mixed)" so seems to use the "Internet Zone" settings.)
I am trying to track down which security setting is causing the issue.  To do this my plan was to make a note of all the settings that differ between Medium and Medium-High.  However if I set it to medium-high and manually change all the settings
to be identical to medium it still doesn't work... yet if I use the "Reset to: Medium" option at the bottom it does work!  This doesn't make any sense to me.
Are there other hidden stetting affected by the "Reset to" option that I can't change manually.
Any help would really be appreciated!  Thanks!

Read other answers
RELEVANCY SCORE 68.8

System: AMD 5000+, 3GB RAM, 3 hard drives with nearly 1TB of total space
internet: 1.5Mb DSL modem and router, Actiontec brand supplied from my ISP.
OS: Win XP Pro 32 bit, SP2 pack, has IE7 installed and all critical updates have been applied
Also using Zone Alarm, AVG Antivitus, AVG Spyware, Spybot S&D, and Ad-Ware. I've also used both Trend Micro and Panda's online scans when I suspect something is preventing AVG from working.

Symptom: using either Firefox or IE7, web pages takes a lot longer to load than usual and when I access a web server that I haven't been to for a while, the browser may time out for no reason yet when I refresh, the page loads quickly. This behavior seems like I'm using an unreliable proxy server and/or broken DNS. This only happens on one PC, the 2 other PC on the same network using the same DSL modem all runs fine so it is defiantly not an issue with my ISP, the DNS, or my DSL modem/router.

Also once in a while (every 3 or 4 days), Internet Explorer starts up and opens about 30 or 40 tabs for no apparent reason. Because of this, I have placed IE on blocked list in Zone Alarm. I do not know what it is loading as I forced IR7 to close before it can start loading and since blocking IE7 from internet access, I get 30 or 40 "pages can't be loaded" but none of them mentions what web site(s) IE7 was trying to load.

Browser's internet setting and Internet Options in control panel are not altered and no proxy server is used. I ... Read more

A:Strange IE7 behavior, possible malware?

Just wanted to add that:
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)

is obsolete or inaccurate, D: is the DVD drive. Has always been there so no idea why it shows up.

Read other 3 answers
RELEVANCY SCORE 68.8

I got the problem like this:

from My Computer , I double click driver C , instead of explore the drive C It show the Search Result window!!! . So if i want to explore my drive C , i got to right click it then choose explore from menu !!!! > Please help me solve my problem .

thank you

A:win explorer Strange behavior !

This fix is for Windows XP Home & ProIn the future please state your Operating System when asking for help.We are going to make some registry edits so be sure to backup the registry.Go to:Start>Run>(type) regeditBackup the registry by: 1 - Highlight My Computer by clicking on it once. 2 - Click File (Windows XP) or Registry (Windows 2000), then Export Registry File. 3 - Select export range All; to ensure your entire registry is backed up completely. 4 - Select where you would like to save this backup, name the File, and Click on the SAVE button.Then:Locate this Key:HKEY_CLASSES_ROOT\Drive\shellRight Click Default (right side)>Click Modify>(type) none in the box>Click OK>Close the Registry Edit>Restart

Read other 3 answers
RELEVANCY SCORE 68.4

I use WinPatrol and recently started getting messages about Windows Automatic Update settings being changed to "Never check for updates".  I ran HijackThis to go through the log and noticed that there were "file missing" messages on a few executables/DLLs from the System32 folder (running Windows 7 Ultimate 64-bit).  One of the supposedly missing files, lsass.exe, has been known to have been used by malware programs in the past, but usually is renamed using a capital i instead of the lowercase L and is run from another directory.  The file itself is not missing, even though HijackThis reports it as missing.  I double-clicked it to run it from the System32 folder and immediately got a popup message from BitDefender that an infection was being cleaned.  I then right-clicked it and asked BitDefender to scan it, it came out clean. I use BitDefender Antivirus Plus 2015 which is up-to-date and I've done a full scan with no infections found. Thoughts or suggestions on my next steps? Thanks!Edit: Topic moved from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

A:Strange behavior, possible malware or virus?

Welcome aboard
 
HJT is a very old tool and especially is not compatible with 64-bit systems. That's why you have so many files listed as missing.
Are there any other issues than Windows updates setting change?

Read other 5 answers
RELEVANCY SCORE 68

I am having a problem with the way Windows Explorer displays one of my folders. The folder is stored under Documents>Personal. The title of the folder is LETTERS. The folder, until a few days ago, contained a subfolder called "Spain". All letters pertaining to Spain were stored in the subfolder; all other letters were stored by themselves in LETTERS. A few days ago I found all letters that were in the Spain subfolder were now combined with all other letters. The subfolder Spain no longer existed. It took me many hours to get this straightened out. For one thing, I could no longer create a new folder within the LETTERS folder. A computer technician I contacted told me that was because the LETTERS folder was READ-ONLY. Unchecking this property didn't help, so I created another dummy folder to transfer all the files in LETTERS to the dummy folder, delete LETTERS and rename the dummy folder as LETTERS. This apparently solved the problem until today: the subfolder Spain is now gone again and all letters are now combined in one folder. Just out of curiosity I brought up the DOS command and looked in USERS...DOCUMENTS>PERSONAL DOCUMENTS>LETTERS. A dir command showed the SPAIN subdirectory plus all the non-SPAIN letters, exactly the way it should be. My question: why doesn't Windows Explorer show the SPAIN subfolder and why does it combine all letters--SPAIN and non-SPAIN--together?

Read other answers
RELEVANCY SCORE 68

For starters, here are the contents of my Hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 4:16:41 PM, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe... Read more

Read other answers
RELEVANCY SCORE 68

For starters, here are the contents of my Hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 4:16:41 PM, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe... Read more

A:Strange IE and Windows Explorer behavior

Read other 6 answers
RELEVANCY SCORE 67.6

Hi there. First post, so here goes: Recently had issues with ahkdsk.exe and found a post here that helped to remove it. Now I have a different program popping into the task list and gobbling up any available CPU: UAanregw.exe. It pops in the task list when new browser windows are opened and occasionally when existing windows are updated. Additionally, web pages have mysterious green links randomly located that point to advertising sites and the like. Even pages displayed on our intranet are affected with these crazy green links. They're embeded in text that should have no links at all. I read and followed the steps on the "new to posting" thread and what follows is the HJT log. I look forward to hearing from someone and am grateful for their help.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:59 AM, on 4/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\system32\cusrvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\lyncusb.exe
C:\PROGRA~1\COMERI~1\NetCfgSv.EXE
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:... Read more

A:Suspected Malware: UAanregw.exe and other strange behavior

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Tempora... Read more

Read other 6 answers
RELEVANCY SCORE 66

Followed steps stated in "Please, Read This Before Posting A Hijackthis Log":

Observations:

Ad-aware: Failed to finish deep scan of C until IE cache was manually deleted. Found numerious items after that. Upon reboot, still finding items in safe mode

Spybot S&D: found many malware items including smitfraud and alexa. Keeps on finding new items in safe mode upon multiple reboots.

CWShredder: found nothing

Installed Avast, updated to latest defs, ran a number of pre-boot scans, found many items, and will post the log in a sepearate post to this thread since it took up to man lines.

Ran Trendmicro Housecall, found a number of adware/malware items, some items unable to clean becuase the "pattern" wasn't able to.

STRANGE OBSERVANCE:

When trying to run panda software scan, Avast on access scanner found a trojan trying to be loaded from the HTTP path of the panda scan. Not sure of what to make of this. I clicked on "abort" within the avast pop-up, and it ended the Panda scan.

Manually Uninstalled the Viewpoints media player and toolbar.

Unable to delete "Temporary Internet files" from Tools>Internet Options> Delete files. I manually deleted the folders after booting into the DOS command prompt.

Other Details:

It looks like there was a failed uninstallation of Norton AV 2004, becuase Avast still detects is when trying to run some "on access" features. Not looking forward to manuall... Read more

A:unable to thouroughly clean LT; tons of malware, strange behavior

Avast Log:

07/02/2006 21:15
Scan of all local drives
File C:\Documents and Settings\Owner\Application Data\m\data.oct is infected by Win32:Beagle-LD [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mue.exe is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Application Data\m\muk.exe is infected by Win32:Beagle-LS [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mzuek.exe is infected by Win32:Beagle-KR [Wrm], Deleted
File C:\Documents and Settings\Owner\Local Settings\Application Data\8af7697e.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\6.dlb is infected by Win32:Small-AJB [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\7.dlb is infected by Win32:Small-AJC [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\4348.tmp is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\980.tmp is infected by Win32:Tiny-O [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\clumpmfl.dll is infected by Win32:Trojano-1165 [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\h91746.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N69M0903NetInstaller.exe is infected by Win32:FakeAlert [Trj], Deleted
File C:\... Read more

Read other 13 answers
RELEVANCY SCORE 65.6

Hello,

I am using a cable model and a linksys router.
I have Vista Home Premium 64 Bit.

Every time I turn on the computer I see the icon that the computer is connected to the network but I don't have internet.

I check the detail and it confirms:
It is connected to the network but not to internet.

I disconnect from the network and connect it again and now it also gets connected to the internet as expected.

The detail of my connection is:
MyHomeNetwork (Private Network)
Access: Local and Internet

I always need to disconnect and connect again my network when I start my computer. And some times when I get problems and I am not able to load web pages I need to do the same.

What is wrong?

Thank You,
Miguel

Read other answers
RELEVANCY SCORE 65.6

I fear that an old PC I recently purchased from a garage sale may have had a virus that spread throughout my network.

First, a little bit of background about this computer. Around December of last year, it was infected by a virus that seemed to be neutralized after some assistance. But within a week, the computer wouldn't even start up anymore, as it would freeze up before even displaying the desktop icons. To my dismay, I found out that the Vista install CD had ran away to some remote area of the downstairs garage, so I installed a copy of Windows Server 2008 I had on hand (I got it for free). Anyways, long story short, it turned out there wasn't an antivirus in the world that would let me install their software without paying money, due to the fact I had a server OS. I wound up installing Microsoft Security Essentials, knowing very well that it was unsupported. But, it was the best I could do for free.

Now, let's fast forward to this weekend.
I had found and purchased a PC for 10 dollars at a garage sale. The owners said that it had been in storage for a long time, but it had some nice goodies that came with it, such as a TV tuner card, and it had Windows XP. So, with great amounts of excitement, I slammed that computer tower onto my desk, plugged it in, and turned it on. It wasn't fast, but it seemed a bit cool, and a bit of a blast to the past after having Windows Vista for the longest time. I then connected it to the Internet. At that moment, I noticed ... Read more

Read other answers
RELEVANCY SCORE 65.6

Okay so I have two files starting in my startup today, Than I had a blue screen ( Do to an unrelated incident ) and had 4, I believe I have 4 malware and am not sure how to go about removing them.I run Comodo Internet Security and Malwarebytes Anti MalwareAt the moment by CIS is blocking all four files, From program and firewall request (By my own will). IT did try to access the internet but I stopped it. People are telling me to Format but I have too much on here to do that.CIS and Malware Bytes dont detect nothing.Below are pictures with properties of both the files, I uploaded them to virusscan and virustotal and it was split on detecting it as malware but I wont post those logs here uless instructed.File names:0E808.exe1CB72.exe9F6B3.exeBAB2D.exeI have included a D.D.S log below, Please help me in figuring out what to do. I seem to notice a slag in performance since I discovered this.

A:Strange malware keeps making strange startup items, Attempt to acces internet, Appear to be Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

Here is what is happening. Sometimes when I word processing or something offline. I get a small dial up prompt that pops up this dial up box does not connect. It is not my usual dial up box that I get when I click the network dial up icon. Here is another thing. The password is long, about twice as long as my usual one. Theres more When I go into explorer under connections the long (wrong) password is there too.

Is this some kind of hijack? If so does anyone have any info, It is bugging the crap out of me

Thanks

A:Strange behavior of internet dialer

http://groups.google.com/group/microsoft.public.windows.inetexplorer.ie6_outlookexpress/browse_thread/thread/68e35cd7c73b2ef5/1f435982e875efa6%231f435982e875efa6?sa=X&oi=groupsr&start=2&num=3

Read other 1 answers
RELEVANCY SCORE 63.6

I know, strange title but let me explain. Recently my I started noticing when outlook receives an email the sound would be garbled. I then notice internet speeds were slow. I usually get 55-60Mbps down and after testing when the garbled new email sound happened I would be down at 4-6Mbps down. I thought this was strange so I tried updating all my drivers however they were all up to date. I then thought it was my on board ethernet on my mobo so I bought an intel pcie card and have been using it since. The problem still occurs. I see no other issues on the computer but the ones listed above. Once I restart my computer everything is back to normal. It usually last 1-2 days before the problem appears again. Anyone have any idea what could be causing this? Thanks in advance for any help.

Read other answers
RELEVANCY SCORE 63.6

Hi,
I'm currently have the issue, that mainly PDF files are handled different ways on each website.

First example: I open a PDF file in our document management system (Intranet), I only can choose to save
the file. If I open the catering menu pdf (Intranet), it opens directly in the IE11.
Seconde example: I search google for any PDF (i.e.
http://www.orimi.com/pdf-test.pdf), it opens within the IE11.
If I open Outlook Webaccess, I only can download the file.
In the past with IE 10, I have been asked to open or to save the file.

Any idea what happened here? IE 11 is configured through GPO.




Thank you for your help!
Regards
Alex

Read other answers
RELEVANCY SCORE 63.2

Since last week, my computer has been experiencing a few strange issues: namely, a couple minutes--anywhere from 5 to 20--after booting it up, the internet connection blows out. This does not happen every time but most times it does. The modem is fine because the internet still works on my laptop perfectly. Also, when this internet shortage takes place, it sometimes takes the computer an incredibly long time to open any programs or to log off and shut down. I've downloaded HiJackThis to help fix the problem, but I have no clue how to analyze it myself. Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:24 PM, on 9/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Playe... Read more

A:Malware suspected to be causing strange problems

BUMP, please

Read other 3 answers
RELEVANCY SCORE 62

Problems occurring:
Random websites popping up in browser - both in chrome and IE, some are ads and some seem like regular business sites.
Cannot run or reinstall Microsoft Security Essentials. Get error code 0x80070643. Ran through ALL of the fixes on Microsoft's support site.
Cannot run Minecraft now
Secure websites (https) not working - some sort of certificate revoked errors on every single site.
What I've done so far -
Rolled computer back a few days
Ran MBAM and got all kinds of PrivacySafeguard and RelevantKnowledge problems which supposedly were fixed.
Ran adwcleaner a few times over the last week and it was originally filled with stuff but now runs pretty clean,.
Ran sfc /scannow with NT Professional installation disk and apparently fixed a few corrupt files which then allowed us to at least get on Chrome and be able to load software
Ran MBAM again
Tried installing Security Essentials several times with different processes running/stopped (selective startup mode). Same error code each time. I ran through all of the suggested fixes to get Security Essentials running: http://windows.microsoft.com/en-us/windows/i-cant-install-microsoft-security-essentials
Ran several other programs suggested on the microsoft forums like the online malware checker and several versions of trojan.siredef malware which was cleaned and removed.
Then ran MBAM full scan again and found some more. Also ran the malwarebytes rootkit tool and deleted a bunch of the siredef files.
Running... Read more

A:Malware and Adware causing all kinds of strange issues despite "removal"

Hello and welcome.. Let's do this and see how it is...Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.Update and rescan with MBAM. Post the new log.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download... Read more

Read other 7 answers
RELEVANCY SCORE 60.8

My computer was recently infected when I visited gamecopyworld.com. I've managed to clean out the infection, but IE is exhibiting some odd behavior ever since.

When I open IE and try to use the address bar to connect to a website, it looks like it's trying to connect, but then it just sits there and doesn't display anything and when I try to close the window I sometimes get the "End Task" dialog. I can open pages stored locally on my hard drive and link to other web pages from there (this is how I got the virus/trojan/etc. removed by using Housecall, turned out to be Vundo), and when I open a new window while IE is already running and displaying a web page, I can then use the address bar to go to a new page. I've downloaded and run several of the programs mentioned in articles I've read on this site:

Malwarebytes' Anti-Malware
SuperAntiSpyware
ATF-cleaner
LSPfix

I cleaned out everything they recommended and I'm still having problems. Firefox seems unaffected.

A:Internet Explorer 6 Odd Behavior

Try these fixes:Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

Read other 3 answers
RELEVANCY SCORE 60

Hi everyone in these forums, Im posting this because I suspect I've got a virus(es) on my desktop computer, I use mainly internet explorer for browsing the web, but recently it started acting a little bit weird, whenever a I try to surf to a website, it appears a window saying that "the navigation to "x" page was canceled (where "x" is any website url) or denied, suddenly the website that was loading doesn't open and a "webpage cannot be found" page appears.

Here are my Specs:

Intel Celeron D 2.8Ghz
256MB of DDR SDRAM
80GB IDE Hard Disk Drive
Microsoft Windows XP Home Edition SP2
Onboard video and audio

Here my HijackThis report :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:56:55 a.m., on 22/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Documents and Settings\Usuario\Datos de programa\bjwW4z8qHWSn.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\Digital Media Reader\shwiconem.exe
C:\Archivos de programa\Alwil Software\Avast5\avastUI.exe
C:\WIND... Read more

A:Internet Explorer weird behavior

bump
 

Read other 1 answers
RELEVANCY SCORE 59.2

Hi. My Internet Explorer just started acting strangely on my Netbook. Sometimes when I click on a link I just get returned to the Google homepage. Sometimes it's a chore trying to even get to the Google homepage because all these different search home pages come up. Sometimes there are advertisements that pop up at seemingly random times. Sometimes I get an error when trying to register on a website.
I may not have an active antivirus program running so that may be an issue. I would also like to check to see  if my Registry has been compromised if possible.
Also I have practically maxed out the drive with too many song files so I probably should remove some of those. The computer is also much slower than it was.  
Thanks.

A:Internet Explorer pop-ups, errors, other curious behavior

Greetings Will and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the... Read more

Read other answers
RELEVANCY SCORE 58.8

I've never posted on a help forum before, so please bear with me.

I have a Dell Studio 1749 laptop, running Windows 7 Home Premium 64bit.


Windows Explorer is not working. That is, Windows Explorer, not Internet Explorer. It seemed like every forum I already checked this confused people. The only way I am able to communicate with you fine folks is to manually run Firefox using the Task Manager interface. Here are the things I have tried, and the things that I am incapable of trying, and why:

1.) I tried booting in safe mode. Windows Explorer still would not work.

2.) I tried booting with only the bare necessities through System Configuration (msconfig) by selecting Diagnostic Startup, but the problem still occurred when I would boot to my desktop.

3.) I tried doing a system restore to 3 days ago, before the problem ever occurred, but it simply didn't seem to take, as some software I installed just last night was still here when it booted. That was a weird one.

4.) I tried rebooting with a chkdsk /r, but I could not get this to work because in order to set that up, you need to be able to run the command prompt with administrative privileges, which I cannot because Windows Explorer is not working. (I feel that maybe there is some secret way to do a chkdsk without needing the command prompt, but I couldn't find instructions anywhere.)

5.) I tried uninstalling the software that I believe to be the culprit, which happens to be Skype. Last night I received some pictu... Read more

A:Windows Explorer (Not Internet Explorer) Causing problems

Download Microsoft Security Essentials and run it to check for any virus'.
Link: Microsoft Security Essentials - Free Antivirus for Windows

Read other 9 answers
RELEVANCY SCORE 58.4

Hi, first of all I'd like to state the fact that I'm an idiot before you have the chance to draw that conclusion on your own. I had downloaded a crack for a program which my antivirus (avira PE) detected as a virus and I chose to run it anyways. A lot of the time it will falsely detect files which are called crack.exe or serialgen.exe etc... and thoguh I was not downloading from a trusted site I took the chance anyways. Needless to say, I made the wrong decision. Here are the log's from running random's system information tool 1.05info.txt logfile of random's system information tool 1.05 2008-12-23 10:46:54======Uninstall list======Acronis?True?Image?Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exeAdobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}Adobe After Effects CS3-->MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3-->Ms... Read more

A:malware possibly causing explorer.exe to crash

Ok I see from responses to threads similar to mine I did what I do best and messed up. Can an admin please move this topic to the appropriate place?

Thank you and Merry Christmas.

Read other 2 answers
RELEVANCY SCORE 58.4

Hi, first of all I'd like to state the fact that I'm an idiot before you have the chance to draw that conclusion on your own. I had downloaded a crack for a program which my antivirus (avira PE) detected as a virus and I chose to run it anyways. A lot of the time it will falsely detect files which are called crack.exe or serialgen.exe etc... and thoguh I was not downloading from a trusted site I took the chance anyways. Needless to say, I made the wrong decision. Here are the log's from running random's system information tool 1.05info.txt logfile of random's system information tool 1.05 2008-12-23 10:46:54======Uninstall list======Acronis True Image Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exeAdobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}Adobe After Effects CS3-->MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3-->MsiExec.exe /I{9C9824D... Read more

A:unidentified malware causing explorer.exe to crash

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/ad... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

My father-in-law downloaded a program yesterday that made a link to a free e-card making website. Since then he restarted his laptop to find that Windows Explorer would crash and then restart. It will continue to do this for a few minutes before it stops loading Explorer. I can manually start it up again through the Task Manager, but it continues its previous actions. The laptop is running Windows XP Pro SP3 and AVG Free as its antivirus. My father-in-law scanned and found 5 infected objects, however he 'healed' them without getting their names. Here is the DDS report:
DDS (Version 1.1.0) - NTFSx86
Run by Spence Gibbs at 13:10:04.70 on Wed 12/24/2008
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV... Read more

A:Unknown virus/malware causing Explorer to crash/restart.

Welcome to BC Sorry for the delayPlease download Malwarebytes Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply with a fresh Hijackthis log too.Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

Read other 1 answers
RELEVANCY SCORE 56

I'm working on a Vista computer for a friend whose grandson had literally almost overloaded it with crap. It was cluttered and running very slowly, with 3 different browsers, and at least 4 different anti-malware scanners in various states of expiration. Internet Explorer would access the internet very slowly, all the while generating frequent error messages pertaining to inability to access proxy servers. I uninstalled out all the extra games, crap-apps, search assistants, extra browsers, and uninstalled all the anti-malware programs, leaving IE8 as the default browser, un-checked the proxy settings and setup the LAN settings at auto-detect. The system began running very cleanly, and began downloading and installing MS updates. At the completion of the update list, including IE9 & SP2, the computer would no longer access the internet in any way, shape, form or fashion, using IE9, Firefox (reinstalled due to failure of IE9). (I backed up the computer thru several restore points, till I had it previous to all the changes I had made, still would not access the internet). The computer will however, continue to detect, download and install MS updates. I can (as administrator at CMD) successfully ping various websites by their ip address. ANY attempt by IE9 or Firefox to access the internet responds with an error message of "Cannot Connect".

I'd like to submit a hijackthis scan for your perusal, to see if there is any possibility of malware infection causi... Read more

Read other answers
RELEVANCY SCORE 56

Several days ago (nearly 10), my computer began acting up for a strange reason. I've been searching for the reason for a good while. I've posted on several forums, but have not gotten a solution.

The problem is that every hour on the hour, all access to websites is blocked. My internet is completely fine. I can access steam, teamspeak, and several other programs, but anything that deals with a website is blocked. No web pages will load on any browser, the steam store page will not open, spotify quits working.

I've run several virus scans with both Avast Antivirus and Malwarebytes, and I had found some DNSChanger Trojans, but quickly disposed of them. Any scans after come out negative.

It finally occurred to me today to check Windows Event Viewer. That is where I found the underlying cause of my problem. Every hour on the hour, I get 4 errors. The first being an application error for svchost.exe_DPS. The other three are for it's services, Base Filtering Engine, Diagnostic Policy Service, and Windows Firewall. The application error states that the faulting module is Esent.dll. This file may have been corrupted, but I am not certain.

More info can be found in my other thread.

The only solution I've found is going into the Services Manager and restarting the three services above. This has worked without fault, but it is not a permanent solution, as I'd have to do this every hour.

A:Possible Malware causing Internet Loss

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 55.6

Hi,

My housemate was using my computer last night and suddenly there were quite a few porn and antivirus software popups. He ran Malbytes to get rid of the virus. This is the log file:Malwarebytes' Anti-Malware 1.38
Database version: 2411
Windows 5.1.2600 Service Pack 2

12/07/2009 1:39:41 PM
mbam-log-2009-07-12 (13-39-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|J:\|)
Objects scanned: 201923
Time elapsed: 48 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 26
Registry Values Infected: 19
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml... Read more

Read other answers
RELEVANCY SCORE 55.6

Hey guys i just want to say you have a great service here, thanks for your time.
Recently my AVG anti-virus found a few viruses which I immediately deleted, since then AVG has been reporting that my System Restore keeps trying to activate a worm of some sort. Sorry i don't have the name off the top of my head, i think it was a worm called "Cryptor"?? Anyway here are my logs, if you could please let me know if anything looks wrong. Thanks again, have a good day.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Rich at 0:38:59.01 on Fri 11/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.833 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WIN... Read more

A:Please Help!! Malware causing MAJOR internet Slowdown

Hi,

Please do the following:

Download Combofix from either of the links below. You must rename it to combafix.exe before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".


Link 1
Link 2

-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------
NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

-----------------------------------------------------------
Double click on the renamed ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we c... Read more

Read other 10 answers
RELEVANCY SCORE 55.6

Hello, you guys have helped me in the past and I'm hoping you can again. I'm having a strange problem with my Internet connection just these past few weeks. When I first turn my PC on, I can't connect at all for about 15 minutes. Then I lose my connection every few seconds for the next 15 minutes. Once my PC has been on for about a half hour, my connection is absolutely fine until I shut down again. If I shut down and immediately restart, my connection is fine so it seems to have something to do with my PC being off for a while. There is no sign of any problem with my modem at all and my modem always shows that the connection is fine. And I never get disconnected after my PC has been on awhile. I'm assuming that this must be a malware problem of some sort. I checked my task manager right after I booted up to see if anything was running that shouldn't be, but I don't see anything unusual. I have run a DDS Log in the hopes that you can find the problem. Any help is greatly appreciated. Thank you.DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Owner at 18:08:43.79 on Wed 02/17/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.257 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Outdated) BOTTOM BUTTONS 3FW: Norton Personal Firewall *enabled* BOTTOM BUTTONS 2============== Running Processes ===============C:\WINDOWS\system32\svchost -k ... Read more

A:Malware Causing Internet Connection Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 23 answers
RELEVANCY SCORE 55.2

So I have a computer that has internet explorer windows poping up all the time. I cannot for the life of me find out what's causing it, and I've tried about 5 different spyware programs.

Is there a piece of software that monitors the computer so I can see what program is trying to start another program? Something that monitors internet explorer so I can boot in safe mode and delete the malious file?
 

A:Internet Explorer Pop-Ups: Best way to find out what program is causing them?

Read other 6 answers
RELEVANCY SCORE 55.2

Heya,
I'll try to be as detailed as I can but if I miss anything important just let me know.

I'm running Windows 7 Home Premium x64 on a HP DV7-6108TX specs are;CPU: Intel Core i7 2630QM @ 2GHz
RAM: 8GB 1600MHz
Graphics: AMD Radeon HD 6770M

The problem I'm encountering is blue screens caused by what seems to be some kind of incompatibility between IE and the intel graphics driver. I'm getting PAGE_FAULT_IN_NONPAGED_AREA blue screens, faulting module is igdpmd64.sys. At first I assumed it was RAM, so I tested some new RAM with the same specs and some old 4GB 1600MHz RAM that I know was working fine and ran into the same problem. I also tried reinstalling both the base graphics driver and Radeon graphics driver from scratch to eliminate that as a possiblity.

With some reading it seems the DV line has a problem with a windows update that was causing this issue that is related to IE10. This particular update isn't installed so it led me to test IE11 as the cause. I stress tested the computer with multiple IE windows open and the BSOD would occur generally within 3 hours (tested 5 times), sometimes quickly sometimes toward the end of the period. Next I tried running the same stress test with multiple Chrome windows, the laptop ran fine for 18 hours straight, upon opening IE it crashed almost instantly.

I want to try reverting IE to IE9 just to avoid programs that use IE as a background process (such as Skype) from causing the BSOD. I've tried all the typical things for... Read more

A:Uninstalling Internet Explorer 11 as it's causing BSOD

Hi and welcome to SevenForums,
Please read this carefully and upload the required information,
Blue Screen of Death (BSOD) Posting Instructions
Also post which security suites you use and any third party cleaners have been used and installed/ prior security suites...
Cheers.

Read other 1 answers
RELEVANCY SCORE 55.2

Hello first time here. I went to the microsoft website and the download.com and they suggested hijack this and send a scan to you. I hope someone can help. I was getting a message on my sreen that said: a script on this page is causing internet explorer to run slowly. may cause your computer to becom unresponsive.
Here is the log file, I would greatly appreciate any help. Thanks in advance,

Dan
 

A:Script on this page is causing internet explorer

nobody sees anything??
 

Read other 1 answers
RELEVANCY SCORE 55.2

I have recently had an issue with DLP.dll that now prevents me from wirelessly accessing my router and the internet as IE doesn't load any pages...

Below are the logs from Hijack this if someone could please assist i'd be very grateful:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:14, on 2007-09-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\D... Read more

Read other answers
RELEVANCY SCORE 55.2

Hello, and thank you for your time. I think it all started with a virus that i have cleared up with help in the virus forum. I was directed here.

For some reason IE8 will open and then shut down with no error code. Just says an error occured and it shuts down.

When I try to run Malwarebytes program, it says error occured (Error Code CocreateInstance failed;code 0x80040154. Class not registered) as well as (run time error '372' Failed to load .control 'WebBrowser' from ieframe.dll May be outdated Make sure you're using the version of the control that was provided with your application)
I can get this program to run only if I use the downloaded .exe file for it. I have updated, and it still does not work.When i try to delete program from Add/delete programs it says this program is not installed, do i want to delete it from the list.

I can not uninstall IE8 from the add/delete in control panel as there is no option. When I try to install so it can update, it freezes. It does say that if i choose to install IE8, it can not be deleted because a Windows service pack was installed previously to my latest version.

If I go into c:\windows\ie i am able to open internet explorer but it looks like an older version that runs extremely slow.

any help you could provide would be greatly appreciated.

I am using a Fugitsu Lifebook series P1620

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Owner at 15:44:05 on 2013-01-14
Microsoft Wi... Read more

A:Ieframe.dll causing Internet explorer not to work??

We can remove IE 8 manuallyGo toC:\program files\Internet explorer folderDelete all the files and folders.Ignore if you receive warning messages.Browse to Connection wizard folder and manually remove the left over files.Ignore the files that gives access denied errorsRestart the PC,Download IE 8 from herehttp://download.microsoft.com/download/C/C/0/CC0BD555-33DD-411E-936B-73AC6F95AE11/IE8-WindowsXP-x86-ENU.exeInstall it,restart the PC and internet explorer should work now but that will not help solve the malwarebytes problem.I'm sorry to say but I'm facing this issue on lot of customer PC's(only XP systems) with no actual fix.I have uninstalled IE 8 and this happens on IE 7 too.MBAM uninstaller,clean boot,reinstalling visual basic,creating test account,sfc /scannow,windows updates nothing has helped.I'm thinking of contacting malwarebytes tech team and see if they have a fix.See if this tool helps DownloadWindows repair toolExtract and launch the Repair_Windows.exe fileClick on Start repairs tab-click on Start check mark following options aloneReset registry permissionsreset file permissionsRegister system filesRepair Windows Firewall.Remove Policies Set By InfectionsRepair Winsock & DNS CacheCheckmark Restart System When Finished optionclick the Start button System should restart after repairTry installing malwarebytes now.

Read other 44 answers
RELEVANCY SCORE 54.8

I've reset my router, adapter, etc. Other devices in my household are working fine with great connection except my PC. I'm currently posting from my laptop because my computer is barely able to connect to the internet. I did a google search online and found out it could possibly be a Virus or Malware. So I decided to post here and find out.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Mitch (administrator) on MITCH-PC (19-08-2016 23:29:23)
Running from J:\SPACE AIDS
Loaded Profiles: Mitch (Available Profiles: Mitch)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corpor... Read more

Read other answers
RELEVANCY SCORE 54.8

I'm experiencing general slowdown and occasional page hijacking, as well as progressively worse Internet connection problems. The Internet connection problem is my main concern as it is difficult for me to establish a connection and then once I do I'm often kicked off, sometimes as frequently as every 2 minutes. I also constantly get the message "Local Area Connection: A network cable is unplugged", but this does not necessarily correspond to the times that I've been kicked off and I've checked my physical connection and my modem and there doesn't seem to be a problem. I've run Malwarebytes and no problem was discovered. Any help would be appreciated. Please see my DDS and Gmer logs below:DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Owner at 12:22:08.34 on Mon 04/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.268 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exec:\Program Files\Common Files&... Read more

A:Malware Causing Slowdown and Possible Internet Connection Problems

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 15 answers
RELEVANCY SCORE 54.4

Best Solution:
Go To <http://support.microsoft.com/kb/175500> - for auto or self help fix - Click On AutoFix (FixIt)
You will get a downlaod called MicrosoftFixIt50403.msi
Run The Download
 

A:A script on this page is causing Internet Explorer to run slowly

Nice, but truly only applicable to IE (aka running ActiveX scripts).
 

Read other 1 answers
RELEVANCY SCORE 54.4

Hi,

I am running Windows 98. I downloaded a trojan, the one that puts system32.exe in C:\Windows\System. It kept trying to access the Internet but myMcafee Firewall picked it up and blocked it.

I downloaded instructions on how to remove the trojan which told me to delete the system32.exe file, and delete the corresponding value in the registry of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. I have checked and the ensured "shell=Explorer.exe" is in my system.ini file.

Except that now, when I run Internet Explorer, and I right-click a link and select "Open in New Window", a new window does open, but the contents do not load. The Internet Explorer globe in the top right hand corner keeps spinning but the pages does not load.

Can anyone help me to fix this problem? I would be most grateful.

Kind regards,
ducky303
 

A:system32.exe trojan causing problems with Internet Explorer

why would you download a trojan on purpose?
 

Read other 2 answers
RELEVANCY SCORE 54.4

I keep getting this message A script on this page is causing Internet Explorer to run slowly if it continues to run, your computer might become unresponsive. I went to Internet then to tools then advance and removed the one they said and put on the one they said to but it keeps popping up

A:how to fix a script on this page is causing Internet Explorer to run slowly

Is it on only the one site or does it occur on others?

Read other 3 answers
RELEVANCY SCORE 54.4

My desktop computer, running Windows XP, was recently infected with what I believe was the WindowsRecovery virus. I have run Malwarebytes a couple of times and gotten part of the virus. I also ran Unhide.exe to where part of my computer has returned to normal. However, I'm now having issues with random ads and music playing in the background with nothing open. I also notice that Internet Explorer will not let me go to any web sites. I automatically get redirected to different kinds of advertising web sites. Needless to say, I've still got multiple bad things going on here. Needing some help in trying to address this. I'll be running through the initial instructions provided on this web site until I receive a response. ThanksPlease follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Here's what I've got:DDS Log:.DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by User at 16:00:44.42 on F... Read more

A:Remove Malware causing internet issues and random ad sounds

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 54

Big problems with multiple pdf windows. I've done a ton of research, and I'm ready to...well...not happy.

We've got a ColdFusion Intranet system at an insurance company which generates and automatically pops up relevant pdf's when a policy is issued. These pdf's are populated by CF, then popped using generic window.open() JS.

The problem is sporadic and unpredictable. When the windows start popping up, sometimes one becomes blank and it's address is one of the fdf's or coldfusion templates. In addition, the address is a valid address for a pdf that has been correctly created and diplayed in its own window! (The http address shouldn't 'jump' windows, should it?)

So, if I can be clear, then an example would look something like this:

1. Template 'policy.cfm' is called
2. Two windows are opened:
- window.open("attachment1.pdf"…
- window.open("create_attachment2.cfm"…
3. create_attachment2.cfm calls and populates attachment2.fdf to create attachment2.pdf
4. Same window uses a window.location.href to display attachment2.pdf.
5. Poof…attachment2.pdf displays correctly BUT
6. SOMETIMES the window containing attachment1.pdf is blank and the address is EITHER create_attachment2.cfm OR attachment2.fdf.

My head hurts. There is no consistency to the error - it happens about 50% of the time. I can't find anything remotely on point dealing with this issue.

System:
Win2K server
IE 6.0
Acrobat Writer... Read more

Read other answers
RELEVANCY SCORE 54

So I am having a very weird issue with Windows 7 Ultimate 64-bit..

If I open Safari 4 or Internet Explorer, the taskbar crashes (if I leave the window open or minimize it, however it doesn't crash if I close it completely).. and then I hit CTRL+ALT+DELETE and the taskmanager also crashes and I have to log off then back on or restart completely.

However, if I use the 64-bit version of Internet Explorer, this doesn't happen. It is ONLY happening with Internet browsers as I have checked with other applications.

I have't installed anything I believe to cause this.. And I have no system restore points to restore too

What shall I do? I can't reinstall, unless 100% necessary as it will take me days to get all this working like it used too..

Thanks for any possible help,
Matthew.
 

A:32 bit internet browsers causing windows 7 64bit explorer to crash..

Read other 16 answers