Tech Problem Aggregator

A Warning About HIJACKTHIS From The Merijn Site

Q: A Warning About HIJACKTHIS From The Merijn Site

Here it is straight from here:

---------------------------------------------------------------

News and Updates

April22, 2005:

Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. I have contacted them about this and received no reply (how surprising). Google can't do much about it since there is no copyright being breached. We'll see where this goes.
In the meantime, if you want to download any of my programs, the official domain is and always will be www.merijn.org.

---------------------------------------------------------------

Don't get suckered into downloading and installing what you think is the real HIJACKTHIS.

More replies
Answer Match 75.18%

This came from Merijn's web site.

Quote:
merijn

April22, 2005:
Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. I have contacted them about this and received no reply (how surprising). Google can't do much about it since there is no copyright being breached. We'll see where this goes.
In the meantime, if you want to download any of my programs, the official domain is and always will be »www.merijn.org/
--
Official Member of the ASAP

Wilder's Security Forum Admin
 

A:Merijn Warning! Please Read

11 more replies
Answer Match 73.92%

If this has been posted already I apologize.

If you have been having trouble trying to update HijackThis or reaching Merijn's site as I have here is an alternate link.

http://www.richardthelionhearted.com/?url=merijn.richardthelionhearted.com
 

A:Merijn's Mirror Site

9 more replies
Answer Match 66.78%

At the moment my winME computer is in Safemode. Before I saw some note it was not a good idea to do so, I deleted some of the dubious "yazzle" files. The Question I have is should I delete anymore files or delete any registry entries before normal booting and obtaining and using uptodate HiJackThis? Our XP computer is connected but not while winME is in safemode. The floppy on the XP is dead. The CD burner is on the winME.
So I can't download / transfer HiJackThis tools to the winME unless I boot normally. Whats the best way to go now?

The facts, just the facts...

My winME system is infected. I had used it alot in the mid afternoon of Monday 7/30 messing with Office2000 Excel and FrontPage. It ran decently. Daughter's family arrived about 4 PM. Grandson needed a computer to do homework. I was not aware of any problems until Tuesday 7/31 about 8 AM. I went to use the computer and found it was extremely slow. I have watched this system respond to varying loads with the system monitor tools off and on for several years. I checked the status bar to see what it showed in the way of running apps and did a control-alt-delete to see what that showed.

There were several strange occurrences. At some point, probably the next reboot but may before, when ZoneAlarm notifies me via an unexpected request to go on to the Internet. The stack as I call it, showed 6 mshta processes plus the stuff seen on the taskbar plus what I'm accustomed to seeing and identi... Read more

More replies
Answer Match 66.36%

BugOff! (from Merijn, creator of HiJackTHis, CWShredder, and more):

A new app is available for download: BugOff. This disables a few exploits that are commonly used by browser hijackers to install themselves onto your system. In essence, it prevents such hijackers from ever installing, like SpywareBlaster.Click to expand...

http://www.spywareinfo.com/~merijn/files/bugoff.zip
Or
http://radiosplace.com/
This is for IE user.

It is just the one file so make a folder for it like you do for hijackthis.
 

A:BugOff! (from Merijn, creator of HiJackTHis, CWShredder, and more):

bump so you can see this.
 

1 more replies
Answer Match 52.08%

Have free avg.

Maybe this is a coincidence, seeing that they released a new version.

Last two days I've been receiving warnings about almost every site I've been to (very boring, no games, nothing weird or sexy, just my yahoo groups and medical billing sites).

There is always a link to buy paid for version.

This is the first notice:
Results
Danger: AVG Search-Shield has detected active threats on this page and has blocked access for your protection.
The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

IP Address: 76.13.222.11

For additional information click here.

Suggestions:

* Click the “Back” button on your browser to return to the previous page and choose another link (recommended).
* If you would like to ignore the warning and continue to the page, click here (not recommended) Note: AVG will continue to block dangerous content associated with this page.

Link leads to this: New AVG LinkScanner technology

AVG's patent pending technology stops threats before they get onto your PC by scanning Web sites and downloads in real time before you open them.

LinkScanner includes:

* Search-Shield - It scans Google... Read more

A:AVG warning about almost every site...

6 more replies
Answer Match 51.24%

Hello guys,
 
Maybe you can help us more then others. Since 16-08 (more then a week), Google has indexed our website with Malware . regardind that, we have ask to our hoster (wpwebhost.com) to check on their side and all was clean, we also check our side in local after a full download and Antivirus said OK .
 
We wen to :
Sucuri.net (https://sitecheck.sucuri.net/results/www.planet-sansfil.com) OK
SparkTrust: (http://www.sparktrust.com/wp-content/themes/sparktrust-theme/scanresults.php?host_name=http://www.planet-sansfil.com) OK.
 
But for unknown reason still not OK for Google.
 
Message was still infected malware without more informations about it from Google pages analysis.
 
We went to webmaster google forums, and due to answers we delete all advertising ( Amazon compare and Google Ads) but still NOK..
 
Wordpress site UPDATED, PLUGIN UPDATED...
 
The 21-08 we receive an email from Google that say :
 
http://www.planet-sansfil.com/: No malware detected
21 août 2015

Congratulations! Google has received and processed your malware review request. We did not detect any malware on your site.
As a result, we're removing the malware warning from your site. This may take some time to happen. (You can check the status of your malware review at any time using Webmaster Tools.)
To keep your site safe, we recommend the following:
Ensure you've enabled message forwarding in Webmaster Tools. This will ensure that you get notified str... Read more

More replies
Answer Match 51.24%

Hello!
i`m currently using IE, but have decided to switch to mozilla firefox, therefore tried to dl a few add-ons, but got the following msg:
sessionsaver_.2-0.2.1.031-fx+mz.xpi
Corrupted archive - wrong original size
i`m puzzled, and don`t know what to do...fact is i doubt there`d be a virus, it`s the official page, that is
https://addons.mozilla.org/firefox/436/
on the other hand, i`ve learnt to trust my AVG pro! the file is no vaulted of course, but i would like to get experienced advice on what to do next...(P III, SP2 & ZoneAlarm, AVG, Spyware Doctor)
Thank You!
 

More replies
Answer Match 51.24%

Hi

I visited a web site last night to check if the address had already been taken.

When I arrived at the site I got a pop-up saying I had been hacked and then got a warning from Avira in the mozilla cache folder. I selected the option to deny access.

The offending site's address: hxxp://nexus.webs.com (if I am not allowed to post the address, I'll edit the post) - is there a way for someone here to please tell me what exactly the website did to my computer?

Did it install a keylogger on my computer? I'm on a different computer at the moment just to be safe.

Mozilla Firefox
Windows Vista
Avira

Thank you

A:I visited a web site and got a warning from Avira.

Hello, the first thing to do is Update your Avira and run a Safe Mode scan. You can post the log here for review.How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Next:Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert ... Read more

7 more replies
Answer Match 51.24%

Upon running the Clean-Up fix as told to, I now have a system that has been completely taken over
by some one who has name themselves Owner-Operator......and I am denied complete access to open
a single program......I want to warn everybody on this site, it is my belief that these are the writers
of malware such as Spy-Sheriff and other false-fixes like Clean-up and if there is anybody who knows any
different, I sure would like to hear about it.

A:Warning: This Site Gives False Info.......

Maxx,What "Clean-Up fix" did you run? Since you only have 1 post, then I find it unlikely anyone told you to do anything to your system. If you tried to do a fix by yourself then you may have made a mistake which resulted in system problems.This site is full of dedicated volunteers who help salvage people's computers from the brink of unusability....out of sheer kindness I might add. This site has provided comfort and relief to countless frustrated PC users and your remarks about this site are unwarranted.If you have a legitimite problem that is related to self-help material on this site then please describe what you did, provide a link to the info you used for the fix, and we will help you get your computer back to normal.If you are on this forum with malicious intent, then please leave.Regards,

84 more replies
Answer Match 51.24%

This ones has me baffled. I keep getting an active X promt stating that the page wont display properly. This Only happens on the Yahoo News page and NO where else. been going on for about a week now.

My security settings are where they need to be. Any Ideas?

Thanks---Rick
 

A:Active X Warning on one page site only--why?

12 more replies
Answer Match 51.24%

This message appears when i login at yahoo to check my mail:

"This page provides potentially unsafe information to an ActiveX control. Your current security settings prohit running controls in the manner. As a result, this page may not display correctly."

I have not intentionally downloaded any ActiveX controls. Where would it be, how do i eliminate it?

The message reappears with every click of the mouse. You can continue on by clicking ok.
 

A:[SOLVED] warning at Yahoo site

12 more replies
Answer Match 50.4%

Hi,

I need your help. My website "http://www.how-to-manifest-your-desires.com/" is listed by Google as a dangerous site that may harm your computer. The problem is that I don't know how to fix the problem. I have looked through the code to see any suspicious code but cannot see anything suspicious.

I'd appreciate if someone perhaps has experience with this sort of thing. See warning message below!

Thanks,
Jimmy

---------------------------

Warning - visiting this web site may harm your computer!
Suggestions:
Return to the previous page and pick another result.
Try another search to find what you're looking for.
Or you can continue to http://www.how-to-manifest-your-desires.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Advisory provided by GOOGLE
 

More replies
Answer Match 50.4%

Hey all Iam tryinng to fix my parents computer. They keep getting "warning visiting this site may harm your computer" when in I.E. I understand this is Malware but shouldnt of Norton 360 have caught this?Anywayz here's the HiJack this LOG, Iam also trying to learn so If someone can explain what iam looking for in this log?Here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:07 AM, on 7/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Expl... Read more

A:warning visiting this site may harm your computer

Here is the DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 10:49:09.23 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.996 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vVX... Read more

3 more replies
Answer Match 50.4%

-----------Announcement
Site:    bleepingcomputer.com
Server software:    cloudflare-nginx
Was vulnerable:     Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate:    Now Safe (created 3 months ago at Apr 15 21:52:53 2014 GMT)Assessment:    Change your password on this site if your last password change was more than 3 months ago

A:Warning Change your password on this site ,if than 3 months ago

This site does not use SSL therefore this site was never affected by heartbleed.

1 more replies
Answer Match 50.4%

after i restarted my computer everything looked to be fine until i went on to craigslist and all of the sudden this malwareweblink.com (http://malwareweblist.com/block.php?id=2036-2&url=http://vancouver.en.craigslist.org/forums/?act=Q&ID=144014843)

took over the screen and says my computer is at risk and it gives me two options

continue unprotected or get security software

i am running avg for firwall spyware and antivirus. this doesnt only happen with only craigslist it happens with almost every website i go to. not every time either but 50% of the time.

if i click continue unprotected it goes back to the website i was previously at but then pops up again. so i tried to click get security software and it takes me to a website to purchase antivir antivirus (http://malwareweblist.com/1/?id=2036-2)

so i belive this is a virus or somthing so if anyone can help me with this problem would be great thank you

please see the attachments as well

A:Warning! Visiting this site may harm your computer!

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 49.98%

This problem has been very persistent and whatever I do I can't seem to get rid of it! I've included screen shots below. The jist of this is whenever I go to a website (doens't really matter which one) i get those errors! I am running Windows XP Service Pack 2. If you would like more information just ask.http://i16.photobucket.com/albums/b40/boog...galz92/wth2.jpghttp://i16.photobucket.com/albums/b40/boogaboogalz92/wth.jpgI'm guessing it's the same problem as this guy had... http://www.bleepingcomputer.com/forums/t/167891/what-if-i-dont-want-to-buy-their-anti-spyware/Stating that, I've already done what the guy said in post number 2 (with the Malwarebytes' Anti-Malware program) Here's my log:Malwarebytes' Anti-Malware 1.28Database version: 1166Windows 5.1.2600 Service Pack 22008-09-17 20:14:11mbam-log-2008-09-17 (20-14-11).txtScan type: Quick ScanObjects scanned: 47395Time elapsed: 3 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{7221E2B7-FFBF-337E-7121-006F0D253BCC} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKE... Read more

A:Warning! Your Pc Possible Infected Due To Visiting Exploited (hacked) Site...

Hi, you know it's bogus when you see the grammar they used in link two.Warning! You infected by this siteOk good did you do the needed reboot? If not do that. Then check for an update to MBam,rescan and post another log.

12 more replies
Answer Match 49.98%

I recently tried to enter the Cunnard Criuse Line site by doing a Google search for "Cunnard" and picking the official Cunnard Line from the search results. I have previously done this many times without any problems but today a popup from Google came up warning me that the site represented a security threat.
Has anyone sen anything like this before?
It would seem that either the Cunnard Line site has been infected and the warning is real or someone has hacked the Google site to give a false warning.
Any ideas or news on this topic?
Thanks
 

A:Google Warning for Cunnard Criuse Line Site

Hi,
Have you verified the spelling? "Cunard" or "Cunnard" as per your post?

Richard.
 

3 more replies
Answer Match 49.98%

A fake Customs and Excise email is going around asking you to download a file. Something to do with tax credits i think

Warning this is a phishing site as confirmed by HM customs and Excise only 10mins before posting this thread

Pressing download may result in page 'expired message'
 

A:WARNING Fake Customs and Excise phishing site

Cheers Triplex

I have WOT installed on PC and Laptop, its pretty good at picking out these scamming sites

http://www.mywot.com/

 

3 more replies
Answer Match 49.98%

Hi,

I recently had a wordpress blog set up as my website for my coaching business. When I went to use it, 2 different people (that told me anyway-who knows how much other traffic didn't stop or tell me) emailed me that they got virus warnings about my website. I have Norton on my computer and it hasn't alerted me to anything in my files. About that time, it expired, I had to remove it and then download the new one. I put Norton 360 on it.

My scans don't show anything.

Does that mean that it is on the server that hosts my website? It has halted my business and marketing because I don't know if my site is harmful.

One of the guys sent me screenshots that I attached to you in a Word doc. I don't see it now but I hope it is attached.

Here are 2 of the warnings:

HEUR:Trojan.Script.IFramer
http://peaceofsuccess.com/favicon.ico, containing Trojan programTrojan.JS.Agent.wh

I have Vista on an hp pavilion media center pc m8020n

I have no idea what to do about this and when I searched, this website came up.

I'm feeling pretty desperate to get this fixed. Can you help me or direct me to help?

Thank you.
 

A:Website visitors get virus warning and don't visit my site

I don't know if you need information about my website or a hijackthis log but I will add it.

My website is http://www.PeaceOfSuccess.com I do not get any warnings myself but my computer does seem to be much slower than it used to. My website pages also take a long time to load sometimes.

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:55 AM, on 4/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wm... Read more

2 more replies
Answer Match 49.98%

What happened to merijn.org?
I can't pull up his site.
 

A:merijn.org down?

DOS attack , do a search on the boards . Some of the hjt log readers posted links of their own .
 

2 more replies
Answer Match 49.56%

Hi there,
 
I switched on my computer today and I can't get onto the internet. Every time I run Explorer (my home page is set to Google), a pop up from Avast says that it has blocked the site because it is a malicious URL. I guess that I've probably picked up some virus/trojan, but I have no idea how to start to get rid of it. I have temporarrily disabled Avast so I can get onto the Internet.
 
Any help would be genuinely appreciated,

A:Avast keeps popping up with Malicious site URL warning every time I run Explorer

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST.Don´t change one of the checkboxes and hit Scan.Logfiles are created on your desktop.Poste the FRST.txt and (after the first s... Read more

48 more replies
Answer Match 49.56%

I downloaded a re-direct anti-virus program.
I was able to kill it with RKill, but there are still some lingering issues going on.
When I try to connect to the internet via Google.com I get this message "Internet Explorer Warning - visiting this web site may harm your computer!"
I have run Malwarebytes and Microsoft Security Essentials.
They have removed numerous Trojans etc, but I still get the Internet Explorer Warning - visiting this web site may harm your computer!
When I tried running HIJackThis, I get a message "For some reason system denied write access to the Hosts file...."

Any clue how bad it really is?

Thanks,

Gilly68

A:Internet Explorer Warning - visiting this web site may harm your computer!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Answer Match 49.56%

I have an infected laptop running XP Pro SP3. It had Spyware Protect 2009 on it but I was able to stop the sysguard.exe process and delete sysguard.exe from the Windows subdirectory and from the HKEY_CURRENT_USER\....\Run registry hive. There is still at least one other major problem. IE 7 is redirected to display "internet explorer warning visiting this web site may harm your computer" most of the time. I can get to google sometimes and even search something but when I try to follow a link - I get the redirection message. It also prevents me from running a system restore and most of the scanning software such as malwarebytes, SDfix and several others. I was able to run HijackThis but when I tried to post the report, it redirected me again so I saved the log file to a thumbdrive and logged onto an uninfected computer to post this.

I'm attaching the log file.
 hijackthis.log   10.75KB
  9 downloads

I've heard great things about this forum. Thanks for your help in advance.

A:internet explorer warning visiting this web site may harm your computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Answer Match 49.56%

Any time I try to access the internet I get " Internet Explorer Warning - visiting this web page may harm your computer".
I can't access the internet from that computer.

If I try to run any programs I get "Security Warning - Application cannot be executed. The file is infected. Do you want to activate your antivirus now?"

Can you guys help?

Thanks
Tim

A:Internet Explorer Warning - visiting web site may harm your computer

Never mind fellas... I fixed it myself!

Thanks anyways!!

1 more replies
Answer Match 49.14%

Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. I have contacted them about this and received no reply (how surprising). Google can't do much about it since there is no copyright being breached. We'll see where this goes.In the meantime, if you want to download any of my programs, the official domain is and always will be www.merijn.org.Follow this DSLR thread

A:Announcement From Merijn

Maybe we create our own google ad with a higher bid price basically calling the other a lie and redirecting to merijn.

May get expensive though, upwards to 50 cents a click

1 more replies
Answer Match 49.14%

DDS (Ver_09-01-19.01) - NTFSx86
Run by admin at 10:14:58.43 on Sat 01/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.27 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.ex... Read more

A:Google displays results with the warning message "this site may harm your computer"

http://securityblog.verizonbusiness.com/20...-google-search/The search engine giant Google was suffering from what appears to be a self-inflicted denial of service this morning.It is over and you should be ok. It you are still having problems, let us know and I'll put this log back into the HJT queue.

2 more replies
Answer Match 48.72%

Merijn has posted here

http://forums.net-integration.net/index.php?showtopic=10803&st=165&#entry55862

Copy of post
------------------------
Guys, it seems the DDoS attack will be going on for awhile. We're doing everything we can to get things working again, but since the zombie bots just resolve domains and target the resulting IPs, changing servers won't help much.

We need samples of this zombie bot. Be on the lookout for users with zombie-like problems! If users come to help forums saying their firewall is logging numerous connection attempts to SWI, TC or Merijn.org, take their machines apart and try to get a copy of the dos bot. Only that might allow us to actually stop the attack, instead of continuously dodging it.

Thanks for all your support!
 

A:Merijn.org/swi & ddos attacks

Bump
 

2 more replies
Answer Match 48.72%

I didn't find this in Search, so I apologize if it has already been posted.

Essentially, everything you wanted to know about what is starting, but were afraid to ask!

"The new version shows a ton of new autostart locations in a nice treeview, along with help text for each section. The right-click menu of each item offers options to show the file or Registry key, or copy the information to the clipboard.
A very special thanks to TonyKlein for his Collection of Autostart Locations, and Andrew 'SilentRunners' Aronoff's list of launch points.

Note that this new version requires the MSCOMCTL.OCX file, which is available from SpywareInfo here. "Click to expand...

http://www.spywareinfo.com/~merijn/
 

A:Merijn - StartupList v2 Released

Have to agree with Merijn ... it is WAY better than MSCONFIG.

http://www.spywareinfo.com/~merijn/downloads.html
 

2 more replies
Answer Match 48.72%

I cannot access any websites to get CWshredder. Any one offer any help? I get not found or no access.
 

A:http:/www.spywareinfo.com/~merijn/

merlins site was taken down by a DDOS (distrubuted denial of service) attack. I assume since so many requests were sent to the site it also killed the bandwidth that merlin is allowed thru the main site. Thus until next month i don't think it'll be back.

use google and do a search. Also have you tried majorgeeks.com?
 

2 more replies
Answer Match 48.72%

I have been looking all over merijn.org for an article about using a mini version of Linux OS simultaneously with windows to block viruses. The Linux OS is used as a filter while browsing the internet That way if you get a virus it is on the Linux OS and you can just delete Linux and reload it.

Does this sound familiar? Have you also seen this article?

It sounded like it would effectively block 99.9% of the viruses that would otherwise get on your computer. I do not know what to do now because I cannot find it.
 

A:I can't find an article that was on merijn.org

bump
 

2 more replies
Answer Match 48.72%

click here
 

A:Merijn creates new program

13 more replies
Answer Match 48.3%

say, I asked this the other day, but I'll ask again. Is there a problem with spywareinfo.com & merijn's sites? The info I received the other day gave me a different link to get there, which worked; now however, I can't get to these sites to download CWS or HiJack This. This is on all three computers on my network(two are 98, one is XP) with all the latest patches, router plus software firewall on each, & no spyware showing up. Maybe the servers are just overloaded with traffic? I'd really like to know; DOES anyone know? Can anyone else get to those sites no problem? I tried clicking on the links in the Sticky at the top of the security forum, and still couldn't get there. Thanks in advance.
 

A:Can't reach Merijn sites again...on all 3 comps!!!

16 more replies
Answer Match 45.78%

I've looked at the other threads on the EVP warning and removed what I have gleaned from them, but still have it and this is my current HijackThis log. Any help greatly appreciated.

Logfile of HijackThis v1.96.4
Scan saved at 10:40:58 AM, on 10/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Promon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
C:\Program Files\Hands... Read more

A:EVP warning HiJackThis log

Hi Fulham.............does it look like this?
http://forums.techguy.org/attachment.php?postid=1155368

The offending file needs to be removed from the system32 folder.
There is nothing showing in tour logfile.
Fix this with H/T
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/05f99a8011e7b0...tzip/RdxIE2.cab
 

3 more replies
Answer Match 45.78%

whoever out there may be willing to help, here's a big 'thank you' beforehand. This is my hijackthis log:
______________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 12:26:13 PM, on 4/9/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALONEMESSAGECENTER.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\GAH95ON6.EXE
C:\WINDOWS\SYSTEM32\SVCNUT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLOR... Read more

A:Please help me with my hijackthis log (401 MPV Warning)

7 more replies
Answer Match 45.36%

Hi
I have very limited knowledge on this subject.

I've now got sygate firewall, AVG, spybot, adware, & spyblaster and have cleaned up my PC after getting infected.
All runs OK but for a desktop hijack by 'windows warning - you have spyware' paragraph on blue background. I can cancel it for about 10 minutes.
I've run HijackThis and read through the log using the guide on bleepingcomputer.com.
Would very much appreciate help to rid my PC of the desktop take-over. I thought that the following two may need to be removed/disabled at least.

E:\WINDOWS\System32\devcpp.exe
and
E:\WINDOWS\System32\winamp.exe

Thanks

Logfile of HijackThis BOLVERS v1.99.0
Scan saved at 19:15:06, on 27/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\winamp.exe
E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\WINDOWS\... Read more

A:desktop warning & hijackthis log

Please run these two online scans. Make sure they are set to clean automatically:http://housecall.trendmicro.com/http://www.pandasoftware.com/activescan/co...n_principal.htmIf there are files that can not be removed by the scans please include that information in your next post.Check for updates with AVG and install any updates that are found.Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsReboot your computer into Safe ModeRun a full scan with AVG.Reboot back to normal mode and post a new hijackthis log and the results of the virus scans.

1 more replies
Answer Match 45.36%

I get an warning every minute from Spywareguard that something wants to change Internet settings, look at the screen:
http://members.lycos.nl/clanart/untitled124.JPG

I have run every anti-spyware program including CWSchredder, here's my log:

Logfile of HijackThis v1.98.2
Scan saved at 15:44:08, on 26-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\addil32.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\addil32.exe
D:\[01] Apps\D-Tools\daemon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\netsi.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\[01] Apps\C... Read more

A:Help plz! warning every minute! Hijackthis log

Bizza, you have a variant of the about:blank virus/trojan.

Here's flrman's recent posting on the subject--

http://forums.techguy.org/t246140.html

See if you can work your way through it. If you have troubles, do ask for help.

Good luck.
 

1 more replies
Answer Match 44.94%

OK, I know a lot of people have had a problem with this one.
ANY site I go to redirects to this "Internet Explorer Warning" page and tells me to buy their software. Obviously, I wasn't born yesterday. No thanks.
Even getting to this site and trying to download Hijack This was extremely difficult.
But anyways, here's the log from the HJT scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:19 PM, on 5/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxsrvc.ex... Read more

A:"Internet Explorer Warning - visting this site may harm your computer"

Also, right after I posted this, every pages starts to redirect and then it pops up and instead of "Internet Explorer Warning...blah blah blah," I'm getting "Oops! This link appears to be broken!" with my Google Toolbar logo on the side and a list of suggestions to correct the site's URL.
 

1 more replies
Answer Match 44.94%

Hi
I'm new and pretty green to this kind of thing. I got this message "401 MPV Warning (Privacy Vulnerability Detected)" coming in and I don't know what it is. Is it spy ware or what? Very grateful for any replys
 

A:401 MPV Warning help needed please; HijackThis log posted

Hi Hyroxide and welcome to TSG,

I have split your post off into a thread of your own.

Please do this. Click here: http://www.thespykiller.co.uk/files/hijackthis_sfx.exe
to download HijackThis.

Close all open windows and open HijackThis. Click “Scan”. When the scan is finished, the scan button will change to “Save Log”. Click on “Save Log” and then save it to Notepad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

1 more replies
Answer Match 44.94%

I am getting at least two different pop-ups. The one I was able to document was:

"There is a security vulnerability from the BlookHound Virus...." then I am directed to a web site for WinAntiVirus Pro.

I have completed the 5 Step process and the following is my HJT log.
------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:27:57 AM, on 4/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\Atiptaxx.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & D... Read more

A:HijackThis log - Bloodhound Virus warning pop-up

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

9 more replies
Answer Match 44.94%

Hi there
I'm new here, and need help with 401 MPV Warning (Privacy Vulnerability Detected) which has hijacked my home page. I have examined the answers to others with this problem, notably Buckaroo's to Jonreds and dvk01's to Anastasia, and have installed and run the following, after checking for updates, and deleting anything they flagged up.
Scans now read:
AdwareAway - 2 found (keyboard loggers in PROGRAM FILES which look harmless, ending in LWEHOOK.DLL and MOUDL32A.DLL)
CWShredder - 0 found
SpySubtract - 0 found
Spybot - 0 found
Ad-Aware - 0 found
Trojan Hunter - possible Trojan file in WINDOWS SYSTEM, ending in t.exe
A-squared - comes up with 2 malwares, described as Trojan downloaders in WINDOW SYSTEM file, ending in wblr.dll and MTC.dll
Housecall - 3 infected files found in WINDOWS SYSTEM , ending in notepad, thun32.dll and svcnut.exe. Managed to delete first two, but when I try and delete the last I get a message 'unable to dlete because it is currently running'

I attach my latest HijackThis log: any help gratefully received, as I'm nowhere near competent enough to know what I should delete and what I shouldn't!

Logfile of HijackThis v1.99.1
Scan saved at 18:32:00, on 18/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE... Read more

A:401 MPV Warning help needed please; HijackThis log posted

bump
 

3 more replies
Answer Match 44.52%

Can anyone look at this HijackThis log? I just finished running AdAware and Spybot - found quite a few files to delete. I think I had a virus also which was keeping me out of the registry but that's been fixed. This all started with AOL problems, then realized I couldn't get into the registry, which led me to running all this. This is the first time I've run HijackThis and would appreciate some help with it. I have Win98. Thanks!!

Logfile of HijackThis v1.97.7
Scan saved at 9:40:03 PM, on 5/4/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &... Read more

A:New to this site - HijackThis Log check?

Check these entries in the Scanlog, then click "fix checked":

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

After rebooting, go to Start>run, enter command and a command shell will open.

Carefully type and enter:

del C:\WINDOWS\SYSUPD.EXE
del C:\WINDOWS\SYSTEM\A.EXE

>> reboot and post a fresh scanlog.

=======

Can you shed any light on what this is?

O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\SYSTEM\PD6000SM.EXE

Find the file, right click on it and select Properties > Version. Does it have a copyright?
 

3 more replies
Answer Match 44.52%

Hi,

Can anyone help me clean Web Site Viewer, I have tried Spybot, Norton, AdAware, SPyware Doctor, System Cleaner, Window Washer, ...Here is my Hijackthis log:
Logfile of HijackThis v1.99.0
Scan saved at 9:23:26 PM, on 2/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\mnnjg.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spyware Do... Read more

A:Web Site Viewer - HijackThis log ???

Welcome to TSF.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn... Read more

11 more replies
Answer Match 44.1%

Hello everyone!

I was surfing around as Comodo started to warn me about two programs: e.exe and dl10.exe. It said something about the files being malware and that I should remove them. But when I ran the AV-scans, the programs found nothing. I scanned with both Comodo (updated AV) and Adaware.

So now I turn to you. I am not good at reading hijackthis logs, but I hope that someone here can help me. (It's very long, I hope that doesn't mean anything bad... )

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:20, on 2009-06-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comm... Read more

A:Warning from comodo - AVscan finds nothing (hijackthis log)

Hello again!

I dared to connect to the internet with my PC in spite of the potential Trojan on it. SO I updated Ad-aware and deleted 35 spywares from my PC and ran a new HJT. I thought I should post the new log here as well, as this probably is cleaner and easier to read for you pros.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:30, on 2009-06-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Tech... Read more

1 more replies
Answer Match 43.68%

Hi,

My problem is that Internet Explorer is being hijacked to a site called 540.FILOST.COM

Here is my hijackthis.log (as output from the HighjackThis Analyser)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 22:41:51, on 27/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globalnet.co.uk/
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..... Read more

A:hijackthis.log (redirecting to site 540.filost.com)

Hi neilandrewsmith and Welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We recommend that you subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please scroll up to the 1st post of this thread. Click Thread Tools and then Subscribe to this thread; on the next page, make sure "Instant notification by email" is selected, then click Add subscription.

Thanks.

4 more replies
Answer Match 43.68%

Having all sorts of unidentifiable error messages! I cannot figure out what is causing them....my research so far shows a possible infection, but I'm not 100% convinced as of yet.

so far I've had: 0x000000f7
0x000097ff
0x00011619
0x00000048

Help please!
Thanks


Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:36 PM, on 5/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Prog... Read more

More replies
Answer Match 43.26%

I am not able to access any Microsoft websites using either browser, IE, FF, or GC. I followed all the instructions on the main sticky, but I'm not able to go to the site to download Hijackthis either. I do have the other needed info just incase (dds file, attach file-attached, and ark file). I also pinged microsoft.com and got the following message: "Ping request could not find host microsoft.com. Please check the name and try again."

DDS file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by User at 17:14:32 on 2012-03-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\User\Local Settings\Application Data\Citrix\ICA Client\concentr.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\progra~1\crawler\notes\cnotes.exe
C:\Documents and Settings\User\Local Settings\Application Data... Read more

A:Can't access Microsoft sites / Hijackthis site

8 more replies
Answer Match 43.26%

Great!

Another excellent computer help site called savemybutt.com (With two "t's" in the word "butt") has published an outstanding HOW TO INSTALL, RUN, AND CONFIGURE THE HIJACKTHIS PROGRAM (I would strongly recommend both the E-book and the site for everyone.) Mods/Admins, you may want to stickey this topic! It's an E-book on the home page of the site that will tell you step-by-step how to use the HijackThis program to log problems with your computer. You should print out the information in this book. It will tell you how to install, configure, and use HJT with beautifully detailed illustrated instructions.

WARNING: DO NOT DELETE OR MODIFY ANYTHING IN THE HJT PROGRAM AFTER DOING A SCAN WITHOUT HELP FROM A TRAINED HJT CONSULTANT WHO CAN WALK YOU THROUGH THE PROCESS! DOING SO MAY DO VERY BAD THINGS TO YOUR COMPUTER!!

I love techguy.org. You guy are awesome! But what is cool about getting HJT help at www.savemybutt.com is that only one guy (the moderator Nite Hawk) is allowed to give advice for HJT logs and you don't have 3O people telling you what to do. If you regularily update/run your AV software and your malware protection software, but are still having computer problems, you should go to www.savemybutt.com and on the home page is an E-book for how to use Hijack This. Follow the instructions for installing, using the program, and posting HJT messages at the site. Since there is only 1 HJT moderator at SMB, it may take awhile for a respo... Read more

A:Excellent How To Use HiJackThis E-Book/Computer Site!

Hi..Any info on the workings of the HJT log is welcome...
But lets not forget all the guys and girls who can and do read HJT logs on this site..
They solve problems in seconds not days...
Lets show our appreciation to their continuing generosity..
 

3 more replies
Answer Match 43.26%

For those of you who dont know. Here is a great site to analyze your Hijackthis logs. Just copy and paste it in or upload it.

http://www.hijackthis.de/index.php

Enjoy!
 

A:A Great Site for Analyzing Hijackthis logs

Automated Analyzers are worthless and in some case dangerous
 

3 more replies
Answer Match 43.26%

Hey all, when i try to visit a website or even do a google search i get constant popups and ads, the browser is also redirecting me to random sites, some with porn and some with just ads and options to download stuff. I usually use Firefox but it's my work PC so i have to use IE for certain things, but i am still getting the redirects with Firefox, i ran Malwarebytes and it cleaned 6 files and it is still doing this, i ran Malwarebytes again after a restart and it came out clean, below is the Hijack this log i got after running the program.

Thanks for any help.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:18:52 PM, on 11/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctapsd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\CtaEoU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctatransapt.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C... Read more

A:XP IE8 constant Pop-ups and site redirects (Hijackthis log inside)

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Answer Match 42.84%

I am unable to access various sites such as microsoft.com and free.antivirus.com where i'm told I should download HiJackThis. The computer is slow in general and I wouldn't be surprised if this wasn't the only issue.

Is there a safe place I can download the relevant version of HijackThis to start the process?

I'm on Windows XP sp2
 

More replies
Answer Match 42.42%

my friends computer home page keeps loading porn sites when he opens IE
we've ran spybot and Ad-aware and it doesn't find anything

here is the HijackThis report, any help would be nice, Thanks

Logfile of HijackThis v1.99.1
Scan saved at 3:11:39 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\P... Read more

A:Help, Home page loads porn site (HijackThis report)

13 more replies
Answer Match 42%

Hi all,I noticed my browsers couldnt keep their attention today....then i notcied that my avg was not working and my start up screen for windows went to the diagnostic window.... re installed and updated to the newest avg. It wasnt finding anything.Please help.Thank you, BillLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:46:59 PM, on 1/21/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Intel\Wireless\Bin\1... Read more

A:Please help! hijackthis log. browser searches keep redirecting to an anti spyware site ( how ironic )

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 40.74%

I am using internet Explorer 11 to access the www.nemsis.org site and when I go to access http://www.nemsis.org/media/CustomElementLibrary/ .

I get the error message below:


I can use Chrome just fine to access the page. I have a coworker who can access just it just fine and he is using Internet Explorer 11 and was also able to access on Firefox. Is there something I am missing to access it? The page should display a map.

Thank you in advanced.

A:Using Internet Explorer 11 but site displays warning that I need internet Explorer 9 or higher.

Answered my own question. Apparently if I place a check in the "Use Microsofts Compatibility list and uncheck the "Displa intranet sites in Compatibility View" it works. 

1 more replies
Answer Match 38.64%

Having just had the help of posters here re HJT, I was curious about it and used a Google search. Below is the url for an interesting site I found. Comments by experienced posters re the worthiness of this site would be helpful to many I am sure. {redoak}

http://www.hijackthis.de/
 

A:Solved: "hijackthis" info and report site - FYI

11 more replies
Answer Match 38.22%

I'm sorry, should have explained better, I get this fake warning displayed in a desktop background image made by the virus, and a fake blue screen which I can get rid of by tapping the space bar twice. Also, the other fake error message displayed by the desktop background image is: Warning Win32/PrivacyRemover.M64
This is my hijackthis log, please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:23 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Mic... Read more

More replies
Answer Match 38.22%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

A:install program driver warning ,can i reset the warning?

hi
i guess i found something that can be helpful for other users
View or manage your certificates
https://technet.microsoft.com/en-us/.../cc754841.aspx

1 more replies
Answer Match 38.22%

Hi
i guess general discussion is the right place because it's not closely related to drivers

well i have installed Softperfect Ram Disk last version

i used revo uninstaller pro , to track this program

well during the installation i got a warning about the installation of the Softperfect Ram Disk driver

i let Softperfect Ram Disk installs its driver

i uninstall it , and reboot it

i remove manually files and registry keys related to Softperfect Ram then i reboot

now , i re-installed Softperfect Ram Disk , but i did not get any warnings

why? i have cleaned every files , registry , inf

can i reset this warning ?

thanks

More replies
Answer Match 37.38%

I keep getting e-mails from myself with Viagra X 80% off and its winding me up.

Is it because of the following> "Warning";"Found Tracking cookie.2o7";"C:\documents and settings\Wayne Wilson.WWLAPTOP\application data\Mozilla\Firefox\Profiles\lfmj2xlr.default\cookies.sqlite";"";"15/01/2010, 10:14:12"


Please help!!!!

A:"Warning"Warning";"Found Tracking cookie.2o7";

Down load "Malewarebyles" and "Superantispyware" do a quick scan with both they will more then likely kill your demon!

10 more replies
Answer Match 37.38%

I have setup a Site-to-Site VPN using Sophos UTM at each end. I set up an Ubuntu VM as a WINS Server using Samba.

So far so good. VPN Works.

My problem is with the WINS Server. I have taken two Windows 10 computers and for both of them added the IP of the WINS server under Advanced TCP/IP Settings and changed NetBIOS to Enable NetBIOS over TCP/IP.

The results are close but not quite right. The two computers with the modified settings can now ping each other using computer name rather than IP. Other computers on each end of the VPN can not do that.

That said neither computer shows up in the Networks of the other. This is what I am trying to fix.

It appears that name resolution is working for the computers that check in with the WINS server but that the Windows 10 browsing service is not adding those computers to the network.

The LANs are 192.168.2.0/24 and 10.1.1.0/24 the WINS server is on 192.168.2.0/24 and it comes back as __MSBROWSE__ for that network. For 10.1.1.0/24 the computer that connects to the WINS server is showing __MSBROWSE__ when I check with nbtstat.

When I check services Computer Browser is running.

Can someone help me or at least point me in the right direction? This really shouldn't be this hard so I feel like I'm missing something obvious.

More replies
Answer Match 37.38%

Dear Friend,
I am Anil from India. I have recently joined the forum after struggling for a week to stablise my unstable PC. I used to have some Anti Virus software on my pc before few years. But since last few years I was not having any AV software as this PC was not being used for surfing etc.
Since I started to use it again for surfing, downloading etc., I wanted to instal avast AV software. I installed it from some recent installer file with me. But when it tried to update the virus database, I got the message that "can't connect to server". Then I tried to open avast.com. But I again got the error message "The page cannot be displayed". Then I uninstalled the avast and tried to open other antivirus sites like norton, mcafee, avg etc., but all failed.
Then I tried to update my system using automatoc update utility. But again failed. microsoft.com also failed to open.
I use GPRS connection through cellular connection to browse the network.
Now I have downloaded and installed Hijack This.
Log file generated by it as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:31 AM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svch... Read more

A:Not able to open anti0virus site, microsoft site, window update, any other website beginning with https://

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

2 more replies
Answer Match 37.38%

I have undesired internet window opening (credit history, adult site...) when trying to access standard site (yahoo...)I tried using all the tools (antivirus, spybot, adware) that I have but could not remove it Thanks a lot for helping me Here is my logLogfile of HijackThis v1.99.1Scan saved at 22:15:05, on 15/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7De... Read more

A:Undesired Internet Window (credit History, Adult Site...) When Trying To Access Standard Site (yahoo...)

Welcome to the BleepingComputer HijackThis forum gelito23 Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.**********************************Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log please.

6 more replies
Answer Match 37.38%

i also seem to have a lot of com/active x errors......also i had symantec and removed but believe monsters still there...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:45:38 AM, on 8/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PRISMSVR.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exeC:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exeC:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exeC:\Program Files\CA\PPRT\bin\ITMRTSVC.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\... Read more

A:google redirecting, type in site get a different site, weird downloading

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 37.38%

I may not have this under the correct section and please keep in mind that I am not a programmer but here goes.

I am trying to add a hyperlink in Outlook 2007 signature file that will open a child site, but the child site seems to need some personalized information in the cache that comes from opening a parent site first:

Parent site: http://www.mywildtree.com/chad/
Child Site: http://www.mywildtree.com/shop/catalog.aspx

When the child site is opened directly (without opening parent first) it loads forever. The parent site does not require any authenication it just has to be opened first and then the child site operates correctly.

Is there a simple way to have one hyperlink either a) open two sites one after the other in the same window? or b) open the childsite with a parent site dependancy (tag?, bookmark?) on the hyperlink?

I have been on google searching all afternoon and haven't had any luck yet so any help is appreciated.

Thank you

A:Hyperlink syntax to open a parent site and then child site

Welcome to Seven Forums chadseeg. The Shop Now link shows as actually being http://www.mywildtree.com/shop/preshop.aspx, and this appears to redirect to http://www.mywildtree.com/shop/catalog.aspx.

Firefox blames the redirection



It looks like the script on the page is written to specifically prevent going directly to the shopping catalog without going through the home page. I'm not a webmaster, so I am unsure if this is intentional or not. A Guy

6 more replies
Answer Match 37.38%

Hi, I'm a complete network newb, but am helping out a Montessori school with their issues. Hopefully someone can help.
Site A has the main WAN link coming in to a Cisco 1841 router, then going to a Sonicwall appliance, then to a 24 port unmanaged switch.
There is also a point to point link to site B. This has another Cisco 1841 router on each end of the link. At site A, it's also plugged into the 24 port switch, and plugged into another 24 port switch at site B. There is a DC with DNS and DHCP at site A, and a DHCP server at Site B. Site A's IP achema is 192.168.1.x, and site B is 192.168.2.x, with subnet masks of 255.255.255.0. The circuit sides of the point to point connection is 10.0.0.1 & 2.
The problem they've been having for the last month or so is that the connection at site B would drop all together, or be very slow and sporadic. Yesterday, I tried downloading a 4mb file from the internet, and couldn't get the whole thing, even after trying for an hour, it kept timing out.
Downloading the same file from site A, I was done in 20 seconds.

Here's the wierd part. If I do a tracert from site A to site B's server, it sometimes works, meaning it'll trace in a couple hops to the server.When it doesn't, it tries to route out over the internet, with the first hop being a 162.42 address, which is the service provider.

Century Link says the point-to-point T1 circuit is fine, but am reaching out to see if anyone can give me a hand... Read more

More replies
Answer Match 37.38%

I might have 50 web site tabs and am looking at one of them. All of a sudden, another web site starts with a voice and I can't determine which tab it's on. Trying to listen to two sites (or more) is ridiculous. How can I find the offending web site?

Also, some web sites will present and audio "story" which cannot be paused or stopped (unless you close the page). Is there a way to fix this?

Thank you.......

A:How find web site that is making voice sounds when site not in focus

Open Volume Mixer (right click Volume icon in notification area) and mute the whichever you want. The pages with sound will have green volume bar moving up and down.

5 more replies
Answer Match 37.38%

Hi,Problem ::: Cant browse anti-virus websites and the sites alikeSystem Info::: Windows Server 2003 (as a desktop)Attempt ::: I have been reading a lot of posts and there's nothing related to the problems I'm having. :: I scanned the system with Malwarebytes and SuperAntiSpyware Free Edition but there problems are still the same.:: I scanned the system with HJT and had the log analyzed but there was no nasty app runningI'm attaching the HJT log. I cant attach the DDS log since DDS doesn't support Win 2003Please, any suggestion is very welcome.

A:Can't browse antivirus site or the site alike. Spyware cant update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 37.38%

Unwanted Favorites on Boot(Porn Site and Search site)
Already ran Spybot.
Can any one help with clearing up this problem?
How can it be avoided in the future?
Here is my scan...

Logfile of HijackThis v1.97.7
Scan saved at 8:14:40 PM, on 12/8/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
D:\PROGRAM FILES\AVKSERVICE.EXE
D:\PROGRAM FILES\AVKWCTL9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\OAKTASK.EXE
D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
D:\PROGRAM FILES\AVKPOP.EXE
D:\GREETINGS WORKSHOP\GWREMIND.EXE
D:\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\epspmgr4.exe
C:\WINDOWS\SYSTEM\epdsplr4.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://6... Read more

A:Unwanted Favorites on Boot(Porn Site and Search site)

8 more replies
Answer Match 37.38%

Hi Guys,

I've done a fair amount of googling before referring myself to W10 Forums.. I hope this helps someone else in the process. Since rolling out Windows 10 we've noticed users are having difficulty accessing their personal user data drives, via File Explorer. Let me make a scenario which is understandable.

In Site 1 (HQ), we can connect to the file server (e.g access 1FS without any issues- Where user data is stored)
In the remote site (Site 2), we can do the same (e.g 2FS)

At our HQ, when running Windows 7, we are able to File Explore to 2FS but since the upgrade we're unable to. This occurs both ways.

We can ping our servers, and remote desktop.

Server infrastructure:
VMWare ESX 5
File servers in question are Windows Server 2008
ONLY Windows server 2008 R2 servers have the issue, (2008 Standard edition is fine) all patches have been applied via WSUS.

Can anybody shed any light on this?

Thanks in advance,

IT Apprentice

A:Site-to-Site Network connectivity issues (Since W10 Upgrade) (URGENT)

Still on fix or progress. Please see my issue posted here also: Site-to-Site Network connectivity issues (Since W10 Upgrade)

0 more replies
Answer Match 37.38%

Hello all,

Good to join this forum

Anyway, Please can someone support me regarding connecting a Windows Server 2008 standard that needs to connect to another Windows server in another country outside of UK (Site B). The ports 1433 and 3030 are also open in the firewall and also the Draytek 2830n router, therefore I can see the ports open via yougetsignal.com. We have 1 public (Static) IP address from BT that is already in the Draytek router on Site A (UK).

How is the simplest or easiest way to connect these 2 Window servers so a management program that uses MySQL Database server can talk to the Site B server or vice-versa) Both sites have a Public IP address.

Can this be done by the WIndows firewall inbound rules / outbound rules where the port 1433 is set. There is an option to enter a Remote IP address under 'scope' which I assume is the Site B's public IP address within the inbound firewall properties.

The other way is the VPN on the Draytek 2830n. There is an option for Lan to Lan using IPSec but not sure the best settings for Dial-out or Dial-in. There is usernames and passwords that not sure of including the Remote gateway or Remote IP to use

We have 2 different routers on Site A and Site B are not the same.

Thanks Guys
 

More replies
Answer Match 36.96%

Didn't know how to title this issue...basically, here's the deal: I have a school web site, on [email protected], which has a maximum of 10mb on the site. This is a constant battle trying to keep it under the 10 mgs, with all the photos and whatnot I like to put up there. I was thinking that I still have another three or four sites on my account; why don't I set up one site which is just the images, and link it to the other site. Wouldn't it be transparent? I mean, if I set up a hyperlink on the main site, wouldn't visitors just cruise back and forth at will without any hassle? And that way, I'd have much more space for images.

Please advise...it seems too easy...am I missing something?

Thanks!

p.s. I use front page 2002 from office xp suite (professional )
 

A:thinking of setting up web site just for images to support another site

I don't think you're missing anything. This is common practice. Most of the images on this page came from another site. Ads almost always do. There's nothing that says that the image links in your html can't load images from elsewhere. The ability to bring many disparate objects from various sources together on one web page is the reason html was designed the way it was.

Sounds like you have a good solution to your problem.
 

2 more replies
Answer Match 36.96%

hello everyone
i hope you are well
i can find the problem in my site with help dear cchamberland
that is  an iframe injection at the bottom of my pages, in index.php, footer.php,etc
then i removed the iframe,And also i was applied some other security  to the site.
< iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://highperformancetraining.org/chhd.html?i=1526587 >< /iframe >
but now after 1 day My site was infected again the same iframe.
I really do not know what should i do?
Is there anyone who can help me?
 
my site is   www.pasak.org
regards.
Pasak Sh
 

A:problem in my site , google alarm that my site is Suspicious

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 36.96%

Hi all,

This problem is with all browsers. With FireFox & IE, I get the error message "The server at [name of site] is taking too long to respond?" This problem is at only 1 site; all other sites are great. Had no problems last week and had no problem getting into it using Opera until yesterday. I've been doing some research and lots of people have the same problem with one site only. I haven't found any solutions yet.

My internet goes through a server & router. I thought for sure it was my pc but I get the same problem on my iTouch with that one site. At home, I have no problem with my pc & iTouch. Anyone have any ideas?

I even tried Safari and no luck. This is all from work. That site opens no problem from home. Must be something in the server? Why only one site??? It's not a bad site or anything like that, it's just a private community private forum like this one here.

Running Windows XP

Thanks in advance.
 

A:The server at [name of site] is taking too long to respond? 1 site only

6 more replies
Answer Match 36.96%

Hi there, can someone please tell me why is McAfee site advisor "labels" RED the site giveawayoftheday.com? Does it mean it's a "no-no" visit site? Thanks!

A:Mcafee Site Advisor Sayd Red On Giveawayoftheday Site

The site itself might be in the green (safe) zone, but the link you are searching may be otherwise.Try using this little free utility on all links?http://linkscanner.explabs.com/linkscanner/default.aspI use the paid version, but there really is no difference.

9 more replies
Answer Match 36.96%

Hi,

Many of PC's in my office network are badly affected form a malware or something and I can't access any anti-virus site or microsoft site. it says "The page cannot be displayed". all other sites can access without any issue.

if someone could help, i really greatfull.

A:Can't access any anti-virus site or microsoft site

Pls.. some one provide a help..... I'm really struck with this

1 more replies
Answer Match 36.96%

I run a music website, and I am finding that people are using my bandwidth by linking the files from my site to their site (Does that make any sense?). It want to stop this, because it's wasting my money. I would like it so if they try to link a file it says "Linking file from x site" or something like that (geocities does this with images). I know its possible just not sure how.
 

A:Stopping people from linking files on your site to their site

14 more replies
Answer Match 36.96%

Does this site assume that I am logged onto a vista computer?

I registered as a x64 Vista Ultimate user. But for much of the day I am not on that machine. Should I still be able to view the site tutorials? Because the tutorials do not play on this XP machine.

Doug

A:Site forum site vista tutorials do not play

Hello Doug, and welcome to Vista Forums.

I'm not certain that I understand what you mean. Do you mean that the tutorials will not display, or that the flash videos in the tutorials will not play on XP? If you mean the flash videos will not play, then do you have Adobe Flash Player installed on the XP computer?

Hope this helps for now,
Shawn

1 more replies
Answer Match 36.96%

(i am running check point 4.1 firewall-1 and i am trying to establish a site-to-site vpn with a cisco 3000 vpn concentrator. we have verified over and over that all our settings are configured correctly but we still cannot connect.

in my logs, i see the phase 1 but we never get to phase 2 completion. the error message on my end is 'invalid cookie'. on the cisco send the error message is 'QM FSM error'. both of us tried to contact support people for our products but we keep getting the same response, make sure your timeout settings are the same.

has anyone encountered a similar problem?

i am really hoping to resolve this issue because i'd prefer a site-to-site vpn solution over installing cisco vpn client software on each machine.

thank you very much in advance.)
 

A:(cisco-check point site-to-site vpn problems)

8 more replies
Answer Match 36.96%

Whenever I click on a link, even if it is a link presented by Google as a result of a search, I am often taken to various different web sites I never heard of before. My husband is very computer literate but does not feel comfortable fixing this without your advice.

When I tried updating my PC-cillin information I got an error saying, "Update unsuccessful. Check your Internet connection, and then try again. Consult the Online Help for additional instructions. (-1)"

We think this could be a result of being highjacked. We do have internet connectivity. For example this message is being sent from the computer that is having the problem.

Thanks in advance for your help!

Here's my DDS log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Lorri qwert at 19:38:37.81 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.151 [GMT -7:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)
FW: PC-cillin Internet Security - Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PR... Read more

A:Clicking a link for a web site takes me to unknown site instead

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

14 more replies
Answer Match 36.96%

Hi allI've just registered here in the hopes that someone can help me with my problem. I've exhausted every option I can think of to try and fix this problem but I'm still having issues.I am currently using FireFox 8.0 and I am using Norton 360 Version 5.0. My operating system is Windows Vista Home Premium.I keep getting a Malicious Web Site Blocked page pop up just about every time I click on anything.Then Norton takes me to this page when I click on detailed report:Pagebut doesn't explain to me what I can do to resolve this problem. It's very annoying. I can't do anything without this popping up. I've run computer scans etc etc but nothing gets rid of whatever the hell this is. I don't even know what Widdit is or how it's affecting me? I've never been anywhere called Widdit?First I ran just a full computer scan to see if it picked up anything, but nothing came up bar a few tracking cookies.So then I went to the Norton Community forums for more help and they've suggested downloading a Anti-Malware program, but that picked up nothing on any scans. I then ran Nortons Power Eraser as suggested as well but that picked up nothing either.I'm still getting this Malicious Web Site Blocked page pop up a lot, just when I'm browsing through sites I normally go to. I don't know what's going on at all. I've tried everything I can think of and any help would be much appreciated!Thank you!

A:Malicious Web Site Blocked page pop up : Widdit site?

Hello, let's see if these will show us somethings.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 12... Read more

4 more replies
Answer Match 36.96%

Hi all,

This problem is with all browsers so hope it's ok to post this here? If not, please move this thread.

With FireFox & IE, I get the error message "The server at [name of site] is taking too long to respond?" This problem is at only 1 site; all other sites are great. Had no problems last week and had no problem getting into it using Opera until yesterday. I've been doing some research and lots of people have the same problem with one site only. I haven't found any solutions yet.

My internet goes through a server & router. I thought for sure it was my pc but I get the same problem on my iTouch with that one site. At home, I have no problem with my pc & iTouch. Anyone have any ideas?

I even tried Safari and no luck. This is all from work. That site opens no problem from home. Must be something in the server? Why only one site??? It's not a bad site or anything like that, it's just a private community private forum like this one here.

Thanks in advance.

A:The server at [name of site] is taking too long to respond? 1 site only

No one with ideas?

3 more replies
Answer Match 36.96%

I caught one of worm virus in my network and also I patched WindowsXP-KB958644-x86-ENU.exe tool and ran the Symantec FixDwndp.exe tool but still I can?t access Microsoft site and any antivirus site from any client computers and any servers in my network

A:can’t access Microsoft site and any antivirus site

please any one can help

2 more replies
Answer Match 36.54%

Hi, I?m new to TechNet so sorry if ive followed procedure!
I?ve just setup 15 Windows 10 PC's in a new ICT at a Primary School. I?m trying to roll out software via ninite.com to save time but I?m getting the above error. Like
others if install a different web browser like Chrome its fine. I?ve tried resetting IE 11 back to default and I?ve played around with the TSL and SSL settings under advanced till I?m blue in the face. I run light speed Rocket as my web-filter and I have no
issues on any other OP or devices within school that i am aware of.  Issue but be with IE and how it sees specific sites. 
Any advice would be appreciated. 

Apologies if this has been answered previously
Mick

More replies
Answer Match 36.12%

I received this error message MPV 401 Privacy Vulnerability Warning. I am not sure if this is a hoax for advertisement of software or someone could see what I utlize via the internet. It stated they had scene evidence of explicit sites. I have read anothe thread however I am not overally computer literate to work DOS. Additionally, how did this get to my system when I have a router? First and foremost what is it? My last question is somewhat unrelated, I would like to be refered to a good software package that eliminates all internet history including index.dat files etc and spyware, adware. Basically close to a Wipedrive without lousing everything like documents and pics on you PC.

Thanks in advance for those whom could lend their expertise.
 

A:MPV Warning 401 Privacy Vulnerability Warning

7 more replies
Answer Match 36.12%

My Computer all of a sudden this morning appeared with a blue desktop background with the message " Warning: warning spyware has been detected on your pc". It also produces pop-ups for the spymaxx product. I restarted my computer after running hijack now it doesnt boot back up and gets stuck on a black screen where all you see is the mouse. Please help! I want to get rid of the virus and fix the booting issue!Mod Edit: Topic moved to more appropriate forum~ TMacK

A:Warning: Warning Spyware Has Been Detected On Your Pc

Hello bnberthold & Welcome To BleepingComputer.When Your Computer Boots Up & Posts, Tap F8 (If Unsure When, Just Tap From Post Until You Come To The Menu*), *And You Will Come To A Menu Asking How You Would Like To Boot In to Windows. Select (Your Most Recent Configurations That Worked) And See If That Works. If It Gets To The Same Place, Do The Same Except Boot Into Safe Mode. Now If That Does The Same, I Can't Help You , But I'm Sure Somebody Else On BC Can.

9 more replies
Answer Match 36.12%

Hi guys,

To make it clearer, I would call the sites which I downloaded my stuffs from as the following:
I.Forum 1
1.User A - uploaded his files on Megaupload, Rapidshare and Hotfile(I doubt these filesharing sites have any problems)
a.Many forum users downloaded his stuff and not a single post of reporting any CRC error related issues. So the integrity of the files should not be doubted. If the files are perfectly OK for everyone else, it has got to be me.
b.ALL the stuffs I downloaded from him(uploaded on MU, RS & HF) are extracting fine until about one month ago. Every piece I downloaded failed to extract since then.
*All are done with same computer and same connection. Exact same conditions.
2.User B - Exact same scenario. Post his stuffs on his own blog as well.
3.Basically, every RAR file I download now have CRC error.
II.Forum 2
This forum has their own download server. Stuffs I download here are still miraculously working!
In case you doubt the size of the files. RAR files downloaded from Forum 2 work fine even when they are 300M. Whereas RAR files from Forum 1 always fail, smallest single file being 150M. Smallest divided(.part01.rar files) are 90M.
The contents of the files are different.
Forum 1 - Every type of file.
Forum 2 - Only music and images. (.ape, .jpg, .png, .mp3 etc)
Detail:I only have problem extracting the large files(>90M) from the RAR archives downloaded from MU,RS,HF(Forum1). Though RAR archives downloaded from foru... Read more

A:Downloaded RAR files CRC failed from site A but not site B

Problem unsolved.
Though I've found an alternative solution by repairing the archives. Extracting perfectly for every file. I'm guessing it's an internet issue.
Older RAR archives without recovery record cannot be recovered!
Urgently need software which repairs CRC errors.(Softwares which can repair .part.rar files!
 

1 more replies
Answer Match 36.12%

I've setup a VPN Tunnel using 2 Sonicwall TZ-205 Firewalls. The VPN tunnel is up and active, I am still not able to see any of the PC's on the other end of the tunnel. Ultimately I would like to map a network drive from one site to the other.
 

A:Map Network Drive over Sonicwall Site to Site VPN

16 more replies
Answer Match 36.12%

Hi,

I'm arvind from India. I'm using IPSec VPN for site to site communications between PIX 515 and Nomadix Gateway. I'm accessing the pix through the PDM. When ever I change any configurations in pix immediately some sites are getting down. Immediately, i used to check some commands in pix, after 2 hrs or less then 3 hrs all sites were got up automatticaly.

show crypto isakmp sa (result is
&
show crypto ipsec sa

What things are getting restart in pix & why its happening.

Pls. guide me to troubleshoot the problem.

thanks,
s.s.arvindhar
 

More replies
Answer Match 36.12%

This been happening for quite a few months now, now every single time i go on firefox and type in the search bar to where i want to go, it jumps to some advertising site

For example.... i type in free tv and then i click on the free tv website it doesnt go to that site and jumps to some weird site and then my AVG anti virus pops up and said that i have a threat so now once im on the site and click on the back arrow it jumps to a random site too

so i was wondering how do i fix this? do i have a virus?

i had scan my computer with Spybot-search and destroy, AVG anti-virus and Malwarebytes' anti malware and nothing comes up

Please help

A:Web page wont go to the site i want instead it jumps to a different site

I had this and my spyware detector thingie could not help at all, but I found found it completly by mistake randomly

I was on add or remove programs, which I can't remember how I got to, and on the list there was a piece of software called something like "Firefox browser redirect" so I deleted it and stopped having the problem straight away.

I hope that this helps, usually I am not too good with computers, but was quite pleased when I stumbled across this

19 more replies
Answer Match 36.12%

I get a pop up from Avast when i visit some sites. "29.10.2010 13:55:21 Network Shield: blocked access to malicious site cikh71ynks66[dot]com/e0GNg6Nd4apO+0jL2S4G9e0ZEg== [ C:\Program Files (x86)\Mozilla Firefox\firefox.exe ( 4352 ) ]" its always to cikh71ynks66[dot]com/xxxxx. I also get redirections to random sites when i click on a link from yahoo search links. I cant find it with avast or malwarebytes. I was only able to have the option of checking Services, Registry, Files, and ADS. I am also having a problem attaching files so im going to copy and past them in here.
DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Owner at 14:00:26.27 on Fri 10/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8182.6110 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32&... Read more

A:Site Redirection and Blockage of Malicious site

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Answer Match 36.12%

Hello All, I have 2 problems 1)I'm running AVG and is detecting a few Trojan Horse's. A few names are:
Trojan horse Java/Downloaded.CB
Trojan horse Generic21.AWHL
Virus indentified Exploit.Java

I also notice I get AVG popping some threats being blocked like exploits etc... Hopefully someone can help me out and figure out what's going on with my computer. Thanks all

2) I notice my C Drive will start to drop in space every time I click on it, I haven't downloaded anything that could cause my space to drop. I have ran error-checking and I'm not sure if it fixed since is not happening right now, but it does at random time
Edit: Will be checking back to see what I need to do to get started. I'm running XP and Opera, sometimes i use IE 8 and Mozilla.

A:Internet Slow and Site leading to another Site.

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.Download Link 1Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, ... Read more

1 more replies