Computer Support Forum

post-cleanup, cannot access internet, restore mode suspended

Question: post-cleanup, cannot access internet, restore mode suspended

I cleaned an AVscan-infected Dell using MBAM. I was able to boot into safe mode, in which I ran both MBAM and SuperAntiSpyware and cleaned out the infection.

The problem is that now I cannot access the internet from this machine. Safari returns its standard page not found errors. I tried ping as well, and I cannot get a response to pings of sites. This happens in both safe mode and normal mode.

I went to the Control Panel - Networking and did a "Repair" on the wireless connection. No change in the result.

I checked on System Restore while I was there - and the restore is listed as being in "Suspend" mode although there is 66GB out of 100GB free on the hard disk.

I followed a link from another post here to something call win sock fix, but when I downloaded it Windows warned that the file contained something dangerous so I have not yet tried that over on the laptop in question.
How do I re-enable the system restore modes, and how do I repair the networking issue?

Thanks in advance.

Relevance 100%
Preferred Solution: post-cleanup, cannot access internet, restore mode suspended

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: post-cleanup, cannot access internet, restore mode suspended

Found it.
They had added a proxy server flag, with no proxy address provided. In Safari, Tools - Preferences - Advanced - Change Settings - LAN settings - unclick Use a proxy.

Any ideas on the System Restore fix?

1 more replies
Relevance 75.03%

I am on the internet when connection is suddenly cut-off. This happens in all situations, ie. downloading, surfing, playing games.
I have a 233-Pentium with a cable modem, and networked to another 233, via USB and Ethernet card, I am also internet connection sharing with win 98se and have zone alarm. I have also made some modifications to registry to accelerate modem, as per advise from cable.ds.home
This problem occurs after 30 min or so wether 2nd user is on or not
I am really confused ( as usual ) and would appreciate any assistance thank-you...M.C.
 

More replies
Relevance 70.11%

This is a Dell Laptop I purchased in 2012. Unable to access internet accept in safe mode, can't restore to factory setting using Dell datasafe, runs very slow, can't open/run Macafee or Microsoft Defender. At a loss as to what to do.

Any help would be great. 10 years ago I thought I was computer savy but now ask my 13yr-old for help.
 

Answer:unable to access internet (unless in safe mode), can't restore system, ect..

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

17 more replies
Relevance 68.88%

I had a virus and managed with the help of 2-3 people to get rid of it. Now my problem is that in normal mode I can go into internet words, excel and powerpoint, nero and thats about it. all my other files or software (pdf files for examples, antiviruses or media player or other software installted) wont open I get the attached error message. couldnt paste it so here is what it says windows cannot access the specified path files you may not have the appropriate permissions to accessthe itemsSomeoene told me that I wasnt infected anymore (zerorootkit virus) but that it might have corrupted so I need to reinstall. Id like to do this in last resort. anyone have a clue of what Icould do to have access again in normal mode (I can access pretty much all in safe mode) BTW I started backing up my data but it be nice not to reinstall all softwares and such.Manufacturer: GatewayModel: 702GEOS: Microsoft Windows XP Home EditionCPU/Ram: 3.2 GHz / 1013 MBVideo Card: Intel(R) 82915G/GV/910GL Express Chipset FamilySound Card: Realtek High

Answer:Post Virus cleanup problem Access denied opening programs

NOTE that this site uses software that highlights certain words in the text so that they're blue and underlined. If a post is long enough to require scrolling down to see all of it, due to whatever bug or bugs, the highlighted words DO NOT move as you scroll down the text. When you have scrolled down and you see a blank space where it looks like text should be, hold your mouse cursor briefly over any blue highlighted and underlined word or words that are not in the right place to make them pop into the proper place in the text.The software seems to only highlight and underline the first occurance of a word or words, in the entire Topic. The mis-placed blue highlighted and underlined words can be in the post, or above or below the post......"windows cannot access the specified path files you may not have the appropriate permissions to accessthe items"Do you see Administrator listed as a user to select when you load Windows normally ? (You don't, by default.) When you've loaded your own user....Go to Control Panel - Classic view - User Accounts.What is shown under your user name ?Computer administrator, or something else ? .....Start up Windows in Safe mode with networking (mode) .E.g. Remove any bootable disks in CD or DVD drives.Press F8 repeatedly while booting, starting very early in the boot sequence, or if you have a CRT monitor, starting as soon as the led on the monitor turns the color it is when the computer has video, don't hold down the key, and when the "Advanced... Read more

18 more replies
Relevance 62.73%

Hi, i just upgrade my laptop to Windows 10 and i am having probem with the switch off and suspend. When i close the cover the Windows should suspend and when i open it turn the computer on but waht happen is i close the cover and the computer won?t fully suspend i can still hear the fans and them i open the cover and it doesn?t turn on the monitor. The same thing happen when trying to shut down and i already did a clean install. Anyone having the same problem?

More replies
Relevance 62.32%

Hi All,
Was directed to this forum by a friend to hopefully solve a problem. For some reason(ie I clicked on something) a system restore started on my laptop. There wasn't enough space to complete it so it's suspended. Is there a way to undo it/cancel it as I think it's used up a lot of memory and is affecting my laptop.
thanks in advance,
Mohican
p.s. Wasn't sure what details required so I thought it best if you tell me what you require.

Answer:Cancel a suspended system restore

You may want to give this a try. If it does not work, delete all points and then make a new one, in case it is needed
System Restore - Undo

Works for Vista, too
System Protection Restore Points - Delete - Windows 7 Help Forums

1 more replies
Relevance 60.27%

I am in dire need of some major assistance!

Background: My comp automatically goes into hibernate after 20 mins or so. That being the case, it is not too often I shut down/restart my system. The last time I did, however, the computer rebooted with the problems stated below.

Issue(s):

No sound at all. I get an error message prompting me to download required codecs that are missing for video files. iTunes gives me an error message claiming the sound device is not working properly. System functions in the Control Panel show me all devices are working properly.

No taskbar. I have to run programs using Ctrl+Alt+Delete.

I cannot add, remove or generally move files. This is particularly stressing being that I cannot create backups. When I attempt to run a program installation (iTunes setup, for example), I receive an error message stating Windows Installation cannot complete the setup.

System restore is "suspended". When I attempt to run system restore, I get an error message stating my computer cannot be protected and to restart. Even after restarting, I get the same message over and over again. The status of system restore shows "suspended" due to not enough disk space on my PC. This cannot be accurate as I show plenty of space available.

Attempted troubleshooting:

- Virus Scanner (Avast), nothing found
- SpyBot Search & Destroy, nothing found
- System File Checker, no issues found
- Ran in Safe Mode, same problems w... Read more

More replies
Relevance 59.86%

For no apparent reason when I am downloading torrentds windows says , in the notiifications, that it has pu Torrex Pro into suspended mode

More replies
Relevance 57.81%

Ok, I'm sure I'm missing something simple, but I have looked everywhere.I have a T60 running Windows XP Pro w/ SP3.  About 72 hours ago, I lost the ability to access the internet via my browser (IE7) while running in normal mode.  Works fine in safe mode with networking.  I am connected to a home network using wireless.  Router and modem all check out fine, and have been rebooted.  A 2nd laptop was brought in to verify and worked fine.  T60 will not allow internet access with wired port or wireless port in normal mode.  My desktop computer works fine on same network.The only update I've made recently is the update to the WiFi driver from Lenovo a few days ago.  I've even rolled back to the previous driver and still cannot stay connected to the internet for more than maybe 1 minute in normal mode after bootup and loggging in.I've run every Malware/anti-virus program known to man and have found nothing (Malwarebytes, Spybot, A-Squared, etc.)I've run several Rootkit tools and found nothing.I've disabled, removed and reinstalled my Norton Internet Security software and made no difference.  (same version running on my desktop and working fine.  Same version that has been running on this laptop for months and working fine.)I've done Registry restores (from a backup) and repairs and no change.I've removed and reinstalled IE7.I've run Hijackthis and had the info analyzed, found nothing.I've tried winsock repair tools, "netsh" reset co... Read more

Answer:Internet access works in safe mode, but not in normal mode

Hi mle724,I would suggest restoring your system to factory settings. On an aside note, have you tried using an alternative broswer like Safari, Mozilla, Opera, Chrome, yada, yada, yada?Hope it helps.





------------------------------------------------------------Maliha (I don't work for lenovo)ThinkPads:- T400[Win 7], T60[Win 7], IBM 240[Win XP]IdeaPad: U350Apple:- Macbook Air [Snow Leopard]Did someone help you today? Compliment them with a Kudos!Was your question answered today? Mark it as an Accepted Solution!   Lenovo Deutsche Community     Lenovo Comunidad en EspaŮol Visit my YouTube Channel

1 more replies
Relevance 57.81%

This happened between uses while notebook was in standby mode.  One day everything worked fine, next day had no access to Internet via browser or e-mail in Normal mode except via WinSCP (secure FTP utility).  In safe mode, had access to Intenet, whether browser or e-mail.  OS is WinXP Pro.  Tried everything I could think of, including unistalling firewall & anit-virus.  Any ideas?

Answer:X61 gets access to Internet via browser in safe mode but not in normal mode

I think your pc might have some virus. Scan your pc with free online scanner here a links to some. www.eset.com/onlinescan/support.f-secure.com/enu/home/ols.shtmlhousecall.trendmicro.com

2 more replies
Relevance 57.81%

My ISP has suspended my service because they claim I am infected with some sort of IRC Bot or something. I've tried everything I can think of, and no luck yet. Here is my Hijackthis log - any help is appreciated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:44 AM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DriveIcon\DriveIcon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\... Read more

Answer:Internet suspended - Help!

Hi revlis and welcome to TSF.

Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some ... Read more

1 more replies
Relevance 57.4%

Hi all,

I've had this problem since yesterday (5/25/15) and haven't managed to find a fix for it yet. The issue is that although I have internet access--and Google even boots up how it normally would--I am unable to access websites. I am able to search perfectly fine, but the connections "time out" and do not connect. When I decided to troubleshoot, I received "-website name- is online, but network is unable to connect". I am still able to access the internet on my phone and other devices.

Thank you for any and all help!

UPDATE: I now am unable to view the Google homepage on startup with Google Chrome.
 

Answer:Able to access internet in Safe Mode, not normal mode

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

33 more replies
Relevance 57.4%

Hello,

I have windows xp and recently had a virus along with some adwares (PCDefender). Anyways, I was able to remove the virus by using "malwarebytes" by running it the safe mode/w netowking. After I ran the full scan and rebooted in the normal mode, I was unable to use the internet; so I call up my ISP (verizon) and they help me check my connectin in ms dos by using ip config and cpl other thgs not sure but I was able get connection.

I was able to connect the internet in the safe mode but coundn't in normal mode. Please help.

thx

Answer:Internet access in Safe mode\not in Normal Mode

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 57.4%

I made it to a point where I could run MBAM four days ago on a laptop, but before it finished, a pop-up happened, kicked it into a reboot, and now I can't get it to boot to safe mode, or to the desktop in any way. This virus has also disabled system restore, and task manager as well. It now just hangs up mid-boot, with the safe mode words in the corners of a black screen.Many, many different error boxes keep popping up when I try to boot up normally, or at least with the "last good configuration", listing file names/ .dll errors = bad image. Says to try installing from install disk. Problem is, I can't find the install disks, after the last instance in January fixing this laptop with those disks.If I could get it to boot up, and I could run rkill, or MBAM, I believe it would eventually work out? However, what to do to get to that point?Any help, advice is appreciate.Thanks.Edit:Sorry, forgot to mention the OS is Win XP Home. Also, a lot of the applications were coming up previously as "disabled by administrator" while no administrator rights were set on this laptop.

Answer:No access to safe mode, desktop, sys restore, etc

Hi, Neese Welcome.Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Registry to AllUnder the Custom Scan box paste this in/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.... Read more

more replies
Relevance 57.4%

Computer says system restore services cannot be started in safe modethis is a new one i havent seen this happen before, any clues on what to do

Answer:cant access system restore in safe mode

You can run system restore from a command prompt:Start your computer by selecting Safe Mode with Command Prompt.When the command prompt is displayed, type the following: [systemroot]\system32\restore\rstrui.exe (the system root folder is the folder to which you installed the XP operating system files, usually c:\windows).Press EnterNow you can follow the instructions on the screen to use System RestoreStill, nothing beats imaging software. Everybody should use it

7 more replies
Relevance 56.58%

When turn laptop on a blue screen (blue screen mentions page fault & datestamp) quickly appears then disappears. Moves to startup repair that says 'startup repair cannot repair this computer automatically'. I select the recommended button the computer shuts down.
I restart pressing F8. I selected each option and nothing works. In advanced system recovery options-start up repair doesn't work. System restore does give me a list of dates to select from but each of them throws up error box saying application error. Memory could not be read. Click OK to terminate. System image recovery says Windows cannot find a system image on the computer. Windows memory diagnostic-I selected the recommended button and the computer restarts running 2 tests on a new blue screen. The tests run starting Windows screen appears then again the blue screen appear & disappears and the Windows error recovery screen appears. The recommended button brings it to startup repair again. In system recovery options-command prompt I type add /scan now. It says there is a pending system repair pending which requires reboot to complete. Restart & run sfc again. So I restart the computer the blue screen flashes again-I go to start Windows normally in error screen and blue screen flashes again then windows error recovery appears again so I select the recommended choice and I'm back at startup repair box-I go into advanced options again and try the sfc command again. It throws up the same message reboo... Read more

Answer:Blue screen, can't access safe mode, won't restore

It appears the operating system is corrupt and may be unrepairable. Your best bet it to remove the hard drive, attach it using a USB external hard drive connector, and copying over any files you can find.

8 more replies
Relevance 56.58%

Hi All,

I am working on an old Samsung r710 laptop running Vista, which is not booting.

I cannot boot to safe mode using F8.

I have to option to re-image using Samsung restore, but would rather avoid doing this.

I have booted using a Vista CD (SP2), and run Startup Repair which did not resolve the issue.
I have run System restore but this does not compete successfully, have tried three different restore points. The request could not be performed because of an I/O device error 0x8007045D.

Again booting from CD I have used the command prompt to run chkdisk - no errors, and sfc /scannow - which I am in the process of running for the Third time and is finding corrupt files but not repairing all of them.

After sfc has finished for the 3rd time I will try system restore again, try to boot again. After that I'm out of idea.

Is there anything else I can try before just re-imaging the C drive?

Kind Regards,

Sandy.

More replies
Relevance 56.58%

I have a dell inspiron, Win 7 x64 laptop.

I recently downloaded the program: 'iiusage 2.3' a tool to help analyse internet usage and quota. Immediately when it installed, the computer bluescreened. Whenever it loads, it bluescreens after the mainscreen and immediately goes to start-up restore. Can not enter safe mode.

Start-up repair can not fix the problem and gives the following problem details
problem event name: startupRepairOffline
Problem signature 1 - 6.1.7600.16385
Problem signature 2 - 6.1.7600.16385
Problem signature 3 - unknown
Problem signature 4 - 21200462
Problem signature 5 - AutoFailover
Problem signature 6 - 21
Problem signature 7 - 0x109
OS version - 6.1.7600.2.0.0.256.1
Locale ID - 1033


I have tried to system restore to a point a few weeks before this happened and this does not fix it and it loads and goes straight to startup repair.

Windows Memory diagnostic does not find anything.


do i have to restore to factory settings (not desired - as i will lose all programs + files) or is there a way to fix this?

Also:
Startup Repair diagnosis and repair log

Number of repair attempts: 22
Session details
system disk = \device\harddisk0
windows directory = C=\Windows
AutoChk Run = 0
Number of root causes = 1

Test performed
Name: check for updates
result: completed successfully. Error code = 0x0
Time taken = 0 ms

Test
System disk test
Result: Completed successfully. Error cod... Read more

Answer:BSOD, can't access safe mode, won't system restore

If you have another system or have a friend who has a system then slave your hard drive into that system and see if you can access the hard drive and clear that software out. You may need to do a Windows Repair. Do you have your Windows OS disk?
 

3 more replies
Relevance 56.58%

Occasionally my IE 11 Process will become suspended. When this happens I can still use the IE window I have open but many other things stop working correctly. I've attached a screen capture from Process Explorer to show you what it looks like. I've noticed several other processes becoming suspended such as ShellExperienceHost, Search and several others. I have no idea why they are becoming suspended. I'm running Windows 10x64 Pro on a Sager NP 7378, i7 4710 processor, 16 GB of RAM...

Any ideas what's causing this?

 

More replies
Relevance 56.58%

Hi, I'm posting this here in an attempt to fix a problem with a laptop with no internet access in normal windows mode. I believe I've cleaned all viruses off, but need independent verification. Spybot S+D and MB's AntiMalware both report a clean machine, but again would like verification. Here's the DDS log, and the attach file is attached:DDS (Ver_09-05-14.01) - NTFSx86 Run by Reason at 19:40:05.35 on Mon 06/01/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.151 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common ... Read more

Answer:Unable to access internet - safe mode access is ok, network is ok

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 56.17%

my PC was running incredibly slowly, i discovered in task manager that my disk was running at 100%, being unable to do almost anything normally i decided a system restore would be my best bet. in safe mode it generally runs fine, however i can not search anything in the bottom left search bar, and when i click on settings and then update & security, the tab just freezes, and this doesnt happen if i click on system for example. any ideas on an alternative way to perform a system restore? or another way to solve my disk problem? thanks

Answer:unable to access system restore in safe mode win10

Run cmd as administrator and type in rstrui.exe and press enter on the keypad.
or copy and paste it in.

10 more replies
Relevance 56.17%

hi
my son was on the internet on his IBM Thinkpad when numerous pop ups flashed up on the screen.

since then the program/document files on the c drive were all hidden, and we have been unable to get onto the internet.
i have managed to find the document files, but still no internet, and we are unable to access safe mode, or safe mode with networking.

when you try to go into safemode or safe mode with networking you get message saying a problem has been detected
you then have the option to go to the 3 safe mode types again. however this appears to be a never ending circle of error message, and back to this page!
the computer will start normally

any help will be most appreciated

gav

Answer:no internet access / unable to access safe mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malware... Read more

3 more replies
Relevance 55.76%

HI All!
Is it normal for the "Monitor.exe" to try to access the internet? Or do I have a bug? According to MS description, this device regulates internal functions and needs no Internet access. I have blocked it completely, after a system reinstall and putting in the firewall FIRST before connecting to anything by phone line. The firewall indicates a good deal of port scanning (eTrust), so I put in PortBlocker to help out.
What brought all this to my attention is that my previous firewall was attacked and turned off/on and adjusted without my knowing (Sygate free) and let a lot of stuff get into the machine. The balloons that pop up from the bottom of the screen indicated 'Monitor.exe' was trying to access the Net and I was getting a flurry of portscans from outside. It got worse, and other software devices became vehicles for unauthorized access as well. After using the system recovery disc for full reinstallation, it behaved well for a short time, then began regular attempts to get out to the Net again. The firewall requires ok for all traffic, except what's allowed by me, so the Monitor.exe is blocked completely. YES, you could live with it this way . . . but what does this? And can this be utilized by attackers?
I have run every detection/removal device recommended to me, and have had AdAware, SpybotS&D, SpywareBlaster, AVG Antivirus, BHODemon, MRUBlaster, and a few more, all MS updates. If there's nothing wrong with HJT log does it mean there's nothin... Read more

Answer:HIJACK Log Post: Monitor.exe trying to access the Internet

You need to post a hijackthis log hereHow_to_submit_a_Hijackthis_Log

2 more replies
Relevance 55.76%

I used mbam to clean up and it is reporting that everything is gone. Now i have no internet access. I do have access to network shares. New to hjt but here is my log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:41 AM, on 11/17/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16916)Boot mode: NormalRunning processes:C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exeC:\Program Files (x86)\AIM6\aim6.exeC:\Program Files (x86)\DAEMON Tools Lite\daemon.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exeC:\Program Files (x86)\Symantec AntiVirus\VPTray.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exeC:\Program Files (x86)\Common Files... Read more

Answer:No internet Access Post trojan.vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 55.35%

To make a short story extremely short, I tried to get onto my cousin's computer and it was bogged down with a LOT of spyware. Downloading HJT, I got rid of what I thought to be most of the major culprits. Before I did it, popups were being blocked at what I thought to be 2-3 a second. There's none now so far.

Now then, I want to make sure I've got everything out of the way. Lemme know what needs to be taken out. Thanks in advance,
John


Edit by chaslang: Unrequested inline log removed
 

Answer:(Post?) Cleanup Help--HJT Log

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message.

Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

2 more replies
Relevance 55.35%

i,I recently got a message pop up about being vulnerable to viruses and having thousands of infected files. I realised it was a fake antivirus virus and ran an antivirus scan (I have norton internet security 2010).It found and 'fixed' what it called Trojan Fake av.However ever since then i cannot access the internet at all. I know that i am connected as can still send emails/use messenger etc. But through IE all I get is "unable to access the internet please check your connection".I spent over an hour on the phone to Norton only to be told that if I cant access the internet they cant help.Any thoughts appreciated.B.

Answer:Post fake antivirus / unable to access internet

Download Firefox and use that temporarily.click hereTo fix IE try Control panel.Internet Options.Advanced and press reset.That will reset I/E to its original status.And as it got by Norton in the first place.Download Malwarebytes free version update it and run it in safe mode to see if it finds any problems.[Safe Mode] just keep tapping F8 as the computer starts]

7 more replies
Relevance 54.94%

Hi all,A keylogger and a worm infected my computer yesterday and I (hopefully) managed to remove both with Norton 360 and Ad-Aware. I also used Malwarebytes and SUPERantispyware but they did not detect anything. Anyway, I just need to know if anyone can spot anything else lingering around that shouldn't be there. I ran the little tool that Computer Hope has for explaining each process in a HijackThis log btw, and it said there were a few suspicious things. I'd like a second opinion from an experienced user though. The keylogger detected by Norton 360 was called Spyware.Keylogger. The worm detected by Ad-Aware was called Win32.Worm.Sohanad/D.Here is my HijackThis log:Code: [Select]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:10 PM, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raphy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\... Read more

Answer:Post-cleanup HijackThis log

please post the sas and mbam logs as well

2 more replies
Relevance 54.94%

I'm a newbe, so I would like to apologize up front for any mistakes.
I recently cleaned ?Internet Security 2010? off my XP Home Edition, Thanks to the tutorial posted on this site. But I have a follow-up question.
After the Malwarebytes procedure I discovered that there was residue left on my computer ie?
the folder C:\Avenger containing sdra64.exe & a data file
Which I deleted. I then checked the registry for ?Avenger? and discovered that IS2010 had left a tremendous amount of entries, so much that regedit will not display the registry properly anymore.

Question: What is the best free program to remove unused fragments from the registry without doing any harm?
I would appreciate any help, Thanks.

More replies
Relevance 54.94%

Papakid,Thanks so much for all of your help and advice. I followed all of your instructions. So far (today) my only problems have been (still) the frequent loss of connectivity to the internet and the fluctuating Wireless Network speeds running quickly from "Low" to "Very Good" to "Good" constantly.I upgraded my Java, ran CCleaner, deleted AVG7.5 (as you said it may conflict with SpySweeper), did a disk defrag and downloaded and ran Deckard's System Scanner - however, I was unable to find the extra.txt file. I looked in the folder C:\Deckard\System Scanner and throughout the Deckard file and could not find it anywhere. The only file I could find was the main.txt file. Here is my DSS main.txt:Deckard's System Scanner v20070611.50Run by Owner on 2007-06-18 at 18:11:47Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 6:11:58 PM, on 6/18/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC... Read more

Answer:Post cleanup problems

Hey Oowo, you're welcome for the help.Did you run DSS from the desktop? Sounds like a little thing but it makes a difference. If not, go to whatever folder you saved it to, right click on dss.exe, choose copy (or cut), then go to your desktop, right click on open area and choose paste. Then go to the C:\Deckard folder and rename it to DeckardOld. Now try running DSS from your desktop and see if you can get proper logs.The main.txt looks pretty good, but some things in there in I need to check out.I was really suggesting that you consider removing or disabling SpySweeper instead of AVG. SS is know to be heavy on resources and AVG is comparatively light. It is always recommended that you run an antivirus since that is what they are designed for and anti-spyware as a supplement. I just looked at Webroot's page and don't see them mention the plain SpySweeper having an antivirus--so I may have been misinformed in thinking the latest version has one. Webroot offers a Spy Sweeper with AntiVirus bundle, but if you aren't running that specific program, you need to turn your AVG back on ASAP. To see if there is any significant performance improvement in having SS not running, it would be better to uninstall SpySweeper or just disable it and see if it makes any difference.If you can't get DSS to run a full log, I'd like to see another list of what you have installed. Do the following only if you can't get an extra.txt from DSS:Open HijackThis. If you still have the New ... Read more

3 more replies
Relevance 54.94%
Question: Post Virus cleanup

I am new to this forum and not an experienced computer fix it type. So I need some help. My computer became infected with a virus called by MSN as: TROJAN:Win 32/YEKTEL.A. My 2009 Norton Antivirus faile to detect the virus so I found MSN Defender which I downloade and it detected and removed the virus. In searching for a Av tool I downloaded REG_CURE software and ran it after the virus removal. It showed that there were over 1100 problem areas some of which were Registry related. Dealing with the Registry can lead to further problems. My Question is does anyone have any experience in using REG-Cure and if so what was the result? Should I trust REG-Cure to do the cleanup?
Thanks

Answer:Post Virus cleanup

Using registry cleaners can have disastrous effects on a system. Here's a quote from quietman7Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for a several reasons:? Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable.? Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries re... Read more

4 more replies
Relevance 54.94%
Question: Post Vundo Cleanup

Hi,First of all a big thanks to all the moderators and members of this site!! I have found the information in your forums most valuable! You guys helped me fix my Vundo problem. I was another of those who had been infected by the Security Toolbar 7.1 & Vundo. What an annoyance it was trying to kill that thing (especially when it wouldn't let go of some of the processes). But from reading your fantastic forum entries I found I was able to nail it with Vundofix, AVG Anti-Spyware, Spybot S&D and HJT. By reading the forums I also found, as with some other people, I had to add the mljji.dll ijjlm.ini (etc) to the Vundofix (V6.6.2) box.Anyway, long story short, can you please check my HJT log and see if everything looks OK. I don't seem to have any malware activity, PC speed is OK too, but I'm a little hesitant/skeptical and keep expecting something to happen again. Do you know if this BHO dll is OK or not - C:\WINDOWS\system32\sxibfwaf.dll (see HJT log below)Again, with thanks. BockeeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:17:39 PM, on 1/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchos... Read more

Answer:Post Vundo Cleanup

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. That O2 entry you mentioned looks like a leftover from Vundo, but I'd like to take a look at it just to make sure. Go to this page.Where it says "Browse to the file you want to submit", copy and paste the filepath below into the box:C:\WINDOWS\system32\sxibfwaf.dllThen click the Send File button below.Please let me know once you have done this.

8 more replies
Relevance 54.94%

Hi,I've just finished cleaning up a bad case of Virtumonde infection (thanks to [topic="http://www.bleepingcomputer.com/forums/index.php?showtopic=18610&st="]How To Remove Virtumonde[/topic] and no thanks to Ad-aware!). I just want to confirm that I am clean before I re-connect to my other home machines (which I have quite a few of).My DSS output files are attached.thanks!

Answer:Post-virtumonde Cleanup

Hello, and welcome to the forum.My name is Simon V., and I'll be glad to help you with your computer problems.Please don't attach your logs to your post; instead copy/paste them in your reply.Looking quite good, but there are still a few things to clean up.Step 1Please download and install CCleaner.Open CCleaner. On the Windows tab, leave the default options alone.On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.Click on the Run Cleaner button at the bottom right hand corner.Close CCleaner.Step 2Open HijackThis, perform a scan and put a check next to the following items (if present):O21 - SSODL: fsrpknov - {8BF0004B-74AB-4E2A-96FB-94244BA9124B} - (no file)O21 - SSODL: fdxbameg - {353C4F47-B770-43EB-B225-BED78A2F3FB4} - (no file)Close all programs except HijackThis and click on Fix checked.Step 3Please download OTMoveIt2.exe by OldTimer and save it to your desktop.Double click on OTMoveIt2.exe to run it.Untick the option to Unregister Dll's and Ocx's.Select the contents of the below codebox, then press Ctrl+C to copy it to the clipboard.C:\WINDOWS\system32\uxdvinhu.dll
C:\WINDOWS\system32\jjvcou.dll
C:\WINDOWS\system32\aplndftp.dll
C:\WINDOWS\system32\MnVFOXbc.ini2
C:\WINDOWS\system32\kebbhrje.dll
C:\WINDOWS\system32\ygddqsqo.dll
C:\WINDOWS\system... Read more

4 more replies
Relevance 54.94%
Question: Post Virus Cleanup

I recently had a virus/spyware problem. For the most part they should have been cleaned out, but I want to make sure that everything is out of my system. Here is my log. Thanks a ton.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:28:48 PM, on 11/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEF:\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeF:\Logitech\MouseWare\system\em_exec.exeF:\Stardock\ObjectDock\ObjectDock.exeF:\Widgets\YahooWidgetEngine.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeF:\Grisoft\AVGFRE~1\avgamsvr.exeF:\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\cc... Read more

Answer:Post Virus Cleanup

Hi huang

Do you have kaspersky online scan report?

If so, please post it.

If not, please re-scan with it and post it along with a fresh HijackThis log:)

2 more replies
Relevance 54.94%
Question: Post virus cleanup

Hi. I just got over a nasty virus which really hosed my machine and had to install/repair Win XP again. After a few days of being "fixed", the virus came back. I ran a bunch of programs and things look pretty good now, however, I still have remnants of the problem. AVG is finding a problem with atapi.sys, in the system32/drivers folder. It says the file is white listed and removal is not recommended because it's a critical system file. That file also is in the dllcache folder and in the System Restore folder.

I'm pretty sure it's not a false positive because of what I've read elsewhere and the fact that the file was created today. The file size is 136k whereas on my other machine, the same file is only 95k. Can I just copy that file from the good PC and replace the file on the bad PC?

Also, in my scans, I found many instances of another file called "secupdat.dat" when using Malwarebytes Antimalware. This is more malware which was to be deleted upon reboot by the program but it's still there in about 6 places and can't manually be deleted.

I think the root of these problems were related to the main files of the virus: wind7upd.exe, photo_id.exe and a few others.

My HJT log looks clean now. I have HJT and OTS logs ready. (OTS was used to help another poster with the same problem).

Thanks in advance
 

Answer:Post virus cleanup

I see now that posting my HJT log is ok with the first post. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:45 PM, on 12/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KH... Read more

1 more replies
Relevance 54.94%
Question: Post virus cleanup

Hello,A few days ago my cpu suddenly went to maximum usage, fans became very noisy, and avg detected some virus which I moved to the vault or whatever the default action is. After this happened, anytime I start my computer the fans immediately start in some high setting and I can't figure out why. I ran speedfan to find that the cpu is idling in mid 60s and whenever usage goes up it moves into 70s. The start of this problem coincides with the virus so I'm not sure if it's related to that or just a coincidence that some hardware problem have happened at the same time. Anyways, so far I've tried the following:Updated and ran avg and removed the trojan it found.Updated and ran spybot and removed the trojan it found.Ran HijackThis with the following log.Thanks for any feedback, and sorry if the problem is unlikely related to this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:13 PM, on 6/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Fi... Read more

Answer:Post virus cleanup

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 54.94%

Okay 1st off i`m not sure if this is in the right section, i`m sorry if it's not.

Anyways just like the title says, I've been supended from my internet services because apparently I use too much internet lol. I'm using my phone atm- has this ever happen to anyone? Comcast rep just told me I was using too much. They said they are giving me a warning and the next time I use too much internet I will be suspended for a year. I just laughed. I don't know why i`ve never heard of such things. This amazes me.

Well, is there any other good internet companies out there? I`m planing to switch out of this crappy company. Can`t afford to be down for the next 2 weeks
 

Answer:internet got suspended for using too much internet (comcast)

If they suspend you do you still have to pay the bill or is it like an easy way to terminate the contract?
 

24 more replies
Relevance 54.94%

Hello all. Again: can anyone help with System Restore?
It keeps getting suspended "as there is not enough free disk space".
Sure space is plenty - over 1 gigabyte on every drive.
I am sure I didn't touch the System Restore Directory.

This started after SP2 was installed. Both at work and at home. Hardware is absolutely different. What might be the damn issue?

Thanks.
 

Answer:System Restore Suspended - "not enough free space". Wrong!

Here are a couple articles pertaining to your issue, the text below them is from the second article.


http://support.microsoft.com/default.aspx?kbid=299904

http://support.microsoft.com/default.aspx?scid=kb;en-us;300044

How can I adjust how much space System Restore uses on my disk?

Answer: To adjust the amount of space System Restore uses on a disk, go to the Control Panel ('Start > Control Panel') and double click the 'System' icon. Then click on the 'System Restore' tab on the system applet. Depending on your disk setup use the following instructions:
?

If you have just a single partition on your system: You can adjust the space system restore uses on the disk by moving the slider on this page left (to decrease space usage) or right (to increase space usage. The maximum space usage is 12% and is the default.
?

If you have a multiple partitions on your system or multiple disks: Click on the drive you want to adjust in the available drives section on the System Restore page and then click the settings option. You can then adjust the space system restore uses on that drive by moving the slider to the left (to decrease space usage) or right (to increase space usage). The maximum space usage is 12% and is the default. Repeat for each drive as necessary.
 

2 more replies
Relevance 54.53%

I have spent the past year in China and while I was there I had to use some sort of proxy service (Freegate, FreeU, etc.) if I wanted to access certain websites (ie facebook, twitter, blogspot). I am on vacation in the US now and still cannot access these websites sans proxy - almost like China has hacked my computer!

I joke, but this is really annoying. I have cleared my history, cookies, cache, and deleted all proxies. The problem exists on all of my browsers so it has to be with my connection. I have "Automatically Detect Proxies" checked under LAN settings, though I have tried unchecking it. No matter what I do I get the "This connection has timed out" error Firefox. Also, when I try accessing these sites through Chrome it says "Resolving Proxy" in the lower left corner, so I think it somehow is still searching for that proxy and thinks it needs it to access these sites.

I'm clueless and would appreciate any ideas - thanks!
 

Answer:Solved: Help with proxy settings and internet access post-China

12 more replies
Relevance 54.53%

Hello. I had a norton goback error 141 and after many attempts to rid my pc of it..got frustrated and just went for option of reinstalling windows xp and losing my data. Reinstalled windows xp operating system and drivers. Now I have no internet access. when I go into internet options it shows my ip address and that connection is enabled. Packages are being sent, but not recieved. I have talked with comcast and they say everything looks functional from their end. Could there be a problem with the hardware. I was given # to microsoft, but of course that want to charge. I only paid $70 for this harddrive. I have read many threads about norton goback causing all kinds of problems. but I'm assuming it was erased when I reinstalled windows?. I don't know what I doing. Any ideas? Would appreciate so much

Answer:Unable Access Internet Post Reinstalling Windows Xp P Crash

First thing I would suggest...remove Go Back from your system. It's not needed with XP, there's a built-in function called System Restore which may interfere/conflict with Go Back (or vice versa).

Second...you say that you reinstalled XP and drivers. How? Do you have an XP CD and a drivers CD? Do you have a recovery partition or recovery CD?

Manufacturer of system and model?

Is Internet access the only function that you are aware of not working properly?

Go Start/Run, type in devmgmt.msc and see if there are any markings (yellow/red) indicating that something is amiss with hardware.

Was the Go Back error the only reason for the reinstall of XP?

Louis

3 more replies
Relevance 54.53%

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application
log.

We also tried to ex... Read more

More replies
Relevance 54.12%

Hi

I have performed all the steps suggested in the cleaning procedure. I do not really know how to interpret the logs (I have saved them) Should I post these results on here just in case something is reported in them that needs attention. The reason I ran the clean up is because of what I seem to se on here is a common fault, PC slow to load, running slow, plus a message on startup that an app such as word, excel, powerpoint (it varies) has encountered an error and has had to close, even though i never asked it to open, or windows has encountered an error and had to close, this one can take some getting rid of, need to close several times. However, on this restart after the clean up none of these things happened, but it sometimes did not before, so I am not sure it has been cured.

Could you please advise whether to post the logs, or should I wait to see what happens. Firefox is still slow opening up by the way.

My PC details are AMD Athlon XP 2800+
2.08 GHZ 1.00 GB Ram
Microsoft XP Pro V2002 Service Pack 3

Thanks
 

Answer:Cleanup procedure done - should I post results?

Done cleanup, still having even worse problems

Hi

Followed the cleanup instructions, now problems worse than ever, first re boot was OK, but now load up slower than ever, more than one app and error message coming up, any help out there please, I am losing it here and ready to throw thw PC out the window. Please help.
 

6 more replies
Relevance 54.12%

Hi, thanks in advance for your help.

I think my computer has been cleaned of malware but I would appreciate if an expert eye could take a look to confirm as my entire family uses this computer to do our finances.

Back story: a few days ago, the computer became infected with virtumonde. I think I was able to remove it with my AV and Spybot, but just to be sure (due to the aforementioned reason, I am paranoid), I decided to restore my system to factory defaults using the restore CD I received with computer purchase. I've done this 3 times now, as each time I do it, my AV detects 2 trojans in my System Volume Information. They always start with A000####.dll (the last four digits are different each time). This last time, I thought maybe my backup personal files in my USB drive were infected, so I did not connect this drive to my computer as yet. After the factory restore, I updated my AV, downloaded my firewall from CNET, and updated XP. A full scan with my AV after this came back fine. Then I downloaded MBAM, SAS, Spybot, and Spywareblaster and ran them (from this site or cnet; I followed all the advice on your how to protect your computer thread after the last infection!) full scans, everything came back fine. Then I disconnected my internet, went to run some errands, came back and Symantec had found the 2 trojans in the System Volume Information. So now I have 2 questions:

1. Why may this be happening? Is Symantec giving me a false positive or is the infection r... Read more

Answer:Please verify my logs - post cleanup

and the last log
 

6 more replies
Relevance 54.12%

Hello. My computer has been running slowly, much more slowly than what it used to run. We got rid of AV Security 2012 virus by running Windows 7 in safe mode then running a MalwareBytes scan. But things just don't seem the same. The text format in Internet Explorer appears funny. Plus some Dell DataSafe window has constantly popped up, from before this virus problem. This laptop had a virus about a year ago but used the same process (safe mode & MalwareBytes scan) to get rid of that nasty guy, but things just haven't been the same. Attached is a HJT log and some other stuff. Please assist to help streamline my laptop and to be sure everything is cleaned up. Thanks...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:40:37 PM, on 11/16/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\SysWOW64\runonce.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Progra... Read more

Answer:Post AV Security 2012 cleanup

6 more replies
Relevance 54.12%

Hi thereOver the last week or so I've had a number of problems with my pc relating to spyware & adware problems. I believe I was infected with a variant of the smitfraud type adware. General searching has led me to believe it was loosely linked to SpyQuake as I had things like VirusBurst and Protection Bar forced up on me. Generally symptoms included new desktop icons linking to websites selling virus protection software, an icon in the system tray flashing warning messages saying I had a serious infection and hijacking of my homepage sending me to some Protection Centre. Basically I have had similar problems in the past and so had some experience in the situation and so attempted to solve as much of the issues I could from personal knowledge and with reference to other forums and support websites. To quickly cover the processes I have already gone through: I used SmitRem (log enclosed), BFU, RogueScan, and SmitFraudFix which together solved most of the problems. Now I have control over all of my pc again and am running everything normally. However I would like to ask advice as to if there is any residue left of the infection as I do not wish to be left open to further similar hits as this happened to me last time and caused the problem to become increasingly difficult. Here are the latest actions I have taken:1. Ran DiskCleanup utility to empty Recycle Bin and Temporary Files folders. Completed successfully.2. Updated and used Ad-Aware and Spybot to remove anything each ... Read more

Answer:Review Post-infection Cleanup

Looks fine, but let's get AVG's AntiSpy - formerly Ewido

7 more replies
Relevance 54.12%

Hi - Vundo found on laptop. Ran vundofix SuperAntiSpyware and ATF Cleaner. Re-ran and programs report laptop is clean. Cannot launch Internet Explorer. It just flashes and goes away. Here are the contents of the Hijack This log. Please let me know what needs to be removed and anything else I might need to do. TIA!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:58 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Li... Read more

More replies
Relevance 54.12%

Hi and thank you right from the start!!!!!

Yesterday, Avast 4.8 popped up with a message stating that my PC has the worm snapsnet[1].exe and also AntispyWareMaster appeared immediately after.

Following help from another forum, I *think* I've removed the infection through a combination of boot-time scan using Avast, and Superantispyware.

Avast scan, superantispyware scan, RougeRemover (free) and avast AntiRootKit all come up clean now

But before I get too happy, would somebody please take a look at my hijackTHIS file that I just created and let me know if there is anything out of place.
I read the sticky in this forum, but have not yet run DSS or Kaspersky, mainly because the XP account I am on is not an admin.
Am I safe again to use Email and online banking???
Thanks again!

Answer:Please Analyze Hijackthis Post Cleanup Log! Thanks

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. The reasons for this request are: Posting the log as an attachment may delay getting a response as it takes time to download the file. Please copy and paste the log in your thread for quick reading and review. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I don't think that you are attaching anything scary but others may do so. Thanks.

2 more replies
Relevance 54.12%

Over the weekend I was infected with a fake anti-virus program named Personal Shield Pro.
Although I was able to remove the malware (with Malwarebytes' Anti-malware), my computer is still acting up. For example I cannot connect to the internet on any browser while running normal mode, or safe mode w/ network connections. Many of my programs crash on start up as well as I occasionally get a BSOD.

Any assistance would be much appreciated seeing as my computer is basically a shell at the moment.

Answer:Post Malware cleanup problems

You are either still infected or sustained some damage from the infection that the Pros in the Virus Removal Forum can help you with. You need to go there, read the sticky and post the logs they need to help you with your issues.

1 more replies
Relevance 54.12%

Now then, I followed all of the steps in this thread. Here's the result.txt file.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "... Read more

Answer:Post-Cleanup result.txt file

That looks ok.Just pull these out to complete the cleanup..

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

1 more replies
Relevance 54.12%

I am running Windows XP. Prior to last Saturday, everything worked fine.

Last Saturday, Comcast installed a cable modem at my new apartment, using my Toshiba Satellite laptop to complete the installation. At some point during the installation process, the technician had me enter information, and one of the fields had Mozilla Firefox selected for something (I was on the phone when he insisted i sit down and fill in the fields, so I wasn't paying as much attention as I should have been). Currently, Firefox now has perfect access to the internet, but nothing else is able to get online access, all even when connected via hardline directly to the modem. When I say nothing else, i mean iTunes ("iTunes could not access the iTunes store. You do not have permission to access the requested resource. please make sure your network connection is active and try again"), Gmail Notifier ("An error has occurred. Cannot read your messages (bad data;1)"), Kodak EasyShare, Weather Channel Desktop Weather 4 ("Forbidden you do not have permission to access on this server"), AIM ("A server error occurred"), even Internet Explorer ("403 Forbidden you don't have permission to access on this server") or installation software for new hardware (i.e. my new router).

My computer worked perfectly fine on other networks prior to the comcast installation, and my roommate's computer (which does not have firefox installed) cannot access the i... Read more

Answer:post-Comcast modem installation, can only access internet via Mozilla Firefox

Alright first off, sounds like its the firewall. Is the modem and modem/router combo? If so its possible it has a built in firewall. If you go into CMD (From the Run Command)
do this:
Run:
"CMD"
type : "ipconfig"
Copy the IP address given for the "Default Gateway" (This is the IP address for your router/modem.
Open firefox and type that IP address in
You should be prompted for input a User ID and Password.
Default for most routers is Admin / Password
Once inside navigate around for a "Security" section, and look to see if there is a Firewall running, if so disable it and try some other application (ie I-tunes) once you apply the settings.
If Admin and Password doesn't work
Google the name of your router + password and you should get some hits on what is the default user id and password for the router you have.

Happy Hunting.
 

2 more replies
Relevance 53.71%

Hi -

In safe mode, I can access the internet. In normal mode, even after disabling all the services via msconfig, I can't access the internet via IE, Firefox, Outlook, pings, etc. There were no system restores available prior to the time when the problem began. And Windows Update is not working. And other wierd random behavior such as Add/Remove Programs hangs.

I've tried all kinds of programs to fix but no luck including Malwarebytes, Adaware, Spybot, and others including some registry cleaners. I've also tried turning off Zone Alarm fire alarm and also ipconfig resets.

Attached is the output from DDS and GMER. For GMER, I could not get a good run for all the requested checks so it is only for section and C drive.

Thanks, in advance, for your help. I am at my wits end and nearly ready to wipe out the whole system but I don't want to lose stuff. I have backed-up all of our My Documents folders.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 12:30:52.89 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.303 [GMT -4:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SSA\Smc.exe
svchost.exe
C:\WINDOWS\system32\Ati2e... Read more

Answer:No internet in normal mode, no restore/updates, looks fishy

BUMP, please

2 more replies
Relevance 53.71%

I'm sure the solution to this is simple, and just one of those commands I don't know. Yet.

Running XP Pro, sp2.

After removing some rather pesky trojans using a combination of AdAware, HijackThis, and finally Killbox, I'm left with a minor annoyance. One of those trojans (trogandumper as I recall) created the file C:\copy.exe that would run anytime I opened c:\, e:\, etc. After Killboxing it, whenever I try to open open of those directories, I get the error "Cannot find copy.exe Browse to..." etc. By right clicking on the drive, I can see that the default action (the bold one) has been changed from "Open" to "Autoplay". I can open the drives with no problem if I right click and hit open. So my question is this:

How do I change the default action of my drives back to Open from Autoplay?

Thanks for your time!
 

More replies
Relevance 53.71%

My Computer went down with Zentrom.

I did my best but Im still having Issues. Cant see/access any other drive but c, for Instance (no DVD, no usb hdds, no flashdrives, no Phone attatched to the usb - nada)

Other things pop up from time to time, like issues with IE, etc.

looking to see what I can get rid of here:
 DDS.txt   12.1KB
  2 downloads

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2010 3:27:29 PM
System Uptime: 10/10/2011 9:45:53 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 795/133mhz
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 795/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 6.18 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1AC99961394FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1AC99961394FC000
Service: NIC1394
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-L632D_______________DE04____\5&1BA06B6C&0&0.0.0
Manufacturer: (S... Read more

Answer:Post Zentrom System Guard Cleanup

Wow. Just saw the "freebeastialitytube.net" part ! oh thats awesome ! was thatsupposed to deter/embarrass me from getting help ?

20 more replies
Relevance 53.71%

Hi, guys. I recently had back-to-back problems with nasty SpySheriff and spam mailbot infections. After running many scans (Spybot, Ewido, BitDefender online, McAfee online) and fixing problems, my functionality seems to be back to normal. I just want to make sure I'm clean, so here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:10 AM, on 12/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849... Read more

Answer:Post-SpySheriff & Spam mailer cleanup

Hi and Welcome to TSF

I don't see anything suspious in the log...but since you had Spysheriff..lets make sure all it's componets are gone.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware® SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Run hijackthis and fix these entrys:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins... Read more

5 more replies
Relevance 53.71%

Hello for the 1st time about HJT. I have a problem im trying to solve regarding WinXP unable to switch users and other Windows bugs that began after i cleaned a big bad virus from my system this past spring.
A techie on another thread told me to post this here, reference thread here

My HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:45:13 AM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
C:\Program Files\BlackICE\blackd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MTS\ENTERN~1\app\pppoeservice.exe
C:\Program Files\BlackICE\rapapp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\BlackICE\blackice.exe
C:\Program Files\Konfabulator\Konfabulator.exe
C:\Documents and Settings\Karl\Start Menu\Programs\Startup\taskmgr.exe
C:\Documents and Settings\Karl\My... Read more

Answer:windows problem post virus cleanup

Hello karly,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

AdAware?s Ad-Watch may interfere with these fixes, please disable until we are through here.

Disable Ad-aware's Ad-Watch
Right-click on the Ad-Watch icon in the system tray
At the bottom of the screen you will see 2 options Active and Automatic.
Deselect Active
Deselect Automatic
Go to "Tools & Preferences">Options
Deselect "Load Ad-Watch at Windows startup"

Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Download CWShredder and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it w... Read more

3 more replies
Relevance 53.71%

Hi guys

This is my 1st posting here

after cleaning a friends pc - avg, spybot - i ran hijack this.
One Sobig virus found & cleaned.
Pc (P3 733 128 Mb) still seems sluggish - i think due to a lexmark & HP printer connected + will probably benefit from extra an 128mb ram.
I believe the machine is clean of nasties now but would like to make sure

Logfile of HijackThis v1.96.4
Scan saved at 21:49:53, on 11/09/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LEXMARKX84-X85\ACMONITOR_X84-X85.EXE
C:\PROGRAM FILES\LEXMARKX84-X85\ACBTNMGR_X84-X85.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS MOUSE\MOUSEAP.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\MAGICKEY.EXE
C:\PROGRAM FILES\BELKIN WIRELESS\BELKIN WIRELESS KEYBOARD\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
D:\SETUP APPS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU... Read more

Answer:hijackthis log post cleanup - sobig, win98

15 more replies
Relevance 53.3%

A laptop was brought to me with malware with install dates as far back as 2009. These include but are not limited to: Conduit, Snap.do, AnyProtect, Driver Support, SpeedUpMyPC, and ARO 2012. I have cleaned with CCleaner, Malwarebytes, Spybot S&D, SuperAntiSpyware, and Avira Free with high heuristics, manually deleted many leftover files and folders, deleted startup entries and tasks that were scheduled, fixed the MBR via the recovery console, and removed addons from IE and Chrome.

I was still seeing occasional redirect in Chrome, especially when searching for technical information - perhaps 1 in 4 searches - so I followed the directions here for Chrome redirects. It redirected again, so I followed the regular malware directions, and the logs are posted below. Thank you in advance for your help.
 

Answer:Occasional redirect post-cleanup from severe infection

First, let's have you rerun Hitman and remove everything it found. Reboot and rescan and attach the new log. Be sure to tell me if things improve.
 

3 more replies
Relevance 53.3%

For more detail, read here: http://www.bleepingcomputer.com/forums/t/303049/major-infection-problem-being-blocked-from-everything/ ~ OBokay, so... after being rescued partly by systemrestore, and running all manner of cleaning software, it seems like the coast is clear, but I'm still suspicious. I don't put it beyond myself or MBAM, SAS, Avast, and Clamwin to have missed something. and yes, yes, "oh no, don't have multiple antivirus programs!". the avast is eight days away from being time-overed, and clamwin found something it missed, so... here come the logs.HJT, after the cleaning session: ~~~~~~~~~~~~~~~~~~~HJT1~~~~~~~~~~~~~~Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:32:05 PM, on 3/17/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18349)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Windows Sidebar\sidebar.ex... Read more

Answer:post-allnighter-cleanup logs; after struggling with hiloti and such,

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

8 more replies
Relevance 52.89%

My 64-bit Win7 Ultimate machine had a rather severe reaction to a piece of software I installed, resulting in the OS not loading. I was able to successfully restore the system and it is up now and running fine.

Here's where it is beyond my ken, though -- It shows that it has Internet access -- going straight through to the Internet. And I've even been able to access like one site briefly. Well, actually I accessed my own website and loaded a directory full of images. I was able to load a single image -- one that I was sure wasn't in the cache. But that was it. After that, I couldn't load anything. I tried three different browsers and they were all giving me equivalent messages. Firefox suggested my firewall might or a proxy might be the problem, so I disabled the firewall (I don't use a proxy server), but it didn't make any difference. I've even tried rebooting the system -- twice -- hoping that might unstick things, but no such luck.

I just took a look in Device Manager, and I see where something called the Microsoft Teredo Tunneling Adapter has problems. It says it cannot be started (code 10). I tried reloading the driver and it said the most current driver was loaded. I had no idea what this was, so I googled it and learned a bit about IPv4 vs IPv6 protocols, but that some folks just disable it and they're no worse for wear. Well, I don't have any new or recent hardware here that might need IPv6 so I'm thinking I can probably do without it as well. I tried disabling it,... Read more

More replies
Relevance 52.89%

My 64-bit Win7 Ultimate machine had a rather severe reaction to a piece of software I installed, resulting in the OS not loading. I was able to successfully restore the system and it is up now and running fine.

Here's where it is beyond my ken, though -- It shows that it has Internet access -- going straight through to the Internet. And I've even been able to access like one site briefly. Well, actually I accessed my own website and loaded a directory full of images. I was able to load a single image -- one that I was sure wasn't in the cache. But that was it. After that, I couldn't load anything. I tried three different browsers and they were all giving me equivalent messages. Firefox suggested my firewall might or a proxy might be the problem, so I disabled the firewall (I don't use a proxy server), but it didn't make any difference. I've even tried rebooting the system -- twice -- hoping that might unstick things, but no such luck.

I just took a look in Device Manager, and I see where something called the Microsoft Teredo Tunneling Adapter has problems. It says it cannot be started (code 10). I tried reloading the driver and it said the most current driver was loaded. I had no idea what this was, so I googled it and learned a bit about IPv4 vs IPv6 protocols, but that some folks just disable it and they're no worse for wear. Well, I don't have any new or recent hardware here that might need IPv6 so I'm thinking I can probably do without it as well. I tried disabling it,... Read more

Answer:No Internet Access After Restore

Open command prompt and run ping 8.8.8.8.See whether it is able to receive packets.

1 more replies
Relevance 52.48%

Hello,
Starting yesterday I am not able to get on the internet in any browser--I tried Firefox, IE and Chrome--none work. They give the same error message--page not available. My wireless connection is excellent and network diagnostics tell me I have no problem with my connection. I've been trying to solve this problem my self so I read on another forum that I should try to do a system restore. I've tried 5 different restore points and the blue screen which says initializing restore point runs for hours and hours and isn't able to restore. I left the last one running last night--it ran for 14 hours and was not able to recover. I am thinking it's a virus/spyware i picked up called Tango perhaps. I have Spyware Dr installed and I haven't had any problems but Tango was unable to be removed. I have just completed a full scan of malwarebytes in safe mode and it says I have no infections? I am running a Spyware DR full scan now. My system is a HP pavillion dv4 Notebook PC AMD Turion II dual core processor 2.20 HZ 4.00 GB (3.75 usable), 64 bit operating system running on windows 7 home premium(64 bit). Also, I am unable to get on the internet so I am writing this on my old XP laptop. Not sure how I can get a hijack this scan onto this computer? Thanks for any help you can give me, i am at my wits end trying to figure out what to do next save for an expensive repair or wiping the whole system out and starting over--really don't want to do that!
 

More replies
Relevance 52.48%

Have tried 2 different internet connections but can't connect using my laptop. Other people in house can on their devices haVE USED THE TROUBLE SHOOTING TOOL BUT IT SAYS CANT IDENTIFY PROBLEM. Have tried system restore but get error message : the specified object was not found (0x80042308) can anyone help me please?
 

Answer:cant access internet or do system restore

Welcome to TSG!

Reboot in Safe mode, then try the System Restore.
 

2 more replies
Relevance 52.48%

Ok, I don't know if this is a virus or malware issue...but I REALLY need help badly. I'm about to format my harddrive, but I want to avoid that step if possible. I have too much stuff and can't back it all up on one 8G flashdrive.

It all started this morning when I was looking for a music file on a torrent site... I didn't even download anything, but immediately I noticed that I was getting pop-ups from a program I use (WinPatrol) that alerted me that new startup programs were attempting to launch ("OLE32 Extensions for Win32") and (Run a DLL as an APP - rundll32.exe) and I quickly clicked "No" (Do not allow) because I had not downloaded anything legitimate and knew it was probably junk. However, my internet slowed to a crawl, each page now takes 5+ minutes to load (or not at all). I was going to reboot, but noticed that by the Shut Down icon there was an "important installation required" shield indicating that Microsoft had updates for me to install upon Shut Down... so I did that. Now I'm thinking that's where I got the virus/trojan/malware...?

I have MalwareBytes's Anti-Malware program but it will not load now, a problem I had before when I had a trojan. As well, System Restore refuses to let me load up old definitions - when I pick a date to restore from, I click the Next button to begin and it just stops there ... refuses to restore.

I also got the "blue screen" twice, with the message something to the effect of "Your... Read more

Answer:Slow/no internet access, can't restore

Hi,

Rename GMER to BMER then re-run it. Post the contents of the log.

10 more replies
Relevance 52.48%

I am having issues with my internet not working at all. My home page will load then I cannot go to any pages. It says Cannot Display Webpage. I did a system restore and now have access but it stops running and has script errors. I also have a problem on start up where a notification comes up asking me to rename a file program1. I have lots of programs I have no idea where they came from and can't seem to remove. I am worried my son has infected my computer. Any help you can give will be appreciated.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:09:22 PM, on 8/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Sof... Read more

More replies
Relevance 52.48%

It all started when google was redirecting my searches to different sites. So i thought it's got to be infected with spyware. So the normal routine i would do is run Avast Anti-Virus and Malwarebytes Anti-Malware to clear the problem, they both came up with no results. I tried the search engine again, it didnt work i was still being redirected. I then ran Reg Cure, no luck. Finally i ran Spyware Doctor, this came up with a whole heap of results. So after restarting my computer as it advises you to do so i tried to connect to the internet, this time it wont even connect. So i tried to system restore but it doesnt even do this now.
Log files attached and listed below... I may have access to Win XP Pro SP3... please help!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Unal at 0:21:26.12 on 16/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1455 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
F:\Program Files\Alwil Software\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSRe... Read more

Answer:No Internet Access, No System Restore!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix and the Microsoft file to a USB drive on another computer and transfer the files to your desktop.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. Also, ComboFix will not address certain types of malware unless the... Read more

9 more replies
Relevance 52.07%

My boyfriend's computer began having problems with redirecting and pop up ads several weeks ago. Now it has become impossible to log onto the internet except in safe mode. I tried to download Hijack This and can't do it in safe mode. Can someone help me figure out what to do? I want to be able to post the logs from his computer however can't do it now...unless you can help me and I'm assuming you can. Thank you ahead of time for your help. T
 

More replies
Relevance 52.07%

Hi

I recently bought a new Dell XPS Ultrabook 13 with i7 processor. It worked fine for about three weeks, then all of a sudden it refuses to connect to the internet. I am still connected to my wifi network, but the network and sharing centre shows the connection as dropped between the hub and the internet. Troubleshooter offers no answers. I know other Windows7 users have experienced this and so I have ALREADY done the following:

Tried accessing the internet in safe mode with networking. This works, so it is not a hardware issue. I can definitely access this web in this way.

Rebooting my wireless router etc. I know this is not the issue though, as other devices such as my iPhone can still access the web through it (and the XPS, in safe mode)

Possible spy/mal ware. I think this is unlikely. A) the laptop is new b) I am extremely careful on what I download c) I have run repeated full system scans with both my preloaded AV software (McAfee) andMalwarebytes anti-malware. Neither has unearthed anything at all. Not a single item, and they both are checking against the latest databases.

I ran msconfig and deselected all startup programs and services except MS ones. I also downloaded and did similar through ccleaner. No joy.

I checked devices through device manager. All devices seem to be working normally. No conflicts. I disabled and enabled the network wifi miniport adaptors. Again, nothing.

The most frustrating thing is that I haven?t actually made any system or settin... Read more

Answer:Canít access internet in normal mode

Hi Welcome to Seven Forums.
To help all of us would you please add your systems specs? Here's how: System Info - See Your System Specs
Under System Manufacturer/Model Number add desktop or laptop and whether self built.

You can easily copy/paste specs to your profile from within the app, no install required.
I would get rid of McAfee, it cause a lot of issues in w7. Yes updates can do odd things too. Use a system restore to before those updates then reinstall one at a time.

5 more replies
Relevance 52.07%

Hi,

I am unable to access the Internet and I am sure it is a result of a worm or other malware. Below is my Hijackthis log. Please help, if you can. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:19 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:... Read more

More replies
Relevance 52.07%

System is Vista Home Prem SP1 running on Dell Desktop. It had a root kit problem and the fixer program removed TDX.SYS. I have copied this file from another Vista system but it does not load and therefore the DHCP Client will not load. System is believed to be clean now but has additional problems: it gives BSOD (8e) in Normal boot mode - runs good in Safe mode.
If I could get Safe Mode with Networking back so that I can actually access the internet, I could more easily download some help for the 8e problem.
 

More replies
Relevance 52.07%

Hi - appreciate any help. Usually can find an answer on the web but I have had no luck. Attempting to fix a friends pc after I was told they cannot get on to web via IE or Chrome. When booting into Safe Mode - can access internet. Have ran MalWare removal and some rootkit removal tools but still no luck. Apps like Office work....have reset all settings in Chrome and IE. Any thoughts? thanks in advance...

Answer:Can only access internet in Safe Mode

Hi, welcome to the forums, it is most likely a third party app, these typically do not start in safe mode. Try a clean boot to track done the errant app.

https://support.microsoft.com/en-us/kb/929135

1 more replies
Relevance 52.07%

Hello

My brothers has Dell Inspiron 530 with Vista64 a few days ago it froze and when he restarted it would not access the Internet (Ethernet) anymore.
I was able to restart it Safe Mode and it will access the Internet only in safe Mode. I also tried to uninstall Norton Security Suite but it does not unisntall.
Thanks in Advance for any help

Answer:PC will only access the Internet in Safe Mode

Welcome
When you had your initial problem, a setting was changed. Go back to a week before the problem with system restore.
System Restore - How to
If that does not work, we will solve the problem with a clean boot.

35 more replies
Relevance 52.07%

I have suddenly been able to access the internet only in safe mode. Problems began as I was stuck in the Second Life viewer program, which hung. Since then my Vista Ultimate shows both my wired & wireless Internet connections as having local access only in normal mode, but both local and internet access when in Safe Mode.

An earlier closed thread reported what seemed to be the identical problem for someone using a wired connection in normal mode. I tried all the suggested solutions in the thread, to no avail.

I have performed a system restore to a prior point in time; it made no difference.

ESET's Nod32 detects no malware. Neither do Spybot S&D or Ad-aware.

I have googled the symptoms. I have encountered no answers for anything resembling my symptoms.

Suggestions, hints, questions would all be appreciated.

Thank you.
 

Answer:Internet Access Only in Safe Mode

Means that some software that runs in normal but not Safe mode is the culprit. Top suspect would be a non-Windows firewall or security suite. Second suspect would be an anti-virus or anti-spyware program that is upset because its data definitions are out of date.
 

1 more replies
Relevance 52.07%

About a week ago everytime I signed onto the internet the page will appear blank with the word "done" on the bottom. I have comcast cable as my internet provider and windows xp as my operating system. The strange thing is when I go into safe mode I can access the internet, also my daughter has a laptop with a wireless connection that goes through my desktop computer and she has no problems getting on the internet. I have tried everything I can think of, I tried reinstalling the comcast software and a screen will appear stating that my network adapter is not bound to a tcp/ip. It shows me how to fix this by going into internet options and then connections and clicking protocol tcp/ip, but when I get to that point protocol tcp/ip is already checked so I don't know why I'm having the problem. I also have mcafee and it keeps telling me I have the very lince trojan but it can't get rid of it. I'm not sure if that is causing the problem but if it's not I'll deal with that one after the internet thing is fixed. Any help will be greatly appreciated.
Lisa
 

Answer:can only access the internet in safe mode

Try to see if you can do this in safe mode..
Run McAfee Virus scan and see if it can get rid of it.

Be sure to post the name of the trojan file up here so other's can search for it.

If that doesn't work. Start up normal, see if McAfee will tell you the name of the trojan file. Write the name and path down.
Reboot into safe mode. Go to Start/Run. Type 'msconfig' and enter.
In the new window go to Startup tab. Look for the trojan and uncheck the box for it. Reboot to normal and rerun McAfee scan to see if it can get rid of it. Delete the file manually if McAfee can't find it.
If you don't see the file in msconfig, just do a search for the file and delete it.

Don't forget to post the name.

Good Luck.
 

1 more replies
Relevance 52.07%

Hello,

Our computer can no longer access the internet. It thinks it's connected and reports no problems on diagnostics, but is saying "error code: connection refused"

I can access internet in safe mode

I have:

Ran malware bytes and super anti spyware in safe mode. It found a few things and removed them. Still no internet access.

Restored the computer to the 25th, it was working then.

Disabled windows firewall and all other firewalls

Ensured that the box was unchecked and blank in LAN settings on ie explorer

I have tried ie, chrome and Firefox

Uninstalled the latest windows update. The problem occurred right after the update.

Updated internet driver

I'm at a loss

Answer:Can only access internet in safe mode

Welcome to the Seven Forums.

I don't have a Vista OS to test things on at the moment, but I'll help as best I can. Most things should be the same as on W7 :-)

You might want to try the steps mentioned here:
Troubleshoot Application Conflicts by Performing a Clean Startup

It would help us to help you if you could fill out your system specs:
System Info - See Your System Specs
and post the info for item #6 from here:
Basic Requirements Before Posting your Networking Thread
(we don't need the Wi-Fi info)

2 more replies
Relevance 52.07%

Five bad files detected by TDSSKiller, otherwise no malware detected by the other utilities.
 

Answer:Cannot access internet in normal mode

Hello

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

18 more replies
Relevance 52.07%

Hi. I am having a serious problem whenever I try and load windows it freezes at the main page. I can, however, access internet easily in safe mode. Any help would be much appreciated?

Thanks,

Steve

Answer:Can only access internet in Safe Mode

Not sure what I was thinking with my previous comment, obviously misread.

What have you tried in normal mode?

2 more replies
Relevance 52.07%

Hi guys,

Bit of a pickle here, wondering if anyone is able to help.

I'm running a Sony Vaio N11H laptop on Windows XP, and I use Firefox as my web browser. A few weeks ago I realised that the only browser that would load web pages is Firefox. Flock wouldn't work, neither would IE, neither would Opera. This wasn't too much of a problem as I use Firefox as my primary browser, but now Firefox isn't working either. Whenever I try to load pages I get the usual 'page cannot be displayed, check your connection' gumph. I'm using a wireless, locked network which is fine for my 3 other flatmates, so I know it can't be that. Also I am still able to access instant messengers such as MSN and AIM!

I tried running my computer in safe mode, and sure enough every single browser lets me connect to the internet. Obviously I don't want to be running my computer in safe mode all the time, though, so does anyone had any idea what could be going on here?

Thanks very much for your help in advance!

- Michelle
 

More replies
Relevance 52.07%

hello,
I've been having this problem of not being able to access the internet in normal mode since last friday (june 5)
I was using the internet and all of a sudden i noticed that my McAfee had shut down and after i left firefox, i was no longer able to access the internet. (not even internet explorer)

I believe I have a trojan virus since my Windows Firewall noted that i have one of those viruses the next day and automatically restarted my computer in order to protect me from it.

I have contacted McAfee since i thought it was their system that was causing the problem. the people at McAfee told me uninstall the program and reinstall it. However, since I can only access the internet on safe mode, I am unable to reinstall the security system.

I've been looking at forums like these to see if they can help me out, but I understand the every situation is different. And I was really confused looking at the information since I am not that knowledgeable about viruses and computers.

If you could help me out with my problem since I am a college student and I have finals coming up soon. In addition, I need to by plane tickets to go back home. And I don't want to risk buying tickets online while i have issues with my computer and no security system to protect my computer.

*DDS.txt pasted*

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Keishi Nakajima at 1:02:09.96 on 06/11/2009 Thu
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
SP: Windows Defende... Read more

Answer:can only access internet in safe mode

Hi,

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread.
Make sure it is set to Instant Notification, then click Subscribe.

NOTE:Malware removal is NOT instantaneous.
Most infections require more than one round to properly eradicate.
Absence of symptoms does not always mean the job is complete.
You can be certain that I will advise you when the computer is clean.
Kindly follow my instructions in the order posted.
Please resist the urge to run further scans or fix items on your own without my direction.

Please do the following:

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications,McAfee, Windows Defender and Adwatch, (usually via a right click on the System Tray icon.) They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

8 more replies
Relevance 52.07%

Recovering from a worm.win32.netbooster infection.

After deleting numerous registry keys and unregistering dll files per removal instructions, everything seems to be normal.

The only problem remaining is I can't access the net unless I am logged in as administrator or the other user account (which has admin rights), after booting in the safe mode (F8).
IE and Firefox both work.

If I login after a regular restart, there is no internet access using IE or Firefox.

Seems simple to fix but I don't see anything wrong.

Please help!!

Answer:Internet Access When In Safe Mode Only

Hi,
You should not delete any Registry Keys, because any mistake can cause your computer to act abnormal. Can you tell me what were the registry keys you removed and why?

Regards,
Extremeboy

4 more replies
Relevance 52.07%

Hello! This is the 3rd laptop this month that has had this issue. When I boot up, I have no internet access, wireless or wired, but when I go into Safemode, everything is fine. I have already done the basic steps, you know, the troubleshooter, Malwarebytes(found nothing) and I do have a HijackThis log file if you want it. Anyway, the first 2 machines, I formatted them to fix the issue, but now that I have a 3rd one with the issue, I would like to get to the bottom of it! Please help meh :D

Answer:No internet access unless I am in Safe Mode

Uninstall your antivirus and see if that restores internet in normal mode

What antivirus do you use?

3 more replies
Relevance 52.07%

I have a laptop that cannot access the Internet in normal mode. If I boot in safe mode, then the internet is accessible. I assume this mean I am infected with something. I have run Malwarebytes and SuperAntispyware with no luck.

Here is my HiJack log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:57 PM, on 9/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Patrick\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Searc... Read more

Answer:Cannot access Internet in normal mode

I fixed the problem by restoring the system to a point from 1 week ago.
 

1 more replies
Relevance 52.07%

Hi

I've just joined this forum, and am really hoping that some kind soul out there will be able to help me!

Ever since yesterday evening, I have only been able to access the internet if I boot into safe mode (with networking support). The weird thing is, if I am NOT in safe mode, I can still access email using Outlook and if I run a ping command from a CMD prompt that also seems fine. But, browsing the internet using IE, Firefox or Netscape does not seem to be possible.

Even trying to open up my Speedtouch router, at http://192.168.1.254/, does not seem to be possible.

I also have Windows vista, on another partition, and access to the internet through this seems to be working without any problems.

I am guessing that I am the victim of some spyware or other malicious software. I have just run Hijackthis, and hope that somebody will be able to decypher it and tell me how to fix the problem!

Thanks in advance,

Ackoman

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:54, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Internet ... Read more

More replies
Relevance 52.07%

I have the same problem. I can access the internet in safe mode but not in normal mode. During startup 2wire lights up red but turns gray when the internet connection is made. My other computer also works fine. I have tried IE 6 & 7. I've tried the Winsockxpfix and Lspfix. Neither worked. All lights are solid green on the 2wire router. When Ie test the connect it finds no problem. There is definitely a connection. Something happens during normal startup. Please helpMod Edit: Post split from Please Help, No Internet Access, ~TMacK

Answer:Cannot Access The Internet In Normal Mode

Hello,

Can anything else connect to the internet for example messenger, skype? also do you have a firewall? something could be blocking port80 It could also be a problem with IE have you tried another browser?

8 more replies
Relevance 52.07%

I need desperate help!! When i try to go my wirless internet on my laptop, it freezes. The page doesn't load and i have to ctrl-alt-del to shut it down. When i go into safe mode, everything is fine. I went under msconfig-startup and i saw that lsasss was running, so i unchecked it. however nothing is fixed. here's my log. Logfile of HijackThis v1.99.1Scan saved at 10:49:35 AM, on 3/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\cidaemon.exeC:\Documents and Settings\Justin\Desktop\hij\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start... Read more

Answer:Can Only Access Internet In Safe Mode Help Plz

guys please help me. i dont want to spend loads of money/ time/ losing my files to fix this if i dont have to.

14 more replies
Relevance 52.07%

Hi,

Im trying to get a laptop to connect to internet using internet explorer, i definitly have a connection but keep getting a page cannot be displayed message.

Sometimes i get an error saying check firewall but ive turned off windows firewall and there doesnt appear to be another installed.

I dont know if this os relevant but firefox is installed also, but just wont run at all when clicked.

Yet, if i run in safe mode i get the internet no problem!

Can anyone help me please???

Answer:Can only access internet in safe mode

Sounds like the system is infected, Please read this sticky: http://www.techsupportforum.com/secu...oval-help.html

1 more replies
Relevance 52.07%

I'm not able to access internet in Normal mode. I can in Safe Mode.
WinXP SP2

I've run utilities:
1) Malwarebytes (nothing) - in both Normal and Safe Mode
2) AVG Scan (nothing) in Normal and Safe Mode
3) Combofix in Normal Mode

I've run MSCONFIG and ran in various modes including diagnostic and still unable to get to Internet.

(Added a USB Ethernet device and still unable to connect with this connection type.

HiJack this for review
Logfile of HijackThis v1.99.1
Scan saved at 12:06:02 AM, on 14/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\KMaestro\KMaestro.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:... Read more

Answer:Not able to access Internet in normal mode

Combofix Log
ComboFix 09-01-13.03 - user 2009-01-14 0:18:37.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.291 [GMT -5:00]
Running from: c:\utilities\Combofix\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-12 12:03 . 2009-01-12 12:03 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-12 11:28 . 2000-12-11 23:06 24,424 -ra------ c:\windows\system32\drivers\NET8511.SYS
2009-01-12 11:15 . 2009-01-12 11:15 99,965 --a------ c:\windows\UninstallFirefox.exe
2009-01-12 11:15 . 2009-01-12 11:15 0 --a------ c:\windows\nsreg.dat
2009-01-12 11:10 . 2009-01-12 11:10 2,654 --a------ c:\windows\mozver.dat
2009-01-07 15:38 . 2009-01-07 15:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 15:38 . 2009-01-07 15:38 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-07 15:38 . 2009-01-07 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 15:38 . 2008-07-30 20:07 38,472 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 15:38 . 2008-07-30 20:07 17,144 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 15:29 . 2009-01-07 15:29 <DIR> d-------- c:\program files\IObit
2009-01-0... Read more

2 more replies
Relevance 52.07%

Hey all! When I got on the computer this evening I couldn't connect to the Internet. I use Huges Net satellite Internet. I'm not sure exactly when this started but my son was on earlier today so it's possible he did something. I logged into Safe Mode and was able to access the Internet. So, I need to figure out what is blocking. I use AVG AV and Firewall but I've been using those for a long time now with no problem. I would appreciate some input on this!! Thanks!

Answer:Can't access Internet except in Safe Mode

There can be so many reasons for you to not be able to access internet.1. On your desktop you would see Network Places icon. Right click on it and select Properties. In the opening Network Connections window, you would see Local Area Connection or Wireless Connection. Right click on it and select Enable if the option shows up.2. Check in your AVG firewall if all internet is not blocked.3. Open Start Menu > Run and type cmd and press Enter. In the command prompt window, type ping www.google.com and press Enter. Post your results here.4. Next in the command prompt window, type ping 74.125.45.100 and press Enter. Post your results here.

8 more replies
Relevance 52.07%

I can only access the web in Safe Mode with Networking. Cannot in normal mode. Could really do with some help please.

(It is not the pc I'm logging this from)

Here's my hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:20, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program File... Read more

Answer:Can only access the internet in safe mode...

Any help please??

3 more replies
Relevance 52.07%

H, I have been asked to move my problem to this area, as the machine is indeed infected with trojans and viruses.

Running Windows XP Home. These are the symptoms:
1. Unable to enable Windows Firewall. (set on disabled, radio buttons greyed out).
2.System Restore does not work...i.e. absolutely nothing happens when I click on System Restore.
3. Hangs on trying to get to internet. Icon keeps going round and round but nothing else happens.
4. AVG "looks" like its running, but as I cannot get access to the internet, it seems a bit suspicious when it 'says' it has updated successfully (by showing a valid 'update date').

I have run SuperAntiSpyware, which picked up several trojans and other stuff, and will post the screenshots if instructed to ??
I then told SuperAntispyware to get rid of them, which it appeared to do.These are (were?) the problem files:

Trojan.DollarRevenue (2 items)
Trojan.SmartLoad(1 item)
Adware.Tracking Cookies (224items)
Adware.Mirar/NetNucleus (1 item- WinATS.inf).

I then told SuperAntispyware to get rid of them, which it appeared to do.

I then ran MBAM and it picked up more infected files. Appeared to get rid of them, but the log says No Action Taken, so not sure if they are still there or not.
System Restore is still greyed out (System Security disabled) and I'm reluctant to try anything further without advice.

Thanks
Rose

Answer:No internet access, system restore disabled

It seems that now I am unable to boot into Safe Mode, as the keyboard is being disabled in that critical time where F8 should work.
Not sure why this is happening.
Thanks in advance,
Rose

3 more replies
Relevance 52.07%

recently downloaded a course form tiger woods course downloads.com  got a weird active x and mistakenly opened it after restarting my computer i could'nt  see anything on my desktop nothing at all played around some and got some icons back tryed to system restore but it says system restore cannot run until u restart your computer after restarting it is the same message also i cannot get online when i  click ie icon screen flashes and nothing happens have run cleaners and 2 antivirus programs and nothing detected i have tried safe mode in all catagories still nothing  any thoughts on which infection i have

Answer:cannot access system restore or internet explorer

Welcome to ComputerHope.Get into Safe Mode and try the System Restore again.

14 more replies
Relevance 52.07%

I got on my computer the other day (which I had left on by accident the 2 nights before that so it was on but in sleep mode) when everything "woke up" the graphics displays were haywire (huge with very low resolution). I was playing around with fixing it and one option selected made the screen go black and the monitor said cannot support settings (or something to that effect).

Because I now couldn't see anything on the screen I booted up in safe mode and did a system restore to a couple days prior. That appeared to work and my graphics/monitor came back to normal. I quickly did a scan with Norton (downloaded from Comcast) and Malware Bytes as I suspected some kind of virus. Nothing showed up on either.

I got on the internet but it was painfully slow....for example it would hang while trying to pull up Gmail. I could get on a few sites but very very slowly. I did Norton Live Update (which took a couple hours) rescanned and still no viruses showed up.

Now I cannot get on the internet at all. I have called Comcast and the signal and my modem are working fine. In my Control Panel it says my Ethernet is Disconnected. I checked all wires going into and out of computer and modem. Everything appears to be connected. I tried to download Hijack This (before my connection went) with no luck.

I noticed in searching the forum that others have had similar problem but I could not follow the solutions as much so I would appreciate any insight you can provide me (and step ... Read more

Answer:[SOLVED] Cannot access internet after System Restore

and welcome to the Forum

Try uninstalling Norton and see if you can access the internet. . . if not, let's take apeek at your environment:

First:

Power Cycle everything . . Turn off the Modem, router and all pc's . . turn on the Modem and wait a few minutes for the lights to stabilize . . then turn on the router, then one pc at a time. See if you connect to the internet.

Then:

Remove all the stored wireless network profiles and search for the network again.

How to Remove Stored Wireless Network Profiles for XP, Vista, and Windows 7

Then: check your browser's settings, remove any proxy settings if found here's how.

Then:

with the pc connected to the router, Click on Start . . Run . . type CMD

At the > prompt type type the following command: IPCONFIG /ALL


Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

Right click in the command window and choose Select All, then hit Enter. Come back here and Paste the results in a message.

If you are on a machine with no network connection, use a floppy, USB disk, or a CD-RW disk to transfer a text file with the information to allow pasting it here.

then please Download and run this Xirrus Wi-Fi Inspector, click the Networks link on the upper left and paste a screen shot of that screen here. Note that this application requires NET Framework to run. If you get an error about a missing function, download and... Read more

4 more replies
Relevance 52.07%

Hi there

I wonder if there is anyone that can help me please?

A few weeks ago my husband clicked on a pop up saying we had been infected with a virus and we had to download this piece of software to get rid of it. To be fair to him, the pop up was very convincing, it looked like a windows shield with 4 colours in it. Anyway, it seems to have caused the following problems:

Firstly, he cannot access the internet at all from his profile. I can from mine but I cannot access my googlemail at all. System restore does not work no matter what date we try to go back to. When I try to perform a google search, it redirects me to "Gala Directory".

I have Virgin Media Security installed and performed a scan for viruses and spyware and it came up with a virus called "Exploit.Java.Gimsh.B" but it hasn't fixed the problem.

We are using Windows XP Home Edition.

I would be really grateful for any help.

Thank you :-)

More replies