| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 102675 | 2009-08-27 22:36:00 | browsers not showing pages | hammer (1735) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 804849 | 2009-08-27 22:36:00 | yeah i know i should be able to get this one sorted but brain not here this week..all browsers being a pain and not showing many pages...but if i refresh and hit shift key they open... firefox IE and safari have avira antivirus up to date and all browsers up to date... windows 7 and yeah i do go to some not recommended p2p sites..but cant see anything unusual in processes running help please |
hammer (1735) | ||
| 804850 | 2009-08-27 23:20:00 | Download HijackThis and post a log here www.trendsecure.com Meanwhile, could you please open run>cmd and type in ping www.google.com Then right click anywhere in cmd>select all>ctrl+C>paste here Blam |
Blam (54) | ||
| 804851 | 2009-08-27 23:40:00 | virus maybe... copy and paste not working either...looking suspect be back after i do hijack this |
hammer (1735) | ||
| 804852 | 2009-08-27 23:43:00 | Boot into safe mode / networking then do it. I would use something better than Avira. Get trojan remover below (if youre using 32 bit) as well. Update it then scan. Then select all options under the utils menu | Speedy Gonzales (78) | ||
| 804853 | 2009-08-27 23:45:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:44 a.m., on 28/08/2009 Platform: Unknown Windows (WinNT 6.01.3004) MSIE: Internet Explorer v8.00 (8.00.7100.0000) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Vuze\Azureus.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Users\barb\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: GigaNet.com - {DE2C5EF2-DFBF-49B0-BBF2-3B2805A52722} - C:\Windows\system32\dhofozr.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - 124.198.141.25:85 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: DgNVBtNYjYHm - {349D5CC1-9E37-F66B-C5E5-985263E4B132} - C:\Windows\system32\gh.dll (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7588 bytes |
hammer (1735) | ||
| 804854 | 2009-08-27 23:52:00 | You may have sober a worm. Disable system restore I think this file belongs to it C:\Windows\system32\conhost.exe Tick these entries then tick fix checked Close browsers C:\Windows\system32\conhost.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) This belongs to a worm. Find this file and delete it. After you tick the entry, then tick fix checked, and reboot O2 - BHO: GigaNet.com - {DE2C5EF2-DFBF-49B0-BBF2-3B2805A52722} - C:\Windows\system32\dhofozr.dll (file missing) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') Find this file and delete it O21 - SSODL: DgNVBtNYjYHm - {349D5CC1-9E37-F66B-C5E5-985263E4B132} - C:\Windows\system32\gh.dll (file missing) You probably got infected using those P2P programs |
Speedy Gonzales (78) | ||
| 804855 | 2009-08-28 00:12:00 | Download and run MBAM too, make sure SR is still disabled. http://www.malwarebytes.org/ Blam |
Blam (54) | ||
| 804856 | 2009-08-28 02:16:00 | thanks .. have to go to work now but will check your advise out later... thnks | hammer (1735) | ||
| 804857 | 2009-08-28 12:24:00 | this is the results from the ping c:User\barb>ping www.google.com Pinging www.1.google.com [74.125.19.105]with32 bytes of data: Request timed out Request timed out Request timed out Reply from 74.125.19.105:bytes=32 time 214ms ttl=51 Ping statistics for 74.125.19.105 Packets sent = 4,Received=1, lost =3 <75%> Approximate round trip times in milli-seconds: Minimun=214ms, maximum=214ms, average=214ms |
hammer (1735) | ||
| 804858 | 2009-08-28 12:25:00 | have sorted the hijack log problems but it didnt help the browsers work any better | hammer (1735) | ||
| 1 2 | |||||