| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96272 | 2009-01-04 21:22:00 | Can't access some web sites | Hokonui (8280) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 735067 | 2009-01-04 21:22:00 | I've had a problem with a virus infection and also with the latest ATI Catalyst driver, not necessarily related and both issues seem to be fixed now. I now find I have an internet access problem, perhaps as a result of some file corruption caused by the above? I have a working internet connection and can access virtually all web sites I try but I can't get either AVG or Avira to update (I installed these separately not at the same time) nor can I install MSN Messenger. Am getting an "internet connection failed" or "failed to establish a connection to the server" error for the above. Have reset and/or reinstalled antivirus & browsers and am out of ideas, any help would be appreciated. |
Hokonui (8280) | ||
| 735068 | 2009-01-04 22:00:00 | Sounds like something might still be there, I would post a hijack this log and possibly run trojan remover | gary67 (56) | ||
| 735069 | 2009-01-04 22:06:00 | you shouldn't have two anti-virus programs, get rid of one | GameJunkie (72) | ||
| 735070 | 2009-01-04 22:10:00 | Ok, below is Hijack logfile. Am finding other sites that can't be found or won't load. I wonder if there is a DNS issue? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:59 a.m., on 5/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\System32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\Google\Update\GoogleUpdate.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe D:\Program Files\Network Magic\nmapp.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\cmd.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nmctxth] "D:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - www.srtest.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - fpdownload2.macromedia.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Update Service (gupdate1c95c2788d56a5c) (gupdate1c95c2788d56a5c) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe |
Hokonui (8280) | ||
| 735071 | 2009-01-04 22:13:00 | I've had a problem with a virus infection I have a working internet connection . You need at least 2 antispyware programs as well. Spybot Plus Malware Bytes or Spyware Terminator or Superantispyware Speedy will do your HJT shortly, meanwhile download and scan with some of the above. And is it Vista or XP? |
pctek (84) | ||
| 735072 | 2009-01-04 22:34:00 | Hm the log looks ok to me Get trojan remover below update it then scan. Then select all options under the utilities menu |
Speedy Gonzales (78) | ||
| 735073 | 2009-01-04 22:46:00 | Probably corrupted winsock files. In Command prompt type: netsh winsock reset catalog Enter and reboot |
Safari (3993) | ||
| 735074 | 2009-01-04 23:10:00 | Dual boot XP sp3 and Vista sp1 Tried to get Malware bytes but it was one of the sites that wasn't found. Spybot found 5 * Win32.Agent.sd - removed (nothing else) Trojan remover alerted - /sys32/drivers/msqpdxipjvridu.sys - have left it at the moment depending on your advice. Will post new hijack log after reboot |
Hokonui (8280) | ||
| 735075 | 2009-01-04 23:15:00 | Get trojan remover to remove its reference, or delete it . If it gives you the option to delete that file . It sounds nasty . If it only gives you the option to remove its reference from the registry select this . Then reboot . find that file (you may have to untick hide system files, (tools / folder options / view tab, search for it, delete it) . Then reboot again |
Speedy Gonzales (78) | ||
| 735076 | 2009-01-04 23:28:00 | Am away for a couple of days as of now so don't have time to check everything but deleting /sys32/drivers/msqpdxipjvridu.sys appears to have done it - Avira is updating as it should. Thank you all. |
Hokonui (8280) | ||
| 1 2 | |||||