| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95842 | 2008-12-18 20:19:00 | Help my boss with his HiJackThis log please? Browsing only works in IE | Chilling_Silence (9) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 730704 | 2008-12-18 20:19:00 | Hey guys, So Ive never actually used HJT before ... Anyways so I come in today and everything appears fine and dandy. Im online checking emails, had a quick flick through the news, MSN / Skype are online no worries. Then my boss skypes me and asks if the internets down.. its not or he couldnt skype me.. But he cant browse, so I go running off to his office to have a nosey. Turns out he can ping pressF1.co.nz fine, can ping 210.48.100.45 fine. Can browse fine in IE, and can send emails from Thunderbird, skype also works. What doesnt work is browsing in Firefox / Chrome. No security suite is install, direct connection to the internet through the DSL modem, checked the network settings are all the same in all browsers / apps (direct connection), and still no idea. Downloaded / ran CCleaner which cleaned up over 1.5GB worth of stuff apparently. HTJ log attached, any advice appreciated Cheers Chill. Logfile of HijackThis v1.99.1 Scan saved at 9:11:49 a.m., on 19/12/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wuauclt.exe C:\Windows\RtHDVCpl.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Users\Manas\AppData\Local\Google\Update\GoogleU pdate.exe C:\Program Files\CounterPath\Bria\bria.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\LiveCRM Desktop Companion\jre1.6.0_05\launch4j-tmp\LiveCRMDC.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\hp\kbd\kbd.exe C:\Windows\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.daemon-search.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: run="C:\Users\Manas\AppData\Roaming\Adobe\Manager.exe" O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Google Update] "C:\Users\Manas\AppData\Local\Google\Update\GoogleU pdate.exe" /c O4 - HKCU\..\Run: [Bria] "C:\Program Files\CounterPath\Bria\bria.exe" O4 - Startup: LiveCRM Desktop Companion.lnk = C:\Program Files\LiveCRM Desktop Companion\LiveCRMDC.exe O4 - Startup: SpamBayes IMAP Filter.lnk = C:\Program Files\SpamBayes\bin\sb_imapfilter.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{C09E0645-783E-4768-83BE-6933780A3068}: NameServer = 10.1.1.88,10.1.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O23 - Service: Apache2.2 - Unknown owner - C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe |
Chilling_Silence (9) | ||
| 730705 | 2008-12-18 20:26:00 | Have proxy settings been set up in FF/Chrome? | jwil1 (65) | ||
| 730706 | 2008-12-18 20:34:00 | Nope, everything is set to "direct connection" :) | Chilling_Silence (9) | ||
| 730707 | 2008-12-18 20:40:00 | OK... that's weird. Is there a Group policy setting forcing browsing in IE? probably not, just a wild guess :D |
jwil1 (65) | ||
| 730708 | 2008-12-18 20:47:00 | Hmm log looks ok to me But you can tick these then tick fix checked Close browsers O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) I would uninstall all versions of Java, then update it |
Speedy Gonzales (78) | ||
| 730709 | 2008-12-18 21:02:00 | Thanks guys, We just did a system restore to yesterday, there was a windows update installed at 3AM this morning which may have been the culprit :-/ No idea to be honest but its working. Thanks Speedy, will do. |
Chilling_Silence (9) | ||
| 730710 | 2008-12-19 00:54:00 | Sounds strange. The Windows update would have been the IE security fix. | linw (53) | ||
| 730711 | 2008-12-19 01:12:00 | Odd, coz only non-IE browsers wouldnt work this morning .... :p He has the latest Firefox 3.0.5 too |
Chilling_Silence (9) | ||
| 730712 | 2008-12-20 02:05:00 | Totally off topic but what do you do for a living Chill? | Blam (54) | ||
| 730713 | 2008-12-20 10:53:00 | At the moment Im technically not receiving a paid income, Im currently merging a business I started with another company and will be employed by them as of February next year as the Product Manager. We do Voice over IP PBX Systems for small-medium businesses. I have also just finished up part-time youth leadership at the local church, and am starting up a business on the side as a sole trader, dealing in embedded / low-power computers & servers for home & small businesses :) All this, and Im getting married in June next year, so that takes up what little time I might have had left. I like to keep busy :D I smell a new thread coming on... "What do you do for a living?" ;) |
Chilling_Silence (9) | ||
| 1 | |||||