|
| ||
| can not browse using url's only ip's work thanks for your help!! running win2k, ie6.0, and using sbc dsl. cleaned trojan viruses using avg6.0, but now i can not browse using google.com in the address bar. if i type the ip address 216.239.39.99 it will go to the google home page. if i search for something and click on the url of one of the searched items i get page cannot be displayed. attached is my hijack log. thanks and look forward to hearing from you. Logfile of HijackThis v1.97.7 Scan saved at 5:57:12 AM, on 6/22/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\drivers\CDAC11BA.EXE C:\WINNT\System32\cpqalert.exe C:\WINNT\CPQDIAG\CPQDFWAG.EXE C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE C:\WINNT\SYSTEM32\DNTUS26.EXE C:\WINNT\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Compaq\LCRMS\LCRMS.EXE C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe c:\dmi\win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe c:\winnt\system32\microsoft\temp\FireDaemon.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe c:\winnt\system32\microsoft\temp\sud.exe C:\WINNT\System32\cpqdmi.exe C:\WINNT\Explorer.EXE C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINNT\system32\CHKADMIN.EXE C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINNT\SYSTEM32\3cshtdwn.exe C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNetFolder.Exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe C:\WINNT\system32\ole2nls.exe C:\Documents and Settings\Administrator\My Documents\Kevin's\Spyware Stuff\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe O4 - HKLM\..\Run: [sghvvnra] rFeaturePres O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037 O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12 |
| ||
| Re: can not browse using url's only ip's work You've still got major problems. Before proceeding with HJT, download and run Ad Aware and SpyBot. Allow them to fix whatever they find and then post a fresh HJT log. Links to the downloads are in my sig below. Also- follow the configuration instructions in the "Setting up Ad Aware and SpyBot" link before running the programs. |
| ||
| Re: can not browse using url's only ip's work thanks for your quick reply, off to golf and then will do. peace out!! |
| ||
| Re: can not browse using url's only ip's work Cool- we'll be here. And yeah- you'll definitely want to relax with some golfing before the shock of dealing with the 300+ pieces of malware that Ad Aware and SpyBot are going to find on your system... :mrgreen: |
| ||
| Re: can not browse using url's only ip's work thanks!! golf was good!! here is the latest hijack.log after running ad aware and spybot. Logfile of HijackThis v1.97.7 Scan saved at 9:47:06 PM, on 6/23/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\drivers\CDAC11BA.EXE C:\WINNT\System32\cpqalert.exe C:\WINNT\CPQDIAG\CPQDFWAG.EXE C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE C:\WINNT\SYSTEM32\DNTUS26.EXE C:\WINNT\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Compaq\LCRMS\LCRMS.EXE C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe c:\dmi\win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe c:\winnt\system32\microsoft\temp\FireDaemon.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe c:\winnt\system32\microsoft\temp\sud.exe C:\WINNT\System32\cpqdmi.exe C:\WINNT\Explorer.EXE C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINNT\system32\CHKADMIN.EXE C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINNT\SYSTEM32\3cshtdwn.exe C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\ole2nls.exe C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGONÂ*.exe O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe O4 - HKLM\..\Run: [Windows Explorer] ExplorerÂ*.exe O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe O4 - HKLM\..\Run: [sghvvnra] rFeaturePres O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE O4 - HKLM\..\RunServices: [Windows Explorer] ExplorerÂ*.exe O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3b...p/RdxIE601.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037 O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...im/install.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12 take care!!! |
| ||
| Re: can not browse using url's only ip's work OK- just got back from my girlfriend's kid's birthday dinner, and I'm off to bed soon. If no one picks up on this before tomorrow morning I'll get back to you then. Your log shows some obvious "nasties" in it, but it also has some suspicious looking stuff in it that I'm not sure about and just don't have the time to research tonight. |
| ||
| Re: can not browse using url's only ip's work thanks for your help so far!! i am a high school teacher so i am just chillin for the summer. |
| ||
| Re: can not browse using url's only ip's work Sorry for the delay- the rest of the week just got very crazy. Ok- you have a handful of nasty trojan/backdoor infections as well as a couple of bits of spyware. I see that you're running both AVG and Norton; you should only use one AV program at a time. I'd highly suggest making sure your virus definitions are up to date and running a full system scan with one of those utilities. Additionally, you should probably do one of the free online virus scans: http://housecall.trendmicro.com/ http://www.pandasoftware.com/actives..._principal.htm http://www.ravantivirus.com/scan/ ------------------------------------------- In HJT, check and fix the following: R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON�*.exe O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe O4 - HKLM\..\Run: [Windows Explorer] Explorer�*.exe O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe O4 - HKLM\..\Run: [sghvvnra] rFeaturePres O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE O4 - HKLM\..\RunServices: [Windows Explorer] Explorer�*.exe O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe O4 - HKLM\..\RunServices: [sghvvnra] rFeaturePres O4 - HKLM\..\RunServices: [bsfqwa] ggwdw.exe O4 - HKCU\..\Run: [LTM2] C:\WINNT\litmus\SVCHOSTÿ.exe O4 - HKCU\..\Run: [ole2nls] C:\WINNT\system32\ole2nls.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2742c8dcaeadd3...ip/RdxIE601.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...lim/install.cab You might also want to axe the "Viewpoint Manager" also. Then: Clear your cookies and browser cache, delete all Tempory Internet Files (enable the "delete ofline content" option when you do this) Empty your trash Reboot into safe mode Set Windows Explorer to display all files (including hidden and system); find and delete every file referenced in the above "04" HJT entries Find and delete the entire "wt" folder Delete the "litmus" folder if it exists Empty the trash and run the Anti-virus and anti-spyware programs again to see if the system comes up clean. |
| ||
| Re: can not browse using url's only ip's work i did everything that you recommended. i ran avg and the system is clean. i ran spybot and i keep getting DSO Exploit after scanning. i try to fix them and run spybot again and they re-appear. is this a problem? after this all the browser still will not let me browse using the url's. the following is the latest hjt listing: Logfile of HijackThis v1.97.7 Scan saved at 3:42:33 PM, on 6/28/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\drivers\CDAC11BA.EXE C:\WINNT\System32\cpqalert.exe C:\WINNT\CPQDIAG\CPQDFWAG.EXE C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE C:\WINNT\SYSTEM32\DNTUS26.EXE C:\WINNT\System32\svchost.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Compaq\LCRMS\LCRMS.EXE C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe c:\dmi\win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe c:\winnt\system32\microsoft\temp\FireDaemon.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe c:\winnt\system32\microsoft\temp\sud.exe C:\WINNT\System32\cpqdmi.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINNT\system32\CHKADMIN.EXE C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\WINNT\SYSTEM32\3cshtdwn.exe C:\WINNT\SYSTEM32\3cmlink.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyds.../www.yahoo.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [realplayer] C:\WINNT\system32\msgsv32.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC23-BC8000000000} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.4946412037 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{205A63B3-7D0B-4430-912A-5D8B85359CC7}: NameServer = 151.164.1.8,206.13.28.12 again thanks for your help. |
| ||
| Re: can not browse using url's only ip's work Don't sweat the SpyBot DSO message- it's a known bug. You can read about it here: http://forums.net-integration.net/in...=0&#entry81148 The presence of FireDeamon.exe and sud.exe indicate a possible trojan infection. See if the following applies to you: http://support.microsoft.com/default...NoWebContent=1 Is it possible that you simply have a DNS problem? The conditions you desrcibe are exactly what would happen if your system couldn't contact a DNS server in the process of resolving URLs to their IP addresses. Try this: - Open a DOS box - Type: ping 64.233.167.99 and then: ping www.google.com If the first works, but the second doesn't (both pings should reasch Google), check the DNS server IP entries in your TCP/IP properties and make sure the IPs are present and correct. |
| All times are GMT -4. The time now is 10:14 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC