Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot browse internet using internet explorer but can with opera and netscape


  • This topic is locked This topic is locked
2 replies to this topic

#1 abdulraop

abdulraop

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 10 December 2009 - 10:15 PM

hi all

I have this problem with my IE. I cannot browse the internet using IE6 but can with opera, netscape and firefox.
the following is hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:09, on 11/12/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
d:\PROGRA~1\eScan\VISTA\avpmapp.exe
d:\PROGRA~1\eScan\TRAYCSER.EXE
C:\WINNT\System32\svchost.exe
D:\Program Files\nero\Nero 7\InCD\InCDsrv.exe
d:\PROGRA~1\eScan\consctl.exe
d:\PROGRA~1\eScan\TRAYICOC.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\Smartscaps.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxpers.exe
C:\WINNT\System32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\eScan\ESCANIPC.EXE
D:\Program Files\nero\Nero 7\InCD\InCD.exe
D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
d:\PROGRA~1\eScan\Vista\escanmon.exe
D:\Program Files\Digicert\dcCert\dcCertSvr.exe
D:\Program Files\Digicert\dcRevoke\dcRevokeMon.exe
D:\Program Files\Digicert\dcRevoke\dcRevokeSvr.exe
D:\Program Files\SmartTrust\SmartTrust Personal\NetDetacher\SmartDetacher.exe
D:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Opera7\opera.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\cannot browse internet\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Caw ICT Bhg Pasca Perkhidmatan
N2 - Netscape 6: user_pref("browser.startup.homepage", "http:/www.google.com"); (C:\Documents and Settings\TRAINING\Application Data\Mozilla\Profiles\default\59yeox7g.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TRAINING\Application Data\Mozilla\Profiles\default\59yeox7g.slt\prefs.js)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Persistence] C:\WINNT\System32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eScanIPC] d:\PROGRA~1\eScan\ESCANIPC.EXE
O4 - HKLM\..\Run: [MailScan Dispatcher] "d:\PROGRA~1\eScan\LAUNCH.EXE" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [InCD] D:\Program Files\nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Shortcut to POPPeeper.lnk = D:\Program Files\POP Peeper\POPPeeper.exe
O4 - Global Startup: dcCert Server.lnk = D:\Program Files\Digicert\dcCert\dcCertSvr.exe
O4 - Global Startup: dcRevoke CRL Monitor.lnk = D:\Program Files\Digicert\dcRevoke\dcRevokeMon.exe
O4 - Global Startup: dcRevoke Server.lnk = D:\Program Files\Digicert\dcRevoke\dcRevokeSvr.exe
O4 - Global Startup: NetDetacher.lnk = D:\Program Files\SmartTrust\SmartTrust Personal\NetDetacher\SmartDetacher.exe
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: powerimage.bat
O4 - Global Startup: SmartTrust CSP Certificate Utility.lnk = D:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: + &Mass Downloader: download this file - D:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - D:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &this page with WebCloner - d:\Program Files\ProductsFoundry\WebCloner Pro 2.4\addthis.htm
O8 - Extra context menu item: Download all &images with WebCloner - d:\Program Files\ProductsFoundry\WebCloner Pro 2.4\addimg.htm
O8 - Extra context menu item: Download all &links with WebCloner - d:\Program Files\ProductsFoundry\WebCloner Pro 2.4\addurl.htm
O8 - Extra context menu item: Download selected images with WebCloner - d:\Program Files\ProductsFoundry\WebCloner Pro 2.4\addselimgs.htm
O8 - Extra context menu item: Download selected links with WebCloner - d:\Program Files\ProductsFoundry\WebCloner Pro 2.4\addsellinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.google.com
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{67D044BD-F05D-4171-88BE-0106375EC3A6}: NameServer = 10.21.4.232,10.21.4.233
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eScan Monitor Service - MicroWorld Technologies Inc. - d:\PROGRA~1\eScan\VISTA\avpmapp.exe
O23 - Service: eScan Client-Updater (eScan-trayicoc) - MicroWorld Technologies Inc. - d:\PROGRA~1\eScan\TRAYCSER.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINNT\system32\Smartscaps.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9951 bytes

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:35 AM

Posted 18 December 2009 - 01:19 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:35 AM

Posted 24 December 2009 - 05:59 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users