We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Google pages won't open
Comments
-
I have now cleaned my laptop so much the only think I can think of to do next is clean it with a mop and bucket!
I have tried the hijack thing and it wont save a log, I tried the click to run as administrator and it wasn't an option....I now think I will never be able to use google again :eek: I always said google was my best friend and if I got married she would be my bridesmaid lol
Try holding LEFT SHIFT and right click on HijackThis.0 -
Hi all
Having same problem, entering google displays:-
Index of /
NameLast ModifiedSizeTypeParent Directory/ - Directoryindex.lighttpd.html2011-May-02 15:09:483.5Ktext/html
lighttpd/1.4.28
If I enter Google into search box and search using BING
I get 404 - Not Found
and not blinking !!
I can run Hijack this but get hundreds of entries - 12879 bytes..
N.B I am with Virgin Media
Curiouser and curiouser0 -
May everyone with a google problem open a new thread please. This would prevent confusions arising. Thank you!
However, in the meantime please do the following steps and post in new thread:
1. Download Malwarebytes Anti-Malware 1.50 - FileHippo.com
and Install. Click UPDATES tab, click CHECK FOR UPDATES. Then run a QUICK SCAN. Remove everything it finds and post log (on a new thread).
If the quick scan showed you had an infection: Click UPDATES tab, click CHECK FOR UPDATES. Then run a FULL SCAN. Remove everything it finds and post log.
2. Download HijackThis 2.0.4 - FileHippo.com and Install. Press the top button of the program which produces a log in a notepad. Copy this onto the thread.
Someone will be able to advise further once these steps are done or if there is any trouble. As usual credit goes to alienRIK's instructions which I've adapted.0 -
vjselondon wrote: »
I can run Hijack this but get hundreds of entries - 12879 bytes..
Don't worry, this isn't as big as some we see on here, some have been 18000-odd
by the time we get finished with you it'll be down around 9000-odd (unless closed gets his wicked way with you and it'll be down to around 3000-odd
)
@ closed:- respect ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
just a point, google search is my homepage, and I've not had any issues with it over the last couple of days, are the peeps having problems trying to use a different element of google's services ??? Not made clear in any of the posts
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Just to make clear it is every part of google from the serach part to the gmail to the forum
EE
P.S Now going to run some programs and see if I can sort it0 -
Hiii,
Here's two logs !!
Malwarebytes' Anti-Malware 1.50.1.1100
Database version: 6526
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07/05/2011 15:31:11
mbam-log-2011-05-07 (15-31-11).txt
Scan type: Quick scan
Objects scanned: 175264
Time elapsed: 23 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
NB had to replace http:\\ with (lnk removed)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:46:16, on 07/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Gacela\Gacela-Reporting.exe
C:\Program Files\Gacela\Gacela-Updater.exe
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\WINDOWS.000\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS.000\system32\RUNDLL32.EXE
C:\Process Explorer\procexp.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Consumer Input\dca-ua.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (lnk removed)go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (lnk removed)go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (lnk removed)go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (lnk removed)go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = (lnk removed)service.gacela.eu/gacela2/gacela2_digitalclub_uk/autoproxyconfig.php?id=6855&type=IE&version=10.1.166
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Gacela - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files\Gacela\Gacela2.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.000\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Procexp] C:\Process Explorer\procexp.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Customize Menu &4 - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\VJ\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: RoboForm &2 - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O9 - Extra 'Tools' menuitem: About Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.000\system32\nwprovau.dll
O15 - Trusted Zone: (lnk removed)download.windowsupdate.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - (lnk removed)(www).nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - (lnk removed)update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246382899687
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - (lnk removed)(www).nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - (lnk removed)cards.hallmark.co.uk/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - (lnk removed)fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - (lnk removed)platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - (lnk removed)gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.000\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.000\system32\browseui.dll
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Gacela-Reporting-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Reporting.exe
O23 - Service: Gacela-Update-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Updater.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 12294 bytes0 -
better off in your own thread
your windows appears to be running from windows.000, have you got 2 lots of windows installed?
The best way of cleaning up a slow or badly infected machine is to backup all your data to an external drive, and do a factory restore using the factory restore partition (see manual or manufacturers website) or Windows disc. The alternative is to do it manually :-
This is a general guide on cleaning up infections and speeding up pc's https://forums.moneysavingexpert.com/discussion/2436849
If you haven't all ready done it, Install Malwarebytes and do a FULL (not quick) scan (after updating it), fix anything found before closing, otherwise you'll have to do it all over again. If anything was found reboot the machine before continuing. http://www.filehippo.com/download_malwarebytes_anti_malware/
If you know you have just been infected, with a fake antivirus for example, running system restore to a previous restore point is often the fastest way of getting your machine working again
Making any changes to a PC setup always comes with a slight risk of something going wrong, the worse case scenario is an unbootable PC - ideally you should have got a backup of important data on dvd or external disk, and a disk image backup (http://www.macrium.com/reflectfree.asp) or windows disc/factory restore partition available before you start. In the unlikely event that anything does go wrong, post on another pc for advice.
__________________________________________________
If you suspect an infection, here are some other virus scanners to try, let them fix anything found
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Go into the connection settings of all your browsers, and remove the proxy entry (IE Tools, internet options, connections/firefox tools, advanced, network, settings etc), the entry below is usually a sign or remnants of an infection causing browser redirection. Note proxy settings for browsers other than IE don't show up in hijackthis logs, so check them manually
************************************************
Scanning with all the scanners above along with your resident scanner should remove most or all infections if there are any present on your machine, below is some specific (optional) advice based on your log which may help to improve speed and tidy things up.
__________________________________________________
Install and run ccleaner (untick the google toolbar during the install). Untick the "windows log files" box, under the system heading before cleaning. Also Tick the java cache tick box under CCleaner, applications, internet to wipe the java cache which sometimes hides infections. http://www.piriform.com/ccleaner/download/slim
Install and run startuplite, accept suggested changes - http://www.malwarebytes.org/StartUpLite.exe
Click the java icon in control panel, advanced, misc - untick java quick starter, and untick place icon in task bar
__________________________________________________
Unless you want to keep them tick and fix all the O24's in hijackthis
O24 - Desktop Component 0: (no name) - (no file)
__________________________________________________
Using Hijackthis, tick and fix these entries
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - (lnk removed)(www).nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - (lnk removed)update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246382899687
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - (lnk removed)(www).nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - (lnk removed)cards.hallmark.co.uk/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - (lnk removed)fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - (lnk removed)platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - (lnk removed)gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O24 - Desktop Component 0: (no name) - (no file)
__________________________________________________
Uninstall any IE toolbars (browser helper objects or BHO's) in Control panel, or Firefox plugins that you don't need. This is a list of the IE BHO's evident in the log
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\dca-bho.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
Disable (vista/W7) or uninstall (XP) Windows Defender. To disable windows defender on vista or windows 7 - from the start menu, windows defender, tools, options, untick use real-time protection, under administrator options, untick use windows defender and untick allow everyone to use windows defender, click save to save settings. XP users can either do this or preferably uninstall it in control panel instead.
__________________________________________________
If you want a speedy machine, Use windows firewall and replace your antivirus and security software with avast 6 free - (a fast and lightweight virus scanner with good detection rates) http://www.avast.com/free-antivirus-download :
This is a list of (or remnants of) security software evident in your log, you may wish to uninstall these in Control Panel (add/remove programs or programs/features) to keep your PC running smoothly, too much overlapping or bloated security or useless tuning software can have a drastic effect on performance - always leave one resident scanner running (eg avast/avira etc)
---- rapport
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
---- IObit
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
---- msseces.exe
C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
---- spybot
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
__________________________________________________
Uninstall gacela
C:\Program Files\Gacela\Gacela-Reporting.exe
C:\Program Files\Gacela\Gacela-Updater.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = (lnk removed)service.gacela.eu/gacela2/gacela2_digitalclub_uk/autoproxyconfig.php?id=6855&type=IE&version=10.1.1 66
O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O3 - Toolbar: Gacela - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files\Gacela\Gacela2.dll
O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O9 - Extra 'Tools' menuitem: About Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Gacela\Gacela2.dll
O23 - Service: Gacela-Reporting-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Reporting.exe
O23 - Service: Gacela-Update-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Updater.exe
__________________________________________________
Download and install cleanmem http://www.pcwintech.com/cleanmem (download direct download). In windows explorer, go to c:\windows\tasks, click on the clean system memory task, schedule, advanced, and change it from every 30 minutes to every 5 minutes, then ok, ok. Find c:\program files\cleanmem\mini_monitor, run it and right click the icon (near the clock) to set it to automatically run at startup, show percentage to keep an eye on your ram use. If your machine is still slow after doing everything listed, post your commit charge and installed physical ram details from task manager performance
In internet explorer, click on tools, internet options, advanced, disable script debugging to stop this running
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
__________________________________________________
start, run, msconfig, select services tab, disable these services unless you use them. (make a note of any services you disable,if you have any problems related to these services subsequently, simply re-enable them)
SSDP Discovery Service
Remote Registry
WebClient
Distributed Link Tracking Client
Also disable these services if you don't use them by running msconfig, services tab
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Gacela\Gacela-Updater.exe
O23 - Service: Gacela-Update-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Updater.exe
C:\Program Files\Gacela\Gacela-Reporting.exe
O23 - Service: Gacela-Reporting-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Reporting.exe
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.ex e
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.ex e
__________________________________________________
Unless you need them running all the time, use the startup tab in msconfig to disable these items from running at startup (they can always be run manually if needed)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.ex e
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\dca-ua.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
__________________________________________________
When you've done all that, post a fresh hijackthis log and any logs of infections!!
> . !!!! ----> .0 -
Okey Dokey, will try0
-
If peeps with the problem enter 208.69.32.231 in the address bar they will get up Google search...
What is happening is anything with "google" in the name is being filtered/redirected to127.0.0.1 which puts out a 404 message .
I've emptied my hosts file from SYSTEM32\DRIVERS\etc,
DNS problem ?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards