Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Mozilla Firefox is not working


  • Please log in to reply
22 replies to this topic

#1 gorilita

gorilita

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 28 September 2006 - 10:31 PM

Hello all, I am a Mozilla Firefox user and since the day that I installed its lastest upgrade 1.5.0.7 whenever I want to use it it: loads a blank page, loads without extensions or doesn't load at all. OR when it loads, then I cannot use web links from my emails.. nothing happens. I don't know if it has to do with my system. This is the HJT log header: Logfile of HijackThis v1.99.1 Scan saved at 09:45:12 p.m., on 09/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Since I am not allowed to post complete logs here, I just want to mention that it had the following line 5 times! :\WINDOWS\system32\svchost.exe I wouldn't mind reinstall Firefox again. I just don't know how to save "My favorites" folder. Thank you!

    Advertisements

Register to Remove


#2 jeremy_smitty5

jeremy_smitty5

    Authentic Member

  • Authentic Member
  • PipPip
  • 191 posts

Posted 29 September 2006 - 04:53 PM

Don't know if you've been helped yet, but maybe you'll find thise helpful

Your "favorites" are kept in a file called bookmarks.html in your profile folder. Here is link to give you more info.

http://kb.mozillazin.../Profile_folder
Jeremy

#3 bizarrebob

bizarrebob

    Silver Member

  • Authentic Member
  • PipPipPip
  • 395 posts
  • Interests:Computers. Video games.

Posted 29 September 2006 - 05:00 PM

Hi. I'll try and assist you with this. I am pretty decent with Mozilla Firefox. Firstly, i think that: ''svchost.exe'' CAN be a Virus. I have just one of them as a running process on my computer, not 5. Maybe you should post a full Hijack this log in the other part of the forum to get that checked out? How come you're not allowed to post full logs? (sorry to seem nosey, i am just wondering why you have 5 of the same thing). Ok, about Firefox itself. When you say: ''My Favorites'', you mean your ''Bookmarks'' ?? You're favorite sites? Ok, do this.... 1) Open up Mozilla Firefox 2)Click ''Bookmarks'' 3)Click ''Manage Bookmarks'' 4)a new window will pop up. Click file > export > save Make sure you save this to desktop, or somewhere you wont forget. 5) Close all windows 6)click start > control panel > add/remove programs 7) remove Firefox 8) Download firefox again and install it Now you'll want your bookmarks back, so follow this: 1.Open Mozilla Firefox 2. Click on the Bookmarks menu then click on Manage Bookmarks 3. Click on the Tools Menu and select Import 4.Locate the bookmark.htm or bookmark.html file you are importing and click Open 5. Now click the X at the top right of the "Bookmark Manager" window to finish.

::: My Spec :::

Windows 7
Intel Core Duo @ 2.8ghz
4gb OCZ RAM @ 1066mhz
ATI 4870 512mb



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online


#4 jeremy_smitty5

jeremy_smitty5

    Authentic Member

  • Authentic Member
  • PipPip
  • 191 posts

Posted 29 September 2006 - 05:02 PM

well put bizarrebob Jeremy

#5 jeremy_smitty5

jeremy_smitty5

    Authentic Member

  • Authentic Member
  • PipPip
  • 191 posts

Posted 29 September 2006 - 05:04 PM

If it was me i would not backup anything until making sure you're free of bugs. Jeremy

Edited by jeremy_smitty5, 29 September 2006 - 05:07 PM.


#6 Doug

Doug

    Retired Administrator -Tech Team

  • Tech Team
  • 10,057 posts

Posted 29 September 2006 - 05:09 PM

Yes ''svchost.exe'' can be a virus mascarading as a legitimate file. But multiple instances does not prove an infection. ''svchost.exe'' is a general utility that assists a wide variety of applications that may run .dll files as executeable. It is a common questions, frequently posted: Why do I show so many ''svchost.exe'' ? Does that mean I'm infected? The answer is as above. It is common for multiple instances of ''svchost.exe'' to be active. For verification of this assertion, go look at the "last" "clean" post in any Resolved HJT thread. You'll see multiple instances, in the "all clean" posts. Doug
The help you receive here is free.
If you wish, you may Donate to help keep us online.

#7 bizarrebob

bizarrebob

    Silver Member

  • Authentic Member
  • PipPipPip
  • 395 posts
  • Interests:Computers. Video games.

Posted 29 September 2006 - 05:15 PM

thanks for that info Dough. :) Hope the topic starter is helped by what i wrote, please write back with the results :D

::: My Spec :::

Windows 7
Intel Core Duo @ 2.8ghz
4gb OCZ RAM @ 1066mhz
ATI 4870 512mb



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online


#8 Doug

Doug

    Retired Administrator -Tech Team

  • Tech Team
  • 10,057 posts

Posted 29 September 2006 - 05:29 PM

I concur with jeremy_smitty5 in two distinct ways here.

1. The symptoms described in the Members original problem description causes concern about possible infection. ===== Best to at least run a few online scans, or even post a HJT Log for Expert assistance.

2. The procedure for saving Favorites in Mozilla for later "import", was very well described by BizzareBob, nice work!
:thumbup:

Best Regards,

p.s. Congrats on the Job, BB.
The help you receive here is free.
If you wish, you may Donate to help keep us online.

#9 jeremy_smitty5

jeremy_smitty5

    Authentic Member

  • Authentic Member
  • PipPip
  • 191 posts

Posted 29 September 2006 - 05:46 PM

Here are a few online scanners that I use and think are good.

Housecall
http://housecall.trendmicro.com/

Bitdefender
http://www.bitdefender.com/scan8/

Jeremy

#10 gorilita

gorilita

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 03 October 2006 - 07:07 AM

Hello all! Thanks for yor help! Hello again dough. Ok. I will do what bizarrebob told me. I will save my Mozilla Bookmarks, unistall firefox and reisntall it again. I was worried about my bookmarks. I will come back to you when I do that. About "not being allowed to post HJLs" I meant it in this part of tomcoyote. I read the instructions and before posting they want to know my problem! As of the''svchost.exe'' file. I will post my HJL in the other part of Tom Coyote AFTER I fix Mozilla and run the online scanners. Thanks you!

    Advertisements

Register to Remove


#11 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 03 October 2006 - 08:37 AM

If I may....
:oops:

Concerning the svchost.exe program....

On an XP system, as long as it's in the \WINDOWS\system32 folder, it's "legit" (no matter how many you have running). Unless, of course, it's infected with a virus (doesn't happen very often).

If it's running from any other folder, it's "suspect".

Personally, I have about 1/2 dozen of them running on my system at any given time.

:) :thumbup:
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#12 gorilita

gorilita

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 03 October 2006 - 01:03 PM

Ok all! Micah hello! you also helped me once. The first thing I did was to run Bitdefender. (thanks smitty!) I have Avast antivirus running and oh my gosh! I had lots of trojans! (SoBig, Bugbear, etc. etc.) I got rid of all of them and ran Hijack this just out of curiosity and surprise! the''svchost.exe'' file is gone (at least for now!) Thank you all! As of my Mozilla Fierefox problem: bizarrebob: I saved my Bookmarks but for some reason I don't understand, Mozilla Firefox is not in my control panels Add/Remove programs options. I tried thru Start/Programs/Mozilla Firefox and it doesn't have the unistall option. After all the worms I found, I tougth that maybe that was the problem but no, my Mozilla is still acting weird. The question is: how do I unistall it now? Thank you.

#13 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 03 October 2006 - 01:15 PM

I had lots of trojans!

Just to be sure we have all our bases covered, please make a new HijackThis! log and post it.

Just post it here in this thread.

I know this really isn't the "appropriate" forum, but it's OK when asked for.

:) :thumbup:
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#14 gorilita

gorilita

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 03 October 2006 - 02:13 PM

Hello Micah! Since you gave me permission, here it is, my HJT log!
Oh no! svchost.exe IS BACK!

Logfile of HijackThis v1.99.1
Scan saved at 03:00:28 p.m., on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager.exe
C:\Program Files\rnamfler\naomf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trillian\trillian.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TradeManager] C:\PROGRA~1\Alibaba\TRADEM~1\TradeManager -hideframe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\RunOnce: [bfgtoolbar] C:\DOCUME~1\user\LOCALS~1\Temp\uninstall.exe -df "C:\Program Files\bfgtoolbar\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZBzeb032YYPA
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#15 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 03 October 2006 - 02:33 PM

All the svchost's are in the system32 folder, therefore not a threat.

In fact, I'd be much more amazed if you didn't have any running!!!
:D
Do you have Naomi advanced internet filtering program installed?
:unsure:
I have only these recommendations, as no malware appears to be present:

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

Then click "Fix checked" and close Hijack This!.

I see this running:

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Looks like a "leftover" from a Symantec (Norton) uninstall.

If you no longer have Symantec products installed, it would be safe to remove that program.

To do that, fix this with HijackThis!

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Now, please go to:

Start --> Run

In the box type in services.msc then hit <enter> (or click OK)

In the Name column in the next screen look for:

SymWMI Service

<Double-click> it.

In the dialogue box that pops up, check in the Path to executable box.

It should say: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

That's how to be sure you have the right one.

Now, click Stop to stop that process.

In the Startup type box, change it to Disabled.

Click Apply then OK

Close the services.msc window.

Reboot.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users