Captcha no display [Solved/Closed]

yanu - Aug 12, 2010 at 08:11 AM - Latest reply:  Fendy
- Oct 20, 2011 at 03:51 AM
Hello,

after surfing on the internet, I have a google redirect threat and I can not see the captcha on certain files sharing sites. The recaptcha is not displayed at all, it seems to be blocked; I saw that the actual page try to connect to a api.captcha.server. Is there any known solutions for this symptom.
I used mozilla chrome IE opera, all the same things happened

For the google redirect threat I saw some topic in this site and will try it but for my captcha problem, I can not find so thanks in advance


See more 

14 replies

Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 15, 2010 at 04:23 PM
3
Thank you
That was fast, like a friend of mine used to say: Let there be no delay between impulse and action!".

Please run another Hyjackthis scan without the log.

Once the scan is finished, check the following items:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

Now click on fix checked

Re start you computer and tell me if the problem is solved.

I would like to mentioned that you have much to many antivirus applications and they should be removed or they will conflict. Panda is ample sufficient.

Regards

Thank you, Ambucias 3

Something to say? Add comment

CCM has helped 1671 users this month

drlootle 849 Posts Monday July 12, 2010Registration date October 11, 2010 Last seen - Aug 12, 2010 at 09:45 AM
0
Thank you
Hi there,

You internet connection is too slow thus having this issue,try deleting the cookies and clear its cache and try again,

Thanks
0
Thank you
hi thanks drlootle
but I did it (only one page with no download running) and still nothing
actually even the space dedicated to captcha is not there on the page, it is like the application is not running.
And I keep having google redirect threat even after applying most of the solutions given here.
Will desintall and reisntall web browser change anything??
thanks
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 13, 2010 at 04:48 AM
0
Thank you
Dear Yanu,

Download, install and run Malwarebyte which you can find on this site:

http://ccm.net/download/download-105-malwarebyt es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Finally please let me know how your system is performing.
0
Thank you
hello
thanks for advice I run malwarebyt anti-malware it found some stuff. After reboot stil the same thing goes on google redirect through this web site
"http://traffic-delivery.com/" I have to use the cached link to to on the right site.

And still no captcha displayed
I also run trojan remover it found some restricting policies:
checkexesignatures= disables digital signature check on dowloaded files
runinvalidsignature= allow files with an invalid digital signatures to run without prompting

I change their values in regedit but still no change

I still do not know what to try next.
Any clues from this community would be nice thanks
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 15, 2010 at 03:53 PM
0
Thank you
To fix the problem, I must have a Hyjacthis log.

http://free.antivirus.com/hijackthis/

Please download, install and request a scan and save a log. Copy the log and post it here.

Regards
0
Thank you
Hello thanks for your help

here is the report below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:32, on 15/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxpcp.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxp.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
E:\mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm
O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm
O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm
O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
0
Thank you
ok thanks
I did that and everything is back to normal
captcha display ok and google redirect no more

so thank you, I agree for the antivirus usually I just have panda
but with this problem I had to try many thing that why there is many antivirus soft runnning but I will uninstall them now.

Just one thing; how do you know what's need to be deleted ? It seems to be tricky to deleted a file as to know their importance.

Anyway I am gratefull to you

yanu
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 15, 2010 at 05:07 PM
I am glad for you Yanu and you are totally welcome. Now you just need to pay to the next and help two other persons, like helping an old lady across the street, we will make a chain.

There is no short answer to your question as to know what file, value or key to delete.

Be careful out there on the world wide web full of ghosts, spirits, good and nice people but also some evil.

Regards
something about that ; what is the motivations behind malware: money rebellion against a system or just pure joy of annoyment or a feeling of puppetting people ??
there is a saying in france you needs everything and everyone to make full world and grey is the world

Good day to you
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 15, 2010 at 05:19 PM
The answer is all of the above

Au Québec, on dit aussi : Là où il y a l'homme il y a de l'hommerie.
good
I remenbered:
one last thing why panda let me to get infected in the first place ??
it should prevent it?
Ambucias 53253 Posts Monday February 1, 2010Registration dateModeratorStatus July 19, 2018 Last seen - Aug 15, 2010 at 05:52 PM
Why? You just got my curiosity?
0
Thank you
This helped me get my captcha and google gmail working again - many thanks