Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Redirecting My Search Engine


  • This topic is locked This topic is locked
7 replies to this topic

#1 bub2180

bub2180

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 12 February 2007 - 11:11 PM

I started having problems with IE after I tried to download a video from a friends myspace about 3 to 4 weeks ago and since then I have had problems with my IE. Every time I search for something using Google or Yahoo or anything, I get redirected as soon as I try to click on any of the search results and IE is acting funny (slow) with the scroll of my mouse. I am thrown to pages like BTCar.com and monstermarketplace.com search engines that look like the search results that I was looking for, but I don't dare click on any of them for fear that I may download something else BAD.

I downloaded the new IE7 and it doesn't seem to have helped at all. I have run adaware and Norton Antivirus and neither of them seem to pick anything up. I have uninstalled adaware and since then I haven't been able to reinstall it to try a newer more updated version because it keeps telling me that there is no disk in the drive.

Buddy 215 told me to run Bitdefender and also SuperAntispyware in safe mode. I ran them both and they took care of a lot of junk. I was also told to run hijackthis and post the log here. PLEASE HELP ME WITH THIS!!! :thumbsup:

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:11 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\wdfmgr.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Logitech\iTouch\iTouch.exe
I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\Music\iTunesHelper.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\system32\ctfmon.exe
G:\Program Files\SUPERAntiSpyware.exe
I:\WINDOWS\SYSTEM32\USRshutA.exe
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
I:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\FinePixViewer\QuickDCF.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
G:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cannondale.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - G:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - I:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] I:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] I:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [USRpdA] I:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Music\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "I:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [RealPlayer] "I:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = G:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global User Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global User Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global User Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &eBay Search - res://I:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a6662d6428b7f0c815/...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144633995681
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} - http://adblock.linkz.com/APHelper.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7BD76E-61F7-4DB5-9CFE-F8709DFB639C}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB9B238-6CC1-49CC-A94C-7522BF38BC0E}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 February 2007 - 03:41 AM

Welcome bub2180 :thumbsup:

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log.
Posted Image
Posted Image

#3 bub2180

bub2180
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 13 February 2007 - 05:57 PM

RichieUK,

Thanks for the speedy response. You have asked for me to run fixwareout.exe and I did. Here is the log from that report:


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdfne.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

The system cannot find the file specified.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
I:\WINDOWS\Temp\kdfne.ren 63289 08/04/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="I:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="I:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"QuickTime Task"="\"I:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"REGSHAVE"="I:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"TkBellExe"="\"I:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus Photo R300 Series"="I:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB002\" /M \"Stylus Photo R300\""
"USRpdA"="I:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
"Adobe Photo Downloader"="\"I:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="I:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"F:\\Music\\iTunesHelper.exe\""
"ccApp"="\"I:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"I:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="\"I:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot"
"updateMgr"="\"I:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"ctfmon.exe"="I:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="G:\\Program Files\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Here is the HJT report after running fiwareout.exe:

Logfile of HijackThis v1.99.1
Scan saved at 6:00:03 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
I:\Program Files\Logitech\iTouch\iTouch.exe
I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\Music\iTunesHelper.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\SYSTEM32\USRshutA.exe
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
I:\WINDOWS\system32\ctfmon.exe
G:\Program Files\SUPERAntiSpyware.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Norton AntiVirus\NAVW32.exe
I:\Documents and Settings\Joseph Poulin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cannondale.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - G:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - I:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] I:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] I:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [USRpdA] I:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Music\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "I:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [RealPlayer] "I:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = G:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global User Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global User Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global User Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &eBay Search - res://I:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a6662d6428b7f0c815/...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144633995681
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} - http://adblock.linkz.com/APHelper.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7BD76E-61F7-4DB5-9CFE-F8709DFB639C}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB9B238-6CC1-49CC-A94C-7522BF38BC0E}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

Please HELP me fix this. You guys are awesome and I owe you for doing this.

Thanks,
BUB2180 :thumbsup:

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 13 February 2007 - 06:21 PM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - I:\Program Files\NetZero\Toolbar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} - http://adblock.linkz.com/APHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F7BD76E-61F7-4DB5-9CFE-F8709DFB639C}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB9B238-6CC1-49CC-A94C-7522BF38BC0E}: NameServer = 85.255.113.115,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.12


C:\Documents and Settings\Shaun Einboden\Local Settings\Application Data\ifwprje.dll
C:\Program Files\Common Files\{8C92FE3F-0855-4105-0112-071201050002}

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.
Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log in your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 bub2180

bub2180
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 13 February 2007 - 10:09 PM

Man...you are awesome. my pc is searching just fine now and it even seems to be a bit faster. The only thing that still doesn't seem right is that my scroll in IE7 is still very slow with the wheel of the mouse.

I am so happy that this is working normal now. Here are the logs that you requested I post:

AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:59:15 PM 2/13/2007

+ Scan result:



HKU\S-1-5-21-436374069-688789844-1060284298-1003\Software\Linkz -> Adware.AdBlock : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-688789844-1060284298-1003\Software\Linkz\Browser Helper -> Adware.AdBlock : Cleaned with backup (quarantined).
HKU\S-1-5-21-436374069-688789844-1060284298-1003\Software\Linkz\Browser Helper\WhiteList -> Adware.AdBlock : Cleaned with backup (quarantined).
I:\Documents and Settings\Joseph Poulin\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@overture[2].txt -> TrackingCookie.Overture : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\joseph_poulin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
I:\Documents and Settings\Joseph Poulin\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:07:53 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\Logitech\iTouch\iTouch.exe
I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
F:\Music\iTunesHelper.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\WINDOWS\system32\ctfmon.exe
G:\Program Files\SUPERAntiSpyware.exe
I:\WINDOWS\SYSTEM32\USRshutA.exe
I:\WINDOWS\SYSTEM32\USRmlnkA.exe
I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\FinePixViewer\QuickDCF.exe
G:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\Joseph Poulin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cannondale.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://adblock.linkz.com/abho/bandsearch.abs
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - G:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] I:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] I:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] I:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [USRpdA] I:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Music\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "I:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "I:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = G:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global User Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global User Startup: EPSON Status Monitor 3 Environment Check(2).lnk = I:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global User Startup: Exif Launcher.lnk = E:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &eBay Search - res://I:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - I:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a6662d6428b7f0c815/...ip/RdxIE601.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144633995681
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - I:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

Thank you so very much for the help. Please let me know if there is anything else that I have to do with these reports.

Thanks again,
Bub2180 :thumbsup: :flowers:

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 February 2007 - 02:38 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/27a6662d6428b7f0c815/...ip/RdxIE601.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

Exit Hijackthis.

******************************

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then reboot.

******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Edited by RichieUK, 14 February 2007 - 04:14 AM.

Posted Image
Posted Image

#7 bub2180

bub2180
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 14 February 2007 - 09:36 PM

You are the greatest. Everything is working fine now. I downloaded updated drivers for my mouse and everything is scrolling just fine now. Thanks for the help with this. Hopefully this won't happen again.

Thanks again,
Bub2180

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 February 2007 - 09:41 PM

You're welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users