Jump to content


Photo

Search engines go whacky


  • This topic is locked This topic is locked
11 replies to this topic

#1 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 June 2007 - 12:13 PM

Help is in order... I hope. Whenever I search on various search engines and then go to click on the result, it takes me to many various places. No porn sites though. Sometimes before I even click on the result it goes to btcar.com or to ebay.com. Sometimes clicks send me to monster Marketplace or Autobytec.com. Even to ask.com or to yahoo.com search at times, even though I do not use them.
I have attempted to clean with Webroot. adaware, used cwshredder and AVG. All have found some cookies and I removed them all. Still no help. Here are Hijack results log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:54 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for HiJackThis_v2.zip\HiJackThis_v2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG04.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe" /IMGSTART
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.1\masqform.exe" /RegServer -UpdateCurrentUser
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.webpcfos....trix/wficat.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - http://www.webpcfos..../HTEweb_new.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay10...ex/HMAtchmt.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
O24 - Desktop Component 1: (no name) - http://hotmail.msn.com/

--
End of file - 11072 bytes

Here is my AVG report:

+ Scan result:



C:\Program Files\MovieBox -> Adware.Generic : Cleaned.
:mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Twoplantguys\22ewyppm.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.30:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.76:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.22:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.20:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.94:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.95:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.35:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
F:\Documents and Settings\Ronald Minter\Cookies\ronald minter@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
F:\Documents and Settings\Ronald Minter\Local Settings\Temp\Cookies\ronald minter@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
F:\Documents and Settings\Ronald Minter\Local Settings\Temp\Cookies\ronald minter@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pocitadlo[1].txt -> TrackingCookie.Pocitadlo : Cleaned.
:mozilla.40:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.54:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@artemis.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@stats2.porntrack[2].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
F:\Documents and Settings\Paul Farrington\Cookies\paul farrington@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.43:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Mintersnursery\n8qgbfze.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Can anybody help? Please? I am dying out here, and making me absolutley crazy, since I can usuaaly fiqure these things out myself... Ron

#2 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 10 June 2007 - 01:01 PM

More info on my problem:
It is only when I search through Internet Explorer. Searches are not redirected when I use fire Mozilla Firefox to access search engines. I am using that now. CWShredder cleaned one registry item yesterday, but no help regarding redirected searches using I.E.

#3 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 June 2007 - 11:56 AM

FIXED I THINK!!! I was frustrated and downloaded and used fixwareout as recommended to another user. I ran it and now all seems to be good! I am still planning on using Firefox from now on though. Does anyone see anything in my logs I should fix now after the fact? Old programs, stupid things that make me vulnerable? Thanks to this forum....Webroot did not seem to to think this was a problem... Here is the log of fixwareout:

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdsam.exe"

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdsam.ren 66038 08/04/2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"nwiz"="\"nwiz.exe\" /install"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"masqform.exe"="\"C:\\Program Files\\PureEdge\\Viewer 6.1\\masqform.exe\" /RegServer -UpdateCurrentUser"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HPHmon03"="C:\\WINDOWS\\system32\\hphmon03.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HP Software Update"="\"C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe\""
"Deskup"="\"C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe\" /IMGSTART"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Thanks, again.....sorry did not wait for helper....any suggestions for me....???

#4 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 12 June 2007 - 06:32 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#5 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 June 2007 - 10:20 AM

Hi,

Looks like you indeed already fixed it after running FixwareOut. Are you still having problems with the redirections now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 01 July 2007 - 02:27 AM

Hi,

Looks like you indeed already fixed it after running FixwareOut. Are you still having problems with the redirections now?


Thanks, for the reply. The redirections seem to have gone away in IE, although it is still running a bit slower than searches using firefox. I am going to continue using firefox from now on. Could there be anything else lingering? I do not seem to have any major problems at this time. So I am very pleased with you and the forum for helping. Mucho gracious.

#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 01 July 2007 - 03:08 AM

Hi,

I don't see anything suspicious anymore here..

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Concerning the speed - keep in mind that you have Symantec/Norton installed. This does decrease speed. Also, you currently have two other Antspyware running in the background - Spysweeper and AVG Antispyware. They are also extra resource hogs and actually it's not needed to have them both running in the background since they are doing the same. Actually Norton should already do what Spysweeper and AVG Antispyware do.
Also read this: Help! My computer is slow!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 01 July 2007 - 11:01 AM

Hi,

I don't see anything suspicious anymore here..

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Concerning the speed - keep in mind that you have Symantec/Norton installed. This does decrease speed. Also, you currently have two other Antspyware running in the background - Spysweeper and AVG Antispyware. They are also extra resource hogs and actually it's not needed to have them both running in the background since they are doing the same. Actually Norton should already do what Spysweeper and AVG Antispyware do.
Also read this: Help! My computer is slow!



#9 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 01 July 2007 - 11:10 AM

Hi,

You quoted my post and didn't post a message yourself. Use the Posted Image button below to reply instead of the "Reply" button under every post. :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 seattleguy

seattleguy

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 01 July 2007 - 11:37 AM

Whoops,

I decided to follow your instructions before replying, sorry. I updated Java, deleted AVG and am running both Norton and Spysweeper in the background. I know Spysweeper will slow things down, but I picked up whatever it was that caused the redirection with Norton running. So I do not totally trust in Norton. Otherwise all is working fine and I thank you for your help. Should I also now delete CWshredder, Hijackthis and Fxwareout? Again Thanks, Ron

#11 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 01 July 2007 - 11:48 AM

Hi,

Yes, delete CWShredder, HijackThis and FixwareOut.

If you don't really trust Norton, why don't you uninstall it and install another Antivirus instead? As I already said, Norton is a huge resource hog and may cause a serious slowdown on some systems.. and the slowdown is one of your problems as well. And now since you said you don't really trust Norton.. well, the decision shouldn't be that hard then.. :)
Look in my signature below for the Antivirus I recommend. You'll also find some free ones in there. For example Avira is a Free Antivirus which is great in detection.
If you purchase the premium version, it will also detect spyware/adware. The free version doesn't have this option, but for that you have your spysweeper :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#12 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 03 July 2007 - 06:02 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button