• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
PenguinBoy

Adware_FasterXP

4 posts in this topic

Hello,

 

I do not have any popups appearing on my screen. However, I believe that my browser has been hijacked. I first noticed this when I attempted to update my Symantec Antivirus and it failed to access one of the virus definition files it had download. I retried the LiveUpdate a few times, but to no avail. A friend sent me a link to a manual download location on the Symantec site. When I tried the URL, it told me it was an invalid page, and the same happened for every page I searched in the Symantec domain. So far, all other pages seem to open normally. The antivirus did not pick up any infections upon a full system scan. I heard about Avast! antivirus, so I decided to uninstall Symantec and install Avast! Nothing came up for that scan either. However, an online scan from Trend Micro's Housecall came up with a single piece of malware, called "Adware_FasterXP". Housecall failed when it attempted to delete the malware. While running Avast! Antivirus, the "ashWebSv.exe" process crashed. Apart from the incorrect access of the Symantec domain and the failed LiveUpdate attempt, I have noticed no other blatant outward signs of a virus, trojan, etc. I have read the rules of preparation before posting and have installed and run all suggested software. Here are my log files from AVG Anti-Spyware 7.5 and HijackThis 2.0.0:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 10:33:56 PM 4/20/2007

 

+ Scan result:

 

 

 

:mozilla.37:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Advertising : Cleaned.

:mozilla.38:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Advertising : Cleaned.

:mozilla.39:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Advertising : Cleaned.

:mozilla.40:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Advertising : Cleaned.

:mozilla.41:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Advertising : Cleaned.

:mozilla.34:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Atdmt : Cleaned.

:mozilla.15:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

:mozilla.16:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

:mozilla.17:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

:mozilla.18:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

:mozilla.19:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

:mozilla.20:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Casalemedia : Cleaned.

C:\Documents and

 

Settings\PenguinBoy\Cookies\penguinboy@search.live[2].txt ->

 

TrackingCookie.Live : Cleaned.

:mozilla.23:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Netflame : Cleaned.

C:\Documents and

 

Settings\PenguinBoy\Cookies\penguinboy@ssl-hints.netflame[1].txt ->

 

TrackingCookie.Netflame : Cleaned.

:mozilla.21:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Paypal : Cleaned.

:mozilla.50:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Realmedia : Cleaned.

:mozilla.30:C:\Documents and Settings\PenguinBoy\Application

 

Data\Mozilla\Firefox\Profiles\f9swanms.default\cookies.txt ->

 

TrackingCookie.Statcounter : Cleaned.

 

 

::Report end

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:43:47 PM, on 4/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\Cyb2k.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\HotKey\HotKey.exe

C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\EXE Installers\Antivirus and Spyware

 

Protection\HiJackThis_v2.exe

 

F2 - REG:system.ini: Shell=

O2 - BHO: Adobe PDF Reader Link Helper -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

 

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

 

Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program

 

Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

 

Panel\atiptaxx.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus

 

G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2

 

Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

 

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common

 

Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG

 

Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search &

 

Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

 

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HotKey Driver.lnk = C:\Program

 

Files\HotKey\HotKey.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache

 

Group\Apache2\bin\ApacheMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

 

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet

 

Explorer\Plugins\NPDocBox.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX

 

Scan Agent 6.6) -

 

http://housecall65.trendmicro.com/housecal...tive/x86/win32/

 

activex/hcImpl.cab

O22 - SharedTaskScheduler: Browseui preloader -

 

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon -

 

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. -

 

C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\Program

 

Files\Apache Group\Apache2\bin\Apache.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -

 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner -

 

C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

 

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

 

Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

 

Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

 

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

 

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

 

32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

 

Files\Ahead\InCD\InCDsrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

 

Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

 

Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Spot GPS Maxim (SpotGPSMaxim) - Koninklijke Philips

 

Electronics N.V. - C:\Program Files\CoPilot\Navigator9\App\Spot2741.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

 

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 6730 bytes

 

 

I would be happy to provide more logs or other information upon request.

Thank you very much for your time and help!

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Sorry for this delay.

 

If you still need help please submit a fresh HijackThis log.

Before you do remove the wordwrap function from Notepad.

You will find it under the Format menu.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0