My computer got infected with adware. It's all cleaned up now, but I am having one problem.
When I view AOL Hometown Web pages (my site is on AOL), I keep getting redirected to URL: free.aol.com/tryaolfree/index.adp
This doesn't happen when I use the AOL browser, it only happens in IE.
Does anyone know how I can fix this?
Web Page Redirect In IeOnly when viewing AOL Hometown pages
Page 1 of 1
New Topic/Question-
This topic is locked
13 Replies - 7921 Views - Last Post: 16 November 2005 - 09:44 AM
MultiQuoteReplies To: Web Page Redirect In Ie
#2
Amadeus
- g+ + -o drink whiskey.cpp
-
Reputation: 253
- Posts: 13,507
- Joined: 12-July 02
Re: Web Page Redirect In Ie
Posted 11 February 2005 - 09:26 AM
Sounds like you may want to scan for spyware as well, or other non-system files that may have been installed without your knowledge...I could be wrong, but this sounds like it may be a targeted redirect to me. Did this happen before with IE? Does it happen with any other browser (download Firefox and try it)? This will tell us if it's IE specific or targets all other browsers.
I'd say it's almost definitely something local on your machine, but I'm sure we can find it...try scanning for spyware/adware again, and look in the installe d programs list to see if there's anything you don't recognize.
I'd say it's almost definitely something local on your machine, but I'm sure we can find it...try scanning for spyware/adware again, and look in the installe d programs list to see if there's anything you don't recognize.
Was This Post Helpful?
0
#3
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 11 February 2005 - 09:47 AM
I have the microsoft anti-spyware loaded which is what I used to clean the machine of spyware. I scanned it and it's clean. I will try loading a different browser when I get home. I'm at work right now.
This didn' t happen pryer to the adware/spyware problem.
I did notice that I have a Java Console in IE (I think in the Tools folder), which I don't think was there before. A Java icon had opened up on the launch bar while I was browsing the Internet, but then it went away when I rebooted. I am going to check my other computer to see if I have the same thing on it. I'll also look again at the installed programs list when I get home.
This didn' t happen pryer to the adware/spyware problem.
I did notice that I have a Java Console in IE (I think in the Tools folder), which I don't think was there before. A Java icon had opened up on the launch bar while I was browsing the Internet, but then it went away when I rebooted. I am going to check my other computer to see if I have the same thing on it. I'll also look again at the installed programs list when I get home.
Was This Post Helpful?
0
#4
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 13 February 2005 - 10:42 AM
I found out (from the searching the Internet) that my computer has an AOL browser hijacker which places their Web "site free.aol.com" in IE's trusted sites security zone.
It must be in the registry because even though SpyBot detects and deletes it, it comes right back.
I called AOL, they tried to help me, but failed. (ironic, isn't it?)
I'm deciding now to either call Dell or use HijackThis software. I'm not sure if I'm comfortable in using it.
Any help is appreciated!
It must be in the registry because even though SpyBot detects and deletes it, it comes right back.
I called AOL, they tried to help me, but failed. (ironic, isn't it?)
I'm deciding now to either call Dell or use HijackThis software. I'm not sure if I'm comfortable in using it.
Any help is appreciated!
Was This Post Helpful?
0
#5
skyhawk133
- Head DIC Head
-
Reputation: 1981
- Posts: 20,434
- Joined: 17-March 01
Re: Web Page Redirect In Ie
Posted 13 February 2005 - 12:21 PM
Paste your hijack this logs in this thread and we'll tell you which items to remove.
Was This Post Helpful?
0
#6
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 15 February 2005 - 03:56 PM
I got rid of most of the Spyware except for the AOL hijacker and Neededware. It seems that I had much more spayware than just the AOL hijacker.
I'm having trouble locating where the AOL hijacker is hiding. The Neededware just comes back after I delete it.
I found some solutions on the Internet. I'm going to try them tonight. If I run into problems, I'll attach the log from hijack this for you to look at.
Thanks.
I'm having trouble locating where the AOL hijacker is hiding. The Neededware just comes back after I delete it.
I found some solutions on the Internet. I'm going to try them tonight. If I run into problems, I'll attach the log from hijack this for you to look at.
Thanks.
Was This Post Helpful?
0
#7
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 15 February 2005 - 08:05 PM
I'm having a hard time trying to find the files that are running these Spaywar programs. I have attached the log from Hyjack this.
From running Spyware Dr. (free scan only version), the log shows that I have Begin2Search, DealHelper, Infospace tracking cookie, Neededware, aol.com hijack, In Windows, Downloaded Program Files: EPXActiveX.ocx and OSDFB.OSD, but I can't find the files to delete them.
Any help is greatly appreciated!
From running Spyware Dr. (free scan only version), the log shows that I have Begin2Search, DealHelper, Infospace tracking cookie, Neededware, aol.com hijack, In Windows, Downloaded Program Files: EPXActiveX.ocx and OSDFB.OSD, but I can't find the files to delete them.
Any help is greatly appreciated!
Attached File(s)
-
hijackthis021505.log (8.56K)
Number of downloads: 52
Was This Post Helpful?
0
#8
GrungeGirl27
- New D.I.C Head
Reputation: 0
- Posts: 5
- Joined: 12-August 05
Re: Web Page Redirect In Ie
Posted 12 August 2005 - 10:04 AM
8cats, on Feb 15 2005, 08:05 PM, said:
I'm having a hard time trying to find the files that are running these Spaywar programs. I have attached the log from Hyjack this.
From running Spyware Dr. (free scan only version), the log shows that I have Begin2Search, DealHelper, Infospace tracking cookie, Neededware, aol.com hijack, In Windows, Downloaded Program Files: EPXActiveX.ocx and OSDFB.OSD, but I can't find the files to delete them.
Any help is greatly appreciated!
From running Spyware Dr. (free scan only version), the log shows that I have Begin2Search, DealHelper, Infospace tracking cookie, Neededware, aol.com hijack, In Windows, Downloaded Program Files: EPXActiveX.ocx and OSDFB.OSD, but I can't find the files to delete them.
Any help is greatly appreciated!
I don't think mine is as advanced as that. =P
I use Norton Antivirus and Norton Internet Security. The past 3 scans or so show me only one virus/adware (occasionally one or two others, but it deletes those.) The adware it keeps showing me is EPXActiveX.ocx. It says it's in C:\WINDOWS:\Downloaded Program Files\CONFLICT.1.
I've gone into Downloaded Program Files, but the folder CONFLICT.1 is not there. I know folders don't always show up, so I add on the folder name. It says it doesn't exist. When I do a search for EPXActiveX.ocx, it doesn't find it.
So basically, this adware is on my computer, but I can't find it in order to delete it. And I've tried Google searching it, to find out how, but the only things I get are things that say to delete it (but not how) and then this, which wasn't answered in the post. So I'm completely clueless, and praying my computer doesn't suddenly croak at random.
If anyone can help me with this problem, please post back, private message me, or email me.
Thanks...
-Mere-
Was This Post Helpful?
0
#9
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 12 August 2005 - 10:50 AM
I used Hijackthis (it's free), then I used their analyser. You won't know what you are doing if you don't use the analyser.
Link for Hijack this free download:
http://www.pcworld.c.../file_desc...id,23258,00.asp
Link to Analyser:
http://www.hijackthis.de/
You have to look through the analyser results and determine what should or not should be on your computer. It will put red checks next to something it "THINKS" is suspicious. Be very careful that you don't tell it to delete something important.
I also had to turn off Windows XP system restore because some of the Spyware was coming back. Once you get rid of the unwanted files, you can turn it back on again.
Read this, it will explain better: http://www.microsoft...bugbusting.mspx
After you delete any unwanted files with HijackThis, you might want to run your antivirus software in Safe Mode and Normal mode. Norton is not enough, you should run Adaware, SpyBot and Microsoft Antivirus (all are free). They all find different stuff.
Hope this helps. My computer has been running great (knock on wood) since I cleaned it up. I do scans once a week and make sure all the detection programs are up to date.
Link for Hijack this free download:
http://www.pcworld.c.../file_desc...id,23258,00.asp
Link to Analyser:
http://www.hijackthis.de/
You have to look through the analyser results and determine what should or not should be on your computer. It will put red checks next to something it "THINKS" is suspicious. Be very careful that you don't tell it to delete something important.
I also had to turn off Windows XP system restore because some of the Spyware was coming back. Once you get rid of the unwanted files, you can turn it back on again.
Read this, it will explain better: http://www.microsoft...bugbusting.mspx
After you delete any unwanted files with HijackThis, you might want to run your antivirus software in Safe Mode and Normal mode. Norton is not enough, you should run Adaware, SpyBot and Microsoft Antivirus (all are free). They all find different stuff.
Hope this helps. My computer has been running great (knock on wood) since I cleaned it up. I do scans once a week and make sure all the detection programs are up to date.
Was This Post Helpful?
0
#10
GrungeGirl27
- New D.I.C Head
Reputation: 0
- Posts: 5
- Joined: 12-August 05
Re: Web Page Redirect In Ie
Posted 24 August 2005 - 04:00 PM
That was a little bit confusing for me. Well, the bottom link with the reading at least: I downloaded some of the programs and then I got to one of them and it confused me to hell so I gave up. Haha...
Anyway. I used HijackThis and got a log, and I put it in the analyzer. But you said that sometimes it will say something's bad and it's not? So I decided to check in here to make sure.
Here's my log:
And then here's the link where they said what was bad and what was good, and then a lot of stuff it was unsure of:
Hijack This --- Log file analysis
I looked through it a little bit, and I don't even SEE the adware I'm having a problem with in it. Is it hidden as something else, or did Hijack This just not find it? (The adware being EPXActiveX.ocx)
If anyone could help me AGAIN it would be greatly appreciated... again.
-Mere-
Anyway. I used HijackThis and got a log, and I put it in the analyzer. But you said that sometimes it will say something's bad and it's not? So I decided to check in here to make sure.
Here's my log:
Quote
Logfile of HijackThis v1.99.0
Scan saved at 6:32:03 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\AOL\1102379793\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102379793\ee\AOLServiceHost.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102379793\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/diamond.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Scan saved at 6:32:03 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\AOL\1102379793\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102379793\ee\AOLServiceHost.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102379793\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...abs/diamond.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
And then here's the link where they said what was bad and what was good, and then a lot of stuff it was unsure of:
Hijack This --- Log file analysis
I looked through it a little bit, and I don't even SEE the adware I'm having a problem with in it. Is it hidden as something else, or did Hijack This just not find it? (The adware being EPXActiveX.ocx)
If anyone could help me AGAIN it would be greatly appreciated... again.
-Mere-
Was This Post Helpful?
0
#11
8cats
- New D.I.C Head
Reputation: 1
- Posts: 37
- Joined: 30-December 04
Re: Web Page Redirect In Ie
Posted 25 August 2005 - 08:51 AM
The Adware/spyware that you have been trying to delete is called Neededware.
See this link:
Neededware (EPXActiveX.ocx)
http://securityrespo...neededware.html
You need to delete the following line using HijackThis:
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
I had Neededware on my computer when it was infected. Try running HiJackThis, have it delete the line, then run it again after you reboot. If it comes back you might have to turn off the Windows XP system restore before you delete the line, if it still comes back you might have to run hijackTHis in Safe Mode and if it comes up delete it while in Safe Mode. I know it was hard to get rid of, but I finally did it.
Make sure you don't delete the other 016 lines because I'm pretty sure they belong to your Norton Antivirus Program.
You seem to have a lot of Toolbars, which HiJackThis doesn't like. I would leave them alone unless you know exactly what you are deleting. Some of them are from AOL. I assume you have AOL loaded on your computer.
See this link:
Neededware (EPXActiveX.ocx)
http://securityrespo...neededware.html
You need to delete the following line using HijackThis:
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
I had Neededware on my computer when it was infected. Try running HiJackThis, have it delete the line, then run it again after you reboot. If it comes back you might have to turn off the Windows XP system restore before you delete the line, if it still comes back you might have to run hijackTHis in Safe Mode and if it comes up delete it while in Safe Mode. I know it was hard to get rid of, but I finally did it.
Make sure you don't delete the other 016 lines because I'm pretty sure they belong to your Norton Antivirus Program.
You seem to have a lot of Toolbars, which HiJackThis doesn't like. I would leave them alone unless you know exactly what you are deleting. Some of them are from AOL. I assume you have AOL loaded on your computer.
Was This Post Helpful?
0
#12
GrungeGirl27
- New D.I.C Head
Reputation: 0
- Posts: 5
- Joined: 12-August 05
Re: Web Page Redirect In Ie
Posted 25 August 2005 - 03:31 PM
8cats, on Aug 25 2005, 10:51 AM, said:
I assume you have AOL loaded on your computer.
Yep. What I'm using right now. Haha...
I think I'm gonna delete the alc-something or other too. Since it told me that was really bad.
*sigh*
Virus-creators should be tortured and then murdered for the pain and trouble they cause us all. Such a pain in my ass.
Thank you for the help! Hehe...
I'm sure I'll be back in time though with another messed-up problem with the computer. *Shakes finger at it and warns it that it will be yelled at if it ever does something like this again*
Well, I'm gonna go try deleting it now. =P
"Peace, love, empathy"
Was This Post Helpful?
0
#13
GrungeGirl27
- New D.I.C Head
Reputation: 0
- Posts: 5
- Joined: 12-August 05
Re: Web Page Redirect In Ie
Posted 21 September 2005 - 05:32 PM
Oh man. Norton AntiVirus just said today that the EPX thing was back...
And so I ran HijackThis... And it won't find it in there.
If anyone could help me, AGAIN, it would AGAIN be greatly appreciated.
And so I ran HijackThis... And it won't find it in there.
If anyone could help me, AGAIN, it would AGAIN be greatly appreciated.
Was This Post Helpful?
0
#14
GrungeGirl27
- New D.I.C Head
Reputation: 0
- Posts: 5
- Joined: 12-August 05
Re: Web Page Redirect In Ie
Posted 16 November 2005 - 09:44 AM
GrungeGirl27, on 21 Sep, 2005 - 08:29 PM, said:
Oh man. Norton AntiVirus just said today that the EPX thing was back...
And so I ran HijackThis... And it won't find it in there.
If anyone could help me, AGAIN, it would AGAIN be greatly appreciated.
And so I ran HijackThis... And it won't find it in there.
If anyone could help me, AGAIN, it would AGAIN be greatly appreciated.
Was This Post Helpful?
0
Page 1 of 1
| 