also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot

[Active] Gostats and crosspixel interfering with Firefox

Discussion in 'Virus and Malware Removal' started by dbreed53, Mar 3, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Bobbye Helper on the Fringe

    One more scan to make sure there are no bad entries left:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    Has the redirecting improved?
    Bobbye, Mar 12, 2011
    #21

  2. dbreed53 Newcomer, in training

    HijackThis log

    Here is the log from HijackThis;

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:18:22 PM, on 3/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
    C:\Program Files\Webroot\Security\current\plugins\sync\WRSyncManager.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\Program Files\Webroot\Security\current\products\WISC\toolbar\LPBar.dll
    O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Program Files\Webroot\Security\current\products\WISC\toolbar\LPBar.dll
    O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" (User 'Default user')
    O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289649019863
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289649186457
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3EACCC-A53F-41E2-8AD6-E2A499C11E17}: NameServer = 69.78.96.14 66.174.92.14
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

    --
    End of file - 6548 bytes


    Yes, the redirecting seems to have been fixed altogether.
    Thanks very much for your help, and your patience.

    Now, the only issue I have is that the VZAccess Manager and the Volume Control icons keep disappearing from the SysTray, no matter how many times I check the box to make them appear there.

    For instance, if I open the properties of either, the box is checked, but the icon does not appear. But, if I uncheck the box, apply the change, then recheck the box and apply the change, they appear. Until I reboot.
    dbreed53, Mar 12, 2011
    #22

  3. Bobbye Helper on the Fringe

    David, are you making the icon changes through the Taskbar Properties?

    Right click on the Taskbar> Properties> Check 'Hide Inactive Icons'> then click on Customize (you don't get the Customize option if you don't click that 'hide' first)> Find the 2 icons for the processes you mentioned> Highlight each and set the dialog box to Always show> Click OK> Apply> OK

    If these are on startup, they should both appear. The Volume Control icon usually doesn't disappear unless you sound does. Keep in mind also that the Notification Area has limited space. If you see << on the left side, it means there are more icons but they can't fit. Just click the << to see them.

    Are you no longer using Windows Messenger. There are 2 09 entries in the HJT log that say 'no file'.

    The HJT log is fine. You have some backgroung processes running, probably from the Startup Menu that you don't need unlss you're actually using it. Example: HP Digital Imaging and all other HP processes.
    Bobbye, Mar 13, 2011
    #23

  4. dbreed53 Newcomer, in training

    Sysray Icons

    No. I am doing the Volume control in the Control Panel, Sounds Settings.
    Likewise with the VZAccess Manager, in the Properties page of the application.
    I have the 'Hide Inactive Icons' UNchecked.
    Have done this before. Does not change the behavior, oddly enough.
    VZAccess manager does load at startup, but no icon, and when minimized, no icon, as per settings in the app.
    Although the Sound icon does not appear, all sound functions, function.
    I have the toolbar 'unlocked' so I can manage the rows in Quick Launch. I manage the width of it by increasing the number of rows in the Taskbar, I currently have three, to fit my whim. The SysTray expands as necessary for apps that use it. Currently, it has one column, Outlook, Search Indexer, and Webroot are the occupants, next to the Time/Date.
    Yes, I NEVER use it. I am over 40 and have a cellphone. :)
    Would it help to clean that up?
    I VERY INFREQUENTLY use the scanner feature nowadays. I used to use daily to fax documents when I was trucking.
    What do you recommend?
    dbreed53, Mar 13, 2011
    #24

  5. Bobbye Helper on the Fringe

    David, I'm getting ready to shut down for the night. Drat for this time change- gets me all confused about when it's time to go to bed!

    Follow my path through the Taskbar properties for the icons. I explained to you that the Customize feature is greyed out unless you CHECK 'hide inactive icons.'. Once you click on Customize and get in the icon area, you can change to 'always show', always hide' or 'never show'. But you can't get in there unless you check the 'hide inactive' first! Some dumb software writer thought that one up!

    Keep the Toolbar locked! It can wonder around if you don't. Just put the cursor on the top of the Taskbar until you see the double arrow and move it up to widen. Then lock the taskbar back.

    Will finish in the AM.
    Bobbye, Mar 13, 2011
    #25
Page 2 of 2
Thread Status:
Not open for further replies.