-
Hijack this!
Ken, I just have an icon for the RSIT, no Hijack This. Maybe I'm confused, long day. However, either send me a link or clue so we can attempt this process. Thanks again, T
-
Go into your Program Files, it should be there
Or try here
C:\Program Files\trend micro\Tim.exe
-
Hijack this and TFC
I ran both of these applications as requested and did a reboot with the cable modem disconnected. Once back up and running and attempted a search under a new tab and was redirected once again, scour was still present.
-
Post a new HJT log
What you need to do is reset your cable modem. There should be a reset button somewhere on it, not familiar with what you have, it just is a small button that you can hold in for about 30 seconds that will set it back to defaults.
Then run this program and post the log, it looks like its been successful in removing Scour
http://download.cnet.com/Hitman-Pro-...-10895604.html
-
HJT log, doing the hitman now.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:41 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\Tim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...0Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1254591051484
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: (no name) - http://photos.surfline.com/albums/ha...7941.thumb.jpg
--
End of file - 7461 bytes
-
Hitman
I ran the Hitman and then did a search under a new tab, once again and was redirected to scour, it's the devil!!!
-
I know this may be a project for you but do you have access to another computer that you could borrow from a friend, a laptop would be ideal, and plug it into your cable modem and see if you get redirected on that one. Where thinking it may be the cable modem that is directing you, we have seen this before recently , not just with scour but other sites as well. If the borrowed computer gets redirected also then you will need to have the cable company come out and reset the thing back to factory defaults.
In the meantime I will still be looking for an answer for this, there is one somewhere
Lets try Super Anti Spyware
Please download SuperAntiSpyware Free
Install the program
- Run SuperAntiSpyware and click: Check for updates
- Once the update is finished, on the main screen, click: Scan your computer
- Check: Perform Complete Scan
- Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:- Click: Preferences
- Click the Statistics/Logs tab
- Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your next reply
Last edited by ken545; 2011-06-08 at 10:37.
-
When you get a chance check this file please
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\Windows\System32\drivers\VolSnap.sys
If the site is busy you can try this one
http://virusscan.jotti.org/en
-
Finding Time!
Ken, Busy with work, having difficulty finding time to catch up! I will be performing theses tasks over the next couple of days.. Thanks for all your help. T
-
SUPER AntiSpyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/10/2011 at 12:21 PM
Application Version : 4.53.1000
Core Rules Database Version : 7245
Trace Rules Database Version: 5057
Scan type : Complete Scan
Total Scan Time : 01:16:41
Memory items scanned : 295
Memory threats detected : 0
Registry items scanned : 8648
Registry threats detected : 0
File items scanned : 27676
File threats detected : 28
Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@casalemedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@imrworldwide[2].txt
C:\Documents and Settings\Tim\Cookies\tim@atdmt[1].txt
C:\Documents and Settings\Tim\Cookies\tim@dc.tremormedia[2].txt
C:\Documents and Settings\Tim\Cookies\tim@media6degrees[2].txt
C:\Documents and Settings\Tim\Cookies\tim@revsci[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ad.yieldmanager[2].txt
C:\Documents and Settings\Tim\Cookies\tim@serving-sys[1].txt
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@network.realmedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@yieldmanager[1].txt
C:\Documents and Settings\Tim\Cookies\tim@adbrite[1].txt
C:\Documents and Settings\Tim\Cookies\tim@pointroll[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.pointroll[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[1].txt
C:\Documents and Settings\Tim\Cookies\tim@tribalfusion[1].txt
C:\Documents and Settings\Tim\Cookies\tim@2o7[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ru4[1].txt
C:\Documents and Settings\Tim\Cookies\tim@realmedia[2].txt
C:\Documents and Settings\Tim\Cookies\tim@invitemedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ad.wsod[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.watchmygf[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.basal[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.bighealthtree[2].txt
C:\Documents and Settings\Tim\Cookies\tim@collective-media[2].txt
C:\Documents and Settings\Tim\Cookies\tim@revsci[1].txt
C:\Documents and Settings\Tim\Cookies\tim@sextube[1].txt
C:\Documents and Settings\Tim\Cookies\tim@www.sextube[2].txt
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
