Unidentifiable (source of the) problem

[Lysiane Ney]

Hello,

I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
it from coming back to bug me again, time after time: on opening a new
explorer, the page automatically scrolls down to the end, and often refuses
to go back up using the arrow keys (these symptoms are usually later
accompanied by the inability to click links or control anything using the
touchpad, unless I press "Esc" or re-start the system).

If anyone feels like they know about such a virus/trojan/worm/or anything,
please, I'd like to know more (what its is, its name, how to combat).

Just in case, I ran HijackThis, and here's the log:
[Thanks in advance for analyzing this for me and locating anything that
could be related to my problem and/or anything I should delete at all!]

Logfile of HijackThis v1.97.7
Scan saved at 17:56:06, on 24.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\FNF22k.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\soundman.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\NoAdware\NoAdware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Lysiane\Local Settings\Temporary Internet
Files\Content.IE5\03DV2IB5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://silentwonder.com/start.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [FNF22k] C:\WINDOWS\System32\FNF22k.exe
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.4362847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab

 

[Richard S. Westmoreland]

Hello,

I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
it from coming back to bug me again, time after time: on opening a new
explorer, the page automatically scrolls down to the end, and often refuses
to go back up using the arrow keys (these symptoms are usually later
accompanied by the inability to click links or control anything using the
touchpad, unless I press "Esc" or re-start the system).

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

You have a laptop. You need your keyboard (thumbstick) and palm rest
(touchpad) replaced. We use Dell, and this is a common problem with the
C610.

If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.

Rick

 

[Lysiane Ney]

You have a laptop. You need your keyboard (thumbstick) and palm rest
(touchpad) replaced. We use Dell, and this is a common problem with the
C610.

If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.

Rick

Thank you.

I had the touchpad (only!) replaced by Packard Bell a couple of months ago.
The problem reappeared after some time though. Do you think the entire
keyboard/palm rest area should be replaced alltogether still ? I'll have a
hard time convincing the technical desk this is a hardware issue and they
ought to make a replacement again, bigger this time. They keep saying this
is a virus and I'm the one at fault ! But I'll try!

Will explore the glide/scroll turn off option immediately though.

 

[Lysiane Ney]

If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.


Rick

After battling with this scrolling issue for months, having had my pc sent
to the repairshop twice, dealing with a very recalcitrant tech desk, you
just accomplished what I feel is a miracle just by passing this gem of
wisdom onto me. You're a godsend !
Still, I'll try to have Packard Bell replace the whole shebang for me, I
think, so I can be at peace.

Thanks again !

Lysiane

 

[Richard S. Westmoreland]

After battling with this scrolling issue for months, having had my pc sent
to the repairshop twice, dealing with a very recalcitrant tech desk, you
just accomplished what I feel is a miracle just by passing this gem of
wisdom onto me. You're a godsend !
Still, I'll try to have Packard Bell replace the whole shebang for me, I
think, so I can be at peace.

So this means it works now?

Rick

 

[David W. Hodgins]

I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
C:\Program Files\NoAdware\NoAdware.exe

I see you've found a workaround for the hardware problem.

I'm no expert at hijackthis logs, but you may want to check out
http://www.adwarereport.com/mt/archives/000023.html
regarding the NoAdware product.

Regards, Dave Hodgins

 

[Shane]

I see you've found a workaround for the hardware problem.

I'm no expert at hijackthis logs, but you may want to check out
http://www.adwarereport.com/mt/archives/000023.html
regarding the NoAdware product.

Dave, you might want to check out
http://spywarewarrior.com/viewtopic.php?t=1154&start=30
http://www.spywarewarrior.com/viewtopic.php?t=1154
for starters. Watch in amazement as the author of adwarereport.com rubbishes
Spybot S&D and Ad-aware for being freeware while hyping *betrayware* apps
that happen to pay him for advertising! Gasp at the gall of the mercenary
little shitbag! Then pass it on.


Shane

 

[David W. Hodgins]

Dave, you might want to check out
http://spywarewarrior.com/viewtopic.php?t=1154&start=30
http://www.spywarewarrior.com/viewtopic.php?t=1154
for starters. Watch in amazement as the author of adwarereport.com rubbishes
Spybot S&D and Ad-aware for being freeware while hyping *betrayware* apps
that happen to pay him for advertising! Gasp at the gall of the mercenary
little shitbag! Then pass it on.

LOL! Thanks for the link. I just ran a google search on "noadware rouge", and
skimmed the article to make sure it wasn't a false report by the authors of noadware.

While I agree with the actual article I linked to, I'll try to remember to exclude
adwarereport.com from any future links I post.

Thanks, Dave Hodgins

 

[me]

LOL! Thanks for the link. I just ran a google search on
"noadware rouge", and skimmed the article to make sure it
wasn't a false report by the authors of noadware.

While I agree with the actual article I linked to, I'll try
to remember to exclude adwarereport.com from any future
links I post.

Thanks, Dave Hodgins

Dave,

FWIW, adwarereport is also listed on
http://www.spywarewarrior.com/rogue_anti-spyware.htm

J

 

[Lysiane Ney]

So this means it works now?

Rick

Yup !

Well, it's all been behaving fine ever since I turned the gliding off
yesterday. I'm keeping my fingers crossed hoping my problem has been solved
forever. In the meanwhile, I'll still try to make the warrantee work for me.

Have a nice week-end (in Berlin?), Rick !

Lysiane

 

[Shane]

LOL! Thanks for the link. I just ran a google search on "noadware rouge", and
skimmed the article to make sure it wasn't a false report by the authors of noadware.

While I agree with the actual article I linked to, I'll try to remember to exclude
adwarereport.com from any future links I post.

Thanks, Dave Hodgins

There's some pretty funny - or desperately sad, depending on your
viewpoint - stuff on that spywarewarrior forum. Last week I was reading a
thread involving the vendor of *Privacy Tools 2004*
http://spywarewarrior.com/viewtopic.php?t=4112 in much the same vein.


Shane

 

[Richard S. Westmoreland]

Have a nice week-end (in Berlin?), Rick !

Lysiane

No actually I'm in the U.S., I'm just using an account from a Berlin server.


Rick