A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Reload this Page HijackThis Log. Google Redirects.
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

HijackThis Log. Google Redirects.


« Why is vista suddenly asking me to backup my encrypting file systemkey? | What is hprb update »

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old May 2nd 09, 05:57 PM posted to microsoft.public.windows.vista.security
Piper8611
external usenet poster
  
Posts: 1
Default HijackThis Log. Google Redirects.

Hello. I'm using Windows Vista and IE7 on my laptop and just recently
i've been having issues using the google search. Whenever I click on a
google link it re-directs me to an ad site of some kind. I've looked
online for solutions and alot of them have recommended the HiJackThis
program. Which I have downloaded but I do not know what to delete from
it. Here is the full log from my computer. Any help would be greatly
appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:10 PM, on 5/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\AIM6\aim6.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM
Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch -
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program
Files\Dell\BAE\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}
- C:\Program Files\Google\Google Gears\Internet
Explorer\0.5.16.0\gears.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix
Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program
Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell
Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program
Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet
Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471
-"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR
3.0.30618; .NET CLR 1.1.4322)"
-"http://spongebob.nick.com/games/play/sb_fliporflop/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media
Player\Adobe Media Player.exe
O4 - Startup: Dell Dock.lnk = C:\Program
Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim
toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -
C:\Program Files\Google\Google Gears\Internet
Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings -
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google
Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O17 -
HKLM\System\CCS\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 -
HKLM\System\CCS\Services\Tcpip\..\{392F3154-C9B3-4A3F-9DC4-1D14ED9A24EB}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O17 -
HKLM\System\CS1\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O17 -
HKLM\System\CS2\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program
Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea
Electronics Corporation -
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c204e27d\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec,
Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock
Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) -
DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix
Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c915acf98c24b7)
(gupdate1c915acf98c24b7) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_c204e27d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown
owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11353 bytes


--
Piper8611
------------------------------------------------------------------------
Piper8611's Profile: http://forums.techarena.in/members/95751.htm
View this thread: http://forums.techarena.in/vista-security/1172689.htm

http://forums.techarena.in
  #2 (permalink)  
Old May 2nd 09, 07:17 PM posted to microsoft.public.windows.vista.security
Noel Paton[_2_]
external usenet poster
  
Posts: 99
Default HijackThis Log. Google Redirects.
On Sat, 2 May 2009 23:27:07 +0530, Piper8611
wrote:


Hello. I'm using Windows Vista and IE7 on my laptop and just recently
i've been having issues using the google search. Whenever I click on a
google link it re-directs me to an ad site of some kind. I've looked
online for solutions and alot of them have recommended the HiJackThis
program. Which I have downloaded but I do not know what to delete from
it. Here is the full log from my computer. Any help would be greatly
appreciated.

There's nothing too bad in that log that I can see - but I'm NOT an
expert
HJT is not as well regarded as it used to be.
This is NOT - under any circumstances - the place to post logs, as you
can't get the specialist advice you need here - you need to go to a
proper malware specialist forum. (see below)
I see no mention in the log of any anti-virus - what were you running?
why is it not running now?
Download and run a decent antivirus and an anti-malware tool (each
specialist site has it's preference - read the posting instruction
before deciding which to use!

anti-malware site.....
(list nicked from Malke - sorry, oh queen of the universe! g)


http://aumha.net/viewtopic.php?t=4075 - Posting FAQ
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7
--
Noel Paton
www.crashfixpc.co.uk

Nil Carborundum Illegitemi
  #3 (permalink)  
Old July 4th 09, 07:33 AM posted to microsoft.public.windows.vista.security
Martin Connolly
external usenet poster
  
Posts: 8
Default HijackThis Log. Google Redirects.
The rogue runs as a non-PNP hardware driver and so will appear in the device
manager. research 'go.google.com redirect' using another PC, and it'll point
you to a trojan usually called something like TDSSServ.exe

 



« Why is vista suddenly asking me to backup my encrypting file systemkey? | What is hprb update »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 02:19 AM.

Feed Icon - Contact Us - VistaBanter Home - FAQ - Links - Privacy Statement - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2010 Vista Banter.
The comments are property of their posters.