| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
AD
Guest
Posts: n/a
|
Hi,
for the past few days, when I click on a link (in google for example), I ma redirected to a completely differnt page than what I was looking for. I have run S&D, Ad Aware,CW shredder, Kasperskh on line, Bazooka, Bug Hunte, Bid Defender, Trojan Scan and s few more. They all come back as clean. Hopefully someone here will understand this log and find out if there is an issue. Thanks in advance. AD Logfile of HijackThis v1.99.1 Scan saved at 17:03:49, on 01/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe D:\PROGRA~1\MICROS~2\wcescomm.exe D:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...suk&channel=uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.msn.co.uk/results.aspx?q=microsoft+search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-...tml?channel=uk R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...suk&channel=uk R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Antoine & Luis R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~2\wcescomm.exe" O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...t/yregucfg.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2FA7BCA6-ECB8-419C-98D1-B083F98890C9} - http://83.146.26.235/requisoft/RSCSLTV3.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {41B9D67C-AAC7-433E-8210-048F3626F1CA} - http://83.146.26.235/requisoft/RSCSLAD3.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {57DAFEB9-0D7E-4714-97EE-A6EFBE7B18CB} - http://83.146.26.235/requisoft/RSCSLMN2.CAB O16 - DPF: {59D1645F-ED6F-4F88-A4B6-C044A50FDE2B} - http://83.146.26.235/requisoft/RSCPMPO3.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6094685B-853A-4568-BA93-CBB9C7A717A2} - http://83.146.26.235/requisoft/RSCSLBD4.CAB O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {68B47E5F-DB04-441B-8DB7-05CB82693B0C} - http://83.146.26.235/requisoft/RSCSYRT2.CAB O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {738F719E-E3BE-441B-92F0-209DA29CD764} - http://83.146.26.235/requisoft/RSCSLSI1.CAB O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {929D11E3-0A68-4B66-9E4E-6D2BF905953E} - http://83.146.26.235/requisoft/RSCSLVW1.CAB O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B232797F-2A41-46CA-8393-408C700C8C9F} - http://83.146.26.235/requisoft/RSCSLFL3.CAB O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D4E5288D-099F-4B5F-9B67-E1E8BE4D19FC} - http://83.146.26.235/requisoft/RSCSLCT3.CAB O16 - DPF: {E6E3FA40-6B6F-4E07-A411-F67D53AA16CB} - http://83.146.26.235/requisoft/RSCPMPR3.CAB O16 - DPF: {FC30DE60-F8E5-4457-858B-A4285AACE66E} - http://83.146.26.235/requisoft/RSCSLSG3.CAB O16 - DPF: {FE4C4CAB-12B9-4B71-8ABC-364A6FDDB9CE} - http://83.146.26.235/requisoft/RSCSYCL3.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{74F953CF-2E5A-4C25-A805-30E8CBA7F30F}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{7744F660-182E-4EC7-B08B-56D40350BE12}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{848411B4-41E0-4EC2-9204-C44E0FEF5A96}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{8A2FDA31-7DD5-467C-8309-CF067E350E14}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0B6CF80-84D9-43C2-AB80-BC516DB4360F}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{CF92A238-288B-4521-BCAF-F13D6E3E4091}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{F53F71CF-C855-411D-BF4A-7D44AF3157B9}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC6B97F6-A00C-4387-9009-74B474220B5C}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.37 85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.37 85.255.112.93 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE |
|
|
|
|
|||
|
|||
| AD |
|
|
|
| |
|
Mike Easter
Guest
Posts: n/a
|
AD wrote:
> when I click on a link (in google for > example), I ma redirected to a completely differnt page than what I > was looking for. > Logfile of HijackThis v1.99.1 Compare and contrast posting HJT logs to general newsgroups vs to an appropriately modded webforum. - generally HJT logs are not 'welcome' in general ng/s because they are rather long and ugly and unappealing to almost all of the general ng participants - performing operations on your registry because of the advice of an unknown ng stranger who makes a suggestion, has some problems considering that general usenet ng participation is a tendency to 'walk on the wild side' and the participants are not 'vetted' as to expertise in any kind of way - appropriately modded webforums such as spywarewarrior and numerous others have guidelines for posting HJT logs, and they also have a vetting procedure for those who should be qualified to make recommendations about registry editing - general newsgroups are also not a good place to post raw spam with complete headers and unrendered spambodies, since there are more appropriate ways to present that information, which is also ugly, like HJT logs - general newsgroups such as 24hshd are a pretty good place to get advice about where to post HJT logs and raw spam - in general, most ng participants would rather discuss issues in newsgroups than a webforum, but sometimes a webforum is the place to go -- Mike Easter |
|
|
|
|
|||
|
|
|||
| Mike Easter |
|
|
|
| |
|
Frosty
Guest
Posts: n/a
|
On Thu, 1 Mar 2007 09:44:23 -0800 in 24hoursupport.helpdesk "Mike
Easter" <>, intended to write something intelligible, but instead wrote : >AD wrote: > >> when I click on a link (in google for >> example), I ma redirected to a completely differnt page than what I >> was looking for. > >> Logfile of HijackThis v1.99.1 > >Compare and contrast posting HJT logs to general newsgroups vs to an >appropriately modded webforum. > > - generally HJT logs are not 'welcome' in general ng/s because they are >rather long and ugly and unappealing to almost all of the general ng >participants I didn't open his post because 1. I don't care, and 2. even if I did I'd be less than helpful since I can barely put one foot in from of the other much less diagnose whatever it is he nedds help with. |
|
|
|
|
|||
|
|
|||
| Frosty |
|
John Wunderlich
Guest
Posts: n/a
|
"AD" <> wrote in
news:: > Hi, > for the past few days, when I click on a link (in google for > example), I ma redirected to a completely differnt page than what > I was looking for. I have run S&D, Ad Aware,CW shredder, Kasperskh > on line, Bazooka, Bug Hunte, Bid Defender, Trojan Scan and s few > more. They all come back as clean. Hopefully someone here will > understand this log and find out if there is an issue. > Thanks in advance. > AD > Go to <http://hijackthis.de> and submit your log. It will tell you what you need to fix. HTH, John |
|
|
|
|
|||
|
|
|||
| John Wunderlich |
|
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| hijack this log file | Lisa Goodman | Computer Support | 1 | 08-11-2004 01:41 AM |
| Hijack This log - what to delete? | Jeanette | Computer Support | 4 | 07-30-2004 07:15 PM |
| Need help on Hijack This log | TyzNanny | Computer Support | 1 | 06-10-2004 10:31 PM |
| Hijack This Log - Please Help | Rich Gabriele | Computer Support | 1 | 05-26-2004 06:19 PM |
| Hijack this log por favor | joevan | Computer Support | 6 | 02-20-2004 07:27 PM |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc. |
