HijackThis Log. Google Redirects.

Hello. I'm using Windows Vista and IE7 on my laptop and just recently
i've been having issues using the google search. Whenever I click on a
google link it re-directs me to an ad site of some kind. I've looked
online for solutions and alot of them have recommended the HiJackThis
program. Which I have downloaded but I do not know what to delete from
it. Here is the full log from my computer. Any help would be greatly
appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:10 PM, on 5/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: AOLTBSearch Class -
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM
Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch -
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program
Files\Dell\BAE\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}
- C:\Program Files\Google\Google Gears\Internet
Explorer\0.5.16.0\gears.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix
Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program
Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell
Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program
Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program
Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet
Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471
-"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR
3.0.30618; .NET CLR 1.1.4322)"
-"http://spongebob.nick.com/games/play/sb_fliporflop/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media
Player\Adobe Media Player.exe
O4 - Startup: Dell Dock.lnk = C:\Program
Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim
toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -
C:\Program Files\Google\Google Gears\Internet
Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings -
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google
Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578}
- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O17 -
HKLM\System\CCS\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 -
HKLM\System\CCS\Services\Tcpip\..\{392F3154-C9B3-4A3F-9DC4-1D14ED9A24EB}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O17 -
HKLM\System\CS1\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O17 -
HKLM\System\CS2\Services\Tcpip\..\{307B48A7-69CF-471C-A615-E06533CD25AF}:
NameServer = 85.255.112.103,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
85.255.112.103,85.255.112.23
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program
Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea
Electronics Corporation -
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec,
Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock
Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) -
DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix
Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c915acf98c24b7)
(gupdate1c915acf98c24b7) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown
owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11353 bytes


--
Piper8611
------------------------------------------------------------------------
Piper8611's Profile:
View this thread:

 

On Sat, 2 May 2009 23:27:07 +0530, Piper8611
<Piper8611.3rkmnb@DoNotSpam.com> wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
>Hello. I'm using Windows Vista and IE7 on my laptop and just recently
>i've been having issues using the google search. Whenever I click on a
>google link it re-directs me to an ad site of some kind. I've looked
>online for solutions and alot of them have recommended the HiJackThis
>program. Which I have downloaded but I do not know what to delete from
>it. Here is the full log from my computer. Any help would be greatly
>appreciated.
><!--colorc--><!--/colorc-->
There's nothing too bad in that log that I can see - but I'm NOT an
expert
HJT is not as well regarded as it used to be.
This is NOT - under any circumstances - the place to post logs, as you
can't get the specialist advice you need here - you need to go to a
proper malware specialist forum. (see below)
I see no mention in the log of any anti-virus - what were you running?
why is it not running now?
Download and run a decent antivirus and an anti-malware tool (each
specialist site has it's preference - read the posting instruction
before deciding which to use!

anti-malware site.....
(list nicked from Malke - sorry, oh queen of the universe! <g>)


- Posting FAQ












--
Noel Paton


Nil Carborundum Illegitemi

 

The rogue runs as a non-PNP hardware driver and so will appear in the device
manager. research 'go.google.com redirect' using another PC, and it'll point
you to a trojan usually called something like TDSSServ.exe