COVID-19
All the best products
Award winners Best 5G phone Best air purifier Best antivirus Best balance transfer credit card Best cash-back credit cards Best cordless vacuum Best fire pit Best headphones Best laptop Best massage gun Best mattress Best meal kit delivery service Best mesh Wi-Fi Best noise-canceling headphones Best office chair Best online glasses Best Peloton alternative Best printer Best router Best rowing machine Best smart home gym Best speakers Best TV Best TV streaming service Best VPN Best web hosting Best wireless earbuds
All reviews
Appliances Audio Cameras Cars Desktops Drones Headphones Laptops Media Streamers Monitors Networking Phones 5G Phones Printers Smart Home Speakers Tablets TVs VPNs Wearables & VR Web Hosting
All news
5G Apple Computers Culture Games Google Internet Microsoft Mobile Sci-Tech Security Tech Industry
More
Newsletters Now What Photo Galleries Special Features Videos
All how to
5G Mobility Appliances Computers Gaming Home Entertainment Internet Mobile Apps Personal Finance Phones Photography Security Smart Home Streaming TV Tablets Wearable Tech Q&A Forums
All personal finance
Credit Cards Taxes Budgeting Investing
All health and wellness
Fitness Sleep Healthy Eating Caregiving Personal Care
All smart home
Best smart home devices Guide to smart living Voice-powered smart home News Tour our smart apartment Tour our smart house
Product compatibility
Amazon Alexa Apple HomeKit Belkin WeMo Google Assistant Lutron Nest Philips Hue Samsung SmartThings Wink
Roadshow
Reviews Video News Pictures Recalls AutoComplete Carfection Cooley On Cars Car Audio Electric Cars Auto Buying Program
Best cars
Best Affordable Cars Best Crossovers Best Electric Cars Best Family Cars Best Fuel-Efficient Cars Best Hybrids Best Sedans Best SUVs Best Trucks
All deals
The Cheapskate Antivirus Deals Identity Theft Protection Deals Mattress Deals Meal Kit Deals Password Manager Deals Pillow Deals Prescription Glasses Deals Tax Service Deals VPN Deals Web Hosting Deals
All coupons
Adidas Coupons AliExpress Coupons DoorDash Promo Codes eBay Coupons ExpressVPN Coupons Nike Coupons Office Depot Coupons Overstock Coupons Postmates Coupons Samsung Coupons Staples Coupons Verizon Promo Codes Vistaprint Coupons Walmart Coupons
5G
Editions
English France Germany Japan Korea
Settings
My Profile Forums Sign Out
Join / Sign In
  • Forums
  • Computer Help

Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

hijackthis logfile needs reviewed please.

by bakerbarber Nov 25, 2008 12:52PM PST

Browser is getting redirect. I triend av, adaware, reg mech, blah. I removed ip destination fron dns set to auto aquire. Still getting browser redirects.

here's my log
please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:32 PM, on 11/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxcjcoms.exe
C:\Windows\system32\PSIService.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\p2phost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1ED40D-90D5-4032-BE98-5F4102DC9D35}: NameServer = 85.255.112.115;85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2ACFC9E-533B-42A7-A7E4-B6FBB25A40C0}: NameServer = 85.255.112.115;85.255.112.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B1ED40D-90D5-4032-BE98-5F4102DC9D35}: NameServer = 85.255.112.115;85.255.112.186
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxcj_device - - C:\Windows\system32\lxcjcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdnqd.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11768 bytes


Any advice would be appreciated..

Discussion is locked

1 Posts
- Collapse + Expand Details
- Collapse -
Sorry, We Don't Do HJT Logs Here..
by Grif Thomas Former Forum moderator Nov 25, 2008 1:13PM PST

Please click on the link below and visit one of the specialized forums which interpret HijackThis. Our forums don't do such.

http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167

Locking this thread.

Grif

Back to Computer Help forum

CNET Forums

Operating Systems
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Vista
  • Windows Legacy OS
  • Mac OS
  • Linux
  • Chrome OS
  • Android
Software
  • PC Applications
  • Mac Applications
  • Mobile Applications
  • Spyware, Viruses, & Security
  • Office & Productivity Software
  • Audio & Video Software
  • Photo Editing & Graphic Design
  • Browsers, E-mail, & Web Apps
Electronics & Gadgets
  • Cameras
  • Video Cameras
  • TVs & Home Theaters
  • HDTV Picture Setting
  • Smart Home & Appliances
  • Video Games & Consoles
Hardware
  • Desktops
  • Mac Desktops
  • Laptops
  • MacBooks
  • PC Hardware
  • Mac Hardware
  • Storage
  • Networking & Wireless
  • Peripherals
Tablets & Mobile Devices
  • Phones
  • Tablets
  • iPhones, iPods, & iPads
  • E-readers
  • Headphones & Mp3 Players
  • Wearable Tech
General Help
  • Computer Help
  • Computer Newbies
  • How To
  • Web Hosting, Design, & Coding
  • Internet Service Providers
  • Small business & Startups
Brand Forums
  • Avast & AVG
  • Dell
  • HP
  • LG
  • Samsung
  • Sony
Roadshow Autos
  • Car Buying Tips - Roadshow
  • Car Parts, Gadgets, & How-to's - Roadshow
  • Car News, Rumors, & Concepts - Roadshow
  • Auto Repair - Roadshow
  • Community Garage - Roadshow
Off Topic
  • The CNET Lounge
  • Speakeasy
  • Download.com Site Feedback
  • Tech Deals
  • Forum Feedback & Announcements
  • Test

Other Forums

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic

Forum Info

  • Real-Time Activity
  • Resolved Questions
  • My Tracked Discussions
  • FAQs
  • Policies
  • Moderators
MORE FROM CNET
Stimulus check updates
Upgrade to Windows 10 for free right now
Best VPN service of 2021
The best Wi-Fi routers for 2021
Windows 10 tips and tricks
About
About CNET
Newsletter
Sitemap
Careers
Help Center
Licensing
Policies
Privacy Policy
Terms of Use
Cookie Settings
Do Not Sell My Information
Follow
© 2021 CNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED.