Jump to content

Recommended Posts

Vista Ultimate

Comodo FW-new install

Avira AV-new install

working on someone else's laptop that was completely infested. it had out of date firewall and antivirus. when i first saw the computer there was nothing you could do with out being in safe mode. there was no task bar, no explorer, no control over keyboard commands, etc.

it has come back from the dead minus one bothersome area. i have one thing that i cant figure out and that is a simple internet redirect page thingy. whenever i click on links or do a search it sends me somewhere. it's never anywhere malicious or pornographic but rather things like yahoo or yellowpages, etc.

i have run malwarebytes 3 times (on it's 4th run now), spybot search and destroy, adaware, and avira antivirus. each of them have come up with something everytime and i have quarantined or removed everything.

i will attach the log from hijackthis and DDS and i'm sure you guys will notice O15 Trusted Zone stuff. is that the stuff that would be redirecting me? how do i get rid of it?

side note: i was over at bleepingcomputer but didnt get a single bite. need to get cracking on resolving this so i came here.

thanks for all your help.

here is the hijackthis log followed by the DDS.txt log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:18 PM, on 2/9/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\katPCTJH\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Kat\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java

Link to post
Share on other sites

  • 1 month later...
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.