|
Random Thoughts.....What are you thinking?
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:09:44
Firefox?
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:10:06
That's what I use, though others on these forums swear by Google Chrome.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:10:47
I use Chrome as well No better IMO
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:12:16
I used to be diehard IE only, until one of the updates *** everything up, I can't remember what anymore, but it *** something up that I used all the time (just for a comparison, think favorites no longer working) and it wouldn't let me revert to the older version, so I said *** that and got Firefox..
Haven't looked back since, shoulda done this sooner.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:13:46
Ill have to give that a go, its just frustrating , it even redirects me from MSN I hate it , time consuming
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:14:42
When you say redirect what do you mean exactly?
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:16:07
Use the search bar to locate a website, click on the website choice and redirects me to some generic search
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:17:19
I'd be lying if I said I completely understood what was going on, but I have a feeling that has to do with Malware, not browser choice. If you get the same thing happening with Chrome and Firefox, it's definitely has something to do with something on your computer, not the browsers themselves.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:18:32
I use Malwarebytes,MSE and Spyware doctor, I think it may have to do with remnants but not sure
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:19:22
Hmm.. Then I dunno.. Do you install those add-on tool bars? Or are your browsers completely stock?
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:19:52
Straight stock no special toolbars or nothing
Fenrir.Schutz
サーバ: Fenrir
Game: FFXI
Posts: 3122
By Fenrir.Schutz 2011-03-04 12:20:11
Yah it sounds like you have something hijacking your search results into another search engine (maybe one that's doing bad things to your computer.)
I use Firefox, and I opened MSIE 8 just to see what you were talking about. I typed "MSN" in the search bar, it pulled up Google as my default search tool, top link was MSN page...I clicked it and got to the MSN main page.
No redirects to another search tool at all.
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:21:29
That's odd.. I mean you already use multiple malware detections, I doubt adding another to the list would change it, I'm assuming none find anything, and if you don't have any of those toolbars installed that come packaged in other application installations, then I'm not really sure what to say.
I guess you could try out Firefox and see if the same thing happens, but I have a feeling it will.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:21:52
Ya I ran ALL my tools to clean up this morning re booted and tried it still redirected me, but...It does not do it all the time, I also Use Microsoft Malicious Software removal tool
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:23:20
I suppose it's possible, but not likely, that either what you have on your computer isn't recognized as malware, or that it's just not in any of the definitions..
Fenrir.Schutz
サーバ: Fenrir
Game: FFXI
Posts: 3122
By Fenrir.Schutz 2011-03-04 12:24:05
Lakshmi.Kinjite said: Straight stock no special toolbars or nothing
Yah you can end up with browser redirects simply through malware embedded in certain websites. If it really bothers you, you can check into HijackThis. I posted some details about it in another thread...
http://www.ffxiah.com/forum/topic/14130/cpu-usage/2/#849830
...basically it lets you examine if there are any strange URL redirects affecting your registry and start up applications (that wouldn't be detected by AV since they are embedded at the point the OS becomes active.)
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:25:03
Well....LOL that doesnt necessarily sound good at all,Ill try firefox anyways, I do infact update defs 3 x a week so if its in there i cant find it, I used regedit to look for generic definitions nothing found
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:25:10
Something else I would look into is registry changes. You'd have to Google around on the specifics, but some Malware out there changes stuff in your registry that isn't repaired by removing the malware.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:25:55
I have seen Hijack this in my registry , maybe i need to use it?
サーバ: Valefor
Game: FFXI
Posts: 14155
By Valefor.Slipispsycho 2011-03-04 12:26:48
I've never used Hijack this so you'll have to turn to Schutz or someone else on that one.
Bahamut.Dasva
サーバ: Bahamut
Game: FFXI
Posts: 13835
By Bahamut.Dasva 2011-03-04 12:28:19
Lakshmi.Kinjite said: My thought for the day..."How the hell do I get rid of these infernal Redirects on IE8?" What redirects?
Fenrir.Schutz
サーバ: Fenrir
Game: FFXI
Posts: 3122
By Fenrir.Schutz 2011-03-04 12:29:17
Ah you can run it and check...just running it analyses your system and generates a report. I can help you read the report sections if you either PM it or /paste it here.
By itself, HJT won't change your system unless you tell it to do so, so just having it analyse what's going on won't hurt things at all.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:29:39
Ones that take me to a generic search function NOT where I intended to go
Bahamut.Dasva
サーバ: Bahamut
Game: FFXI
Posts: 13835
By Bahamut.Dasva 2011-03-04 12:29:44
Valefor.Slipispsycho said: I used to be diehard IE only, until one of the updates *** everything up, I can't remember what anymore, but it *** something up that I used all the time (just for a comparison, think favorites no longer working) and it wouldn't let me revert to the older version, so I said *** that and got Firefox.. Can't remember if it was 5 or 6 but one of them sucked hard and they took forever to replace it. 7/8 run awesome. I hear good things about 9... but well see.
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:30:48
Thanks ya Ill give that a run, maybe Im just being pranoid I just dont like odd things comin up on my comp
Lakshmi.Kinjite
サーバ: Lakshmi
Game: FFXI
Posts: 55
By Lakshmi.Kinjite 2011-03-04 12:32:13
Back to work for me fellas, Thanks for all your input, Ill run HJT and post results Schutz maybe youll see something Im not familiar with
Fenrir.Schutz
サーバ: Fenrir
Game: FFXI
Posts: 3122
By Fenrir.Schutz 2011-03-04 12:39:44
Ah it's better to know anyhow. Even if it's nothing or can be 'worked-around' by using Firefox or Opera or something, it's still nice to know if you're clean.
The HJT report generates something like this...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:09 PM, on 10/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100915040908.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
--
End of file - 11047 bytes
Essentially you examine each of the "sections" (R1/R0/O1/O2/etc.) to see what is being run currently. I'll try to find that link to the system look up lists for reference.
I have to head out to work in a bit, but you can post here or send via PM. You should be able to eyeball any weird stuff also...but I'll check on it when I get back (if you don't figure it out prior!)
EDIT: Here's a tutorial on how to read the sections...
http://www.pchell.com/support/hijackthistutorial.shtml
That system look up site I linked to before seems to be down, but the German HJT support site can still help you analyse sections also...
http://www.hijackthis.de/
...can copy-paste a report there into that window to cross-reference their DB on registry items. It will highlight ones that are particularly questionable.
Odin.Liela
サーバ: Odin
Game: FFXI
Posts: 10191
By Odin.Liela 2011-03-04 20:38:16
One more week til Spring Break! Woo Hoo! One 6-8 page paper due Thursday, one 15-page minimum paper due Friday, one physics assignment, and a few lab reports and I am free for a week! I am SO gosh-darned excited!
This is a thread that I found on another website I post at. It can be really really interesting. I thought it deserved a place here.
Post your random thoughts for the day here, or anything else that intrigues you.
For starters, is it possible to give constructive critism to someone who doesn't have a neck? I totally just walked by a girl who didn't. Someone isn't getting a necklace for Valentines day!
And who decided black and white can't be colors? I want to say a racist. I really do.
Inb4thisthreadgetsreallywtf
|
|