Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Same prob w/ googl hijack as fuzzy

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
Sorry missed the part about not posting in another user's thread . . . :tazz:

I have been following fuzzy's thread since Wednesday as I have the same problem. While I've tried the suggestions, I'm still experiencing the "googl" hijack.

Although I checked the box on "cccleaner" to delete autocomplete entries, it still autocompleted my login to this site.

I have added "mycrasoft.biz" to my "hosts" file to redirect the hikack to

After restarting my machine, I opened IE and typed http://www.google.com; after a long pause the "googl" page appeared.

System Info:
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 1 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Computer Corporation
System Model Latitude D600
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Dell Computer Corporation A14, 9/7/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\System32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.1106 (xpsp1.020828-1920)"
User Name BP1\rezabejd
Time Zone Eastern Standard Time
Total Physical Memory 512.00 MB
Available Physical Memory 167.22 MB
Total Virtual Memory 1.72 GB
Available Virtual Memory 1.06 GB
Page File Space 1.22 GB
Page File C:\pagefile.sys

Logfile of HijackThis v1.99.1
Scan saved at 8:13:25 AM, on 3/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PIPC\BIN\pilogsrv.exe
C:\Program Files\PIPC\BIN\pimsgss.exe
C:\Program Files\PIPC\BIN\pinetmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iPass\iPassConnect BP\downloader\ipccheck.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\FileNET\IDM\fnsysmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\rezabejd\My Documents\download\spybot\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.....asp?Button=Yes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bpweb.bp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.....asp?Button=Yes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bpweb.bp.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Nooo-co
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bp1houpa001.bp.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.bp.com;*.*.*.bp.com;*.arco.com;*.amoco.com;*.*.amoco.com;*.*.*.amoco.com;*.*.mobil.com;*.*.*.mobil.com;osir.com;*.osir.com;*.*.osir.com;bpamoco.net;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ICFCheck] wscript.exe //Job:main C:\WINDOWS\ICF\ICF.WSF
O4 - HKLM\..\Run: [C2C MaX Compression] C:\Program Files\MaXCompression\RegMaXComp.exe /Q
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect BP\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [Prism Suite 2000 Current User Settings] C:\Program Files\PS2000\PCUS.EXE
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
O4 - HKLM\..\Run: [Pipcxladdn] "C:\Program Files\PIPC\CustomAction\PIDatalink\exceladdin.exe" /R "C:\Program Files\PIPC\Excel\pipc32.xll"
O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/p...r/v5/Ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O17 - HKLM\Software\..\Telephony: DomainName = bp1.ad.bp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: OracleORACLE8_HOMEClientCache - Unknown owner - C:\oracle\Ora81\bin\ONRSD.EXE
O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\Program Files\PIPC\BIN\pilogsrv.exe
O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pimsgss.exe
O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pinetmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0




    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Hello and welcome to GTG!

It has been awhile since you started this thread.

If you have been helped elsewhere or have otherwise resolved your issue, please post back and let us know so we can close the thread.

Otherwise, please post back with a fresh HiJackThis log!

Good Luck

ScHwErV :tazz:
  • 0



    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending a Staff Member a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

ScHwErV :tazz:
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP