Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Same prob w/ googl hijack as fuzzy

Started by nazdravi , Mar 04 2005 08:18 AM

  • This topic is locked This topic is locked

#1
nazdravi
Posted 04 March 2005 - 08:18 AM

nazdravi

    New Member

  • Member
  • Pip
  • 2 posts
Sorry missed the part about not posting in another user's thread . . . :tazz:

I have been following fuzzy's thread since Wednesday as I have the same problem. While I've tried the suggestions, I'm still experiencing the "googl" hijack.

Although I checked the box on "cccleaner" to delete autocomplete entries, it still autocompleted my login to this site.

I have added "mycrasoft.biz" to my "hosts" file to redirect the hikack to 127.0.0.1

After restarting my machine, I opened IE and typed http://www.google.com; after a long pause the "googl" page appeared.


System Info:
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 1 Build 2600
OS Manufacturer Microsoft Corporation
System Name AMLIMPASFPMPS5
System Manufacturer Dell Computer Corporation
System Model Latitude D600
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Dell Computer Corporation A14, 9/7/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\System32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.1106 (xpsp1.020828-1920)"
User Name BP1\rezabejd
Time Zone Eastern Standard Time
Total Physical Memory 512.00 MB
Available Physical Memory 167.22 MB
Total Virtual Memory 1.72 GB
Available Virtual Memory 1.06 GB
Page File Space 1.22 GB
Page File C:\pagefile.sys


Logfile of HijackThis v1.99.1
Scan saved at 8:13:25 AM, on 3/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PIPC\BIN\pilogsrv.exe
C:\Program Files\PIPC\BIN\pimsgss.exe
C:\Program Files\PIPC\BIN\pinetmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\wscript.exe
C:\Program Files\iPass\iPassConnect BP\downloader\ipccheck.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\FileNET\IDM\fnsysmgr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\rezabejd\My Documents\download\spybot\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.....asp?Button=Yes
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bpweb.bp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.....asp?Button=Yes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bpweb.bp.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Nooo-co
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bp1houpa001.bp.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.bp.com;*.*.*.bp.com;*.arco.com;*.amoco.com;*.*.amoco.com;*.*.*.amoco.com;*.*.mobil.com;*.*.*.mobil.com;osir.com;*.osir.com;*.*.osir.com;bpamoco.net;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ICFCheck] wscript.exe //Job:main C:\WINDOWS\ICF\ICF.WSF
O4 - HKLM\..\Run: [C2C MaX Compression] C:\Program Files\MaXCompression\RegMaXComp.exe /Q
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect BP\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [Prism Suite 2000 Current User Settings] C:\Program Files\PS2000\PCUS.EXE
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
O4 - HKLM\..\Run: [Pipcxladdn] "C:\Program Files\PIPC\CustomAction\PIDatalink\exceladdin.exe" /R "C:\Program Files\PIPC\Excel\pipc32.xll"
O4 - HKLM\..\Run: [0FileNET System Manager] C:\Program Files\FileNET\IDM\fnsysmgr.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/p...r/v5/Ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O17 - HKLM\Software\..\Telephony: DomainName = bp1.ad.bp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com
O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: OracleORACLE8_HOMEClientCache - Unknown owner - C:\oracle\Ora81\bin\ONRSD.EXE
O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\Program Files\PIPC\BIN\pilogsrv.exe
O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pimsgss.exe
O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pinetmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements

#2
ScHwErV
Posted 17 March 2005 - 11:02 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Hello and welcome to GTG!

It has been awhile since you started this thread.

If you have been helped elsewhere or have otherwise resolved your issue, please post back and let us know so we can close the thread.

Otherwise, please post back with a fresh HiJackThis log!

Good Luck

ScHwErV :tazz:
  • 0

#3
ScHwErV
Posted 13 April 2005 - 09:18 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending a Staff Member a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

ScHwErV :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP