Thread: Google hijack fix did not work
View Single Post
Old 01-18-2008, 10:38 AM   #1 (permalink)
ronwin
Registered User
 
Join Date: Jan 2008
Posts: 8
OS: XP SP2


Google hijack fix did not work
Working with a badly infected computer was able to clean much of it up.
One of the remaining issues:
Any Google search yields a misdirected links page at 85.255.120.26/feed/search.
I saw this problem on another thread and tried the suggested fix to run
Fixwareout which did not work.
I am sending fixware report (attached) and hijack log with this post.
Also note that C:\WINDOWS\system32\svchost.exe is now missing and will not allow system restore to work. I will have to place that separately.
All help appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:17 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\SYSTEM32\AcroIEHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P10 /q C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\PFE0CR8M\TBO_1_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\M5FT882I\INDEX_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\R2CE2QO9\TBOFRO~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\0I63EZM6\TBOWID~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\X4ZFO6TL\_ORD_7~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\H8NYSBD3\TBO_1_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\H8NYSBD3\TBOFRO~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\MC62UIZR\TBOWID~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\JVTIM3N9\3_3_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\KPI7BAZU\F2Y_1_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\P37CKHAV\RACQUE~2.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\3193R6AS\ASHLEY~2.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\WXZYN3JB\15A76A~1.JPG C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\JVTIM3N9\215X14~
O4 - HKCU\..\Run: [StartUp] C:\WINDOWS\trayicons.exe /optimize speed
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\62OUHEVV\186_1_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\FF2DE2IB\218097~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\K0WM2K4L\62854_~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\Y9BCCSI1\PIC002~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\Y9BCCSI1\PIC017~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\BDTWBVVZ\SEE_MO~1.SH! C:\DOCUME~1\Roz\LOCALS~1\TEMPOR~1\Content.IE5\K0WM2K4L\THUMB2~3.SH!
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: hadjajr.ini
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O21 - SSODL: detachments - {01d8d081-0f76-4ab5-b5e4-9b23a709670e} - (no file)
O21 - SSODL: wmpenv - {203D5D04-1401-4CA8-BDEC-665828A6093E} - (no file)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - (no file)
O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - (no file)
O22 - SharedTaskScheduler: carolus - {} - (no file)
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - (no file)
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - (no file)
O22 - SharedTaskScheduler: curing - {3aea41ad-3ce4-48d9-acab-be40ad329e40} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8900 bytes
Attached Files
File Type: txt fixwarereport.txt (1.4 KB, 1 views)
ronwin is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here