Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google hijack?


  • This topic is locked This topic is locked
3 replies to this topic

#1 bub3

bub3

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 March 2010 - 02:58 PM

Hi,


I seem to be having a Google hijack problem. I have mostly been using IE6 (yeah, I know--I'll take care of updating that after this hijack thing is fixed), but also use Firefox 3.5 sometimes. Hijack seems to happen after I do my original search. The first Google result I click on usually works OK. Subsequent clicking on Google results takes me to random bogus looking sites. It happens almost always now when I use IE6, but only sometimes (?) with Firefox.

Other possibly relevant info: While someone put Avast on this machine for me, I have turned it off--made everything really slow.

I am not the only person using this machine - other members of my family have used it in the last couple of years - I'd never had a problem before they did.

Can you help? DDS.txt is below. Attach.txt attached, as is ark.txt.

Thanks in advance!

Bub


DDS.txt log



DDS (Ver_10-03-17.01) - NTFSx86
Run by Rena at 11:45:38.61 on Sun 03/28/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.127.12 [GMT -4:00]

AV: avast! antivirus 4.8.0 [VPS 090917-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.E

Attached Files



BC AdBot (Login to Remove)

 


#2 bub3

bub3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 28 March 2010 - 04:48 PM

Hi again,

Looks like my DDS.txt log got cut off.
And I am so sorry for the multiple posts earlier today. My computer kept giving me an error message as I tried to post.

Thanks for your consideration. Sincerely,

bub


DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rena at 11:45:38.61 on Sun 03/28/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.127.12 [GMT -4:00]
AV: avast! antivirus 4.8.0 [VPS 090917-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PRISMSVR.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rena\My Documents\Downloads\dds(3).scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.illinoisalumni.org/
uSearch Bar = hxxp://www.att.net/search/
mDefault_Page_URL = hxxp://my.att.net
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215030419115
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rena\applic~1\mozilla\firefox\profiles\zsve35gj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.illinoisalumni.org/
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
=============== Created Last 30 ================
2010-03-28 15:42:02 0 ----a-w- c:\documents and settings\rena\defogger_reenable
2010-03-23 11:12:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-23 11:12:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-23 02:29:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-03-10 12:09:22 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
==================== Find3M ====================
2010-01-17 01:02:38 411368 ----a-w- c:\windows\system32\deploytk.dll
============= FINISH: 11:47:01.08 ===============



#3 bub3

bub3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 30 March 2010 - 09:38 AM

Hi all,

Please consider this topic closed. I'll be out of touch and won't be able to act on your advice promptly. Will try again. Thanks for looking,

bub

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:54 AM

Posted 30 March 2010 - 09:52 AM

Hi bub, I am closing this topic. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users