PDA

View Full Version : Google results hijacked



davesutherland
2009-02-28, 16:57
Hi,

I'm having a similar issue to the one reported in this thread:

http://forums.spybot.info/showthread.php?t=45978

The forum didn't seem to let me respond to that tread - sorry for creating a new one if it was not needed.

Below is the DDS.txt - I can attach the Attach.txt if needed - but, I can't find the button to do that :)

I hope this info is useful for others with this problem.



DDS (Ver_09-02-01.01) - FAT32x86
Run by dave at 14:43:45.78 on 28/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1944 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
SVCHOST.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\RDM+\rdmpserv.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\cygwin\bin\bash.exe
C:\Documents and Settings\David Sutherland\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 213.228.232.61:8213
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02336F51-24CA-4422-AB63-18841ADF35E6} - No File
BHO: ReadMe-BHODemon - No File
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: ReadMe-BHODemon - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: ReadMe-BHODemon - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\onspeed\PBHelper.dll
BHO: ReadMe-BHODemon - No File
BHO: {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No File
BHO: ReadMe-BHODemon - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\onspeed\components\NOWImaging.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {38D2A281-0444-433C-9ED6-A2851795F32A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - No File
TB: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
TB: {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\davids~1\startm~1\programs\startup\zoneos~1.lnk - c:\program files\zoneos\zonescreen 1.0.9.0\zsserver.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - c:\program files\ma311 pci adapter configuration utility\wlanutil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dyndns~1.lnk - c:\program files\dyndns updater\DynTray.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: USE ONBIDDER TO BID ON THIS ITEM BY CLICKING HERE - file://c:\add.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_16\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet

explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
DPF: {10D1242B-6EFF-465D-B2F6-27AB9B310929} - hxxp://www.softwrap.com/wrapper800.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145989895187
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} - file:///C:/psdk/controls/sdkinst.cab
TCP: {0725B71F-A9D8-4653-9137-F0FE36AC76B2} = 213.228.232.61
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: RDM+ - c:\program files\rdm+\notify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids~1\applic~1\mozilla\firefox\profiles\j6cparcs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 213.228.232.61
FF - prefs.js: network.proxy.http_port - 8213
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\david sutherland\application

data\mozilla\firefox\profiles\j6cparcs.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: c:\program files\java\jre1.5.0_16\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPXStandard.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R0 Hpt3xxNT;Hpt3xxNT;c:\windows\system32\drivers\Hpt3xxNT.sys [2005-3-29 39589]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-1 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-15 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 107272]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2007-2-8 132736]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [2007-2-8 4608]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 298264]
R2 CoLinuxDriver;CoLinuxDriver;d:\colinux\linux.sys [2005-2-5 135001]
R2 RDMPLocalService;RDM+ Local Service;c:\program files\rdm+\rdmpserv.exe [2007-10-19 289792]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [2009-1-13 54784]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2006-1-25 25088]
S2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2008-6-23 65536]
S2 gupdate;Google Update Service;c:\program files\google\update\GoogleUpdate.exe [2008-7-18 133104]
S3 Compingo License Service;Compingo License Service;c:\program files\common files\compingo shared\service\CompingoLicSvc.exe [2005-10-6 69632]
S3 CW10;Prism PCMCIA Wireless LAN Driver;c:\windows\system32\drivers\cw10.sys --> c:\windows\system32\drivers\CW10.sys [?]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-27 31896]
S3 Ext2Fsd;Linux ext2 File system driver;c:\windows\system32\drivers\ext2fsd.sys [2007-2-8 614400]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2009-1-13 10304]
S3 npacketdriver;Ethernet Packet Driver;c:\windows\system32\drivers\npacket.sys [2004-2-13 20244]
S3 npacketservice;Ethernet Packet Service;c:\windows\system32\npacketsvc.exe [2004-2-13 61440]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2003-8-27 364320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2008-2-1 32377]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-2-14 166720]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2004-7-10 24576]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 zonescreen;zonescreen;c:\windows\system32\drivers\zsport.sys [2008-10-3 8256]
S4 Cooperative Linux;Cooperative Linux;d:\colinux\colinux-daemon.exe [2005-2-5 369245]
S4 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2006-8-28 92952]

=============== Created Last 30 ================

2009-02-22 20:01 <DIR> --d----- c:\docume~1\davids~1\applic~1\DevPHP
2009-02-22 20:01 <DIR> --d----- c:\program files\Dev-PHP2
2009-02-20 01:43 0 a------- c:\windows\iPlayer.INI
2009-02-20 01:42 <DIR> --d----- c:\program files\InterActual
2009-02-19 09:08 186,407 a------- c:\windows\system32\nvapps.nvb
2009-02-19 09:07 181,020 a------- c:\windows\system32\nvapps.xml
2009-02-19 09:07 <DIR> --d----- c:\windows\nview
2009-02-19 09:07 446,464 a----r-- c:\windows\system32\nvuninst.exe
2009-02-19 09:07 446,464 a------- c:\windows\system32\nvudisp.exe
2009-02-19 09:07 18,070 a------- c:\windows\system32\nvdisp.nvu
2009-02-19 08:56 <DIR> --d----- c:\windows\NV25642556.TMP
2009-02-19 02:39 <DIR> --d----- c:\windows\NV3600432.TMP
2009-02-19 02:39 6,108,928 a------- c:\windows\system32\nv4_disp.dll
2009-02-19 02:39 6,557,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-02-15 21:33 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-15 21:33 1,409 a------- c:\windows\QTFont.for
2009-02-15 15:12 <DIR> --d----- c:\docume~1\davids~1\applic~1\Malwarebytes
2009-02-15 15:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-15 15:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 15:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-15 15:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 15:52 <DIR> --d----- c:\program files\iXi Tools
2009-02-14 15:48 210,496 a------- c:\windows\system32\s3mvirge.dll
2009-02-14 15:48 210,496 a------- c:\windows\system32\dllcache\s3mvirge.dll
2009-02-14 15:48 166,720 a------- c:\windows\system32\drivers\s3m.sys
2009-02-14 15:48 166,720 a------- c:\windows\system32\dllcache\s3m.sys
2009-02-14 15:48 62,496 a------- c:\windows\system32\s3mtrio.dll
2009-02-14 15:48 62,496 a------- c:\windows\system32\dllcache\s3mtrio.dll
2009-02-02 00:35 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-01 23:57 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-01 23:57 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-01 23:57 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 23:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-01 23:57 <DIR> --d----- c:\program files\AVG
2009-02-01 23:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-01 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-02-01 23:18 <DIR> --d----- c:\program files\Last.fm
2009-02-01 23:14 <DIR> --d----- c:\program files\Autorun Eater

==================== Find3M ====================

2009-01-13 22:24 23,672 a------- c:\docume~1\davids~1\applic~1\GDIPFONTCACHEV1.DAT
2009-01-13 07:29 461,747 a------- C:\Prism.3890.XP_ver.2.1.7.zip
2009-01-13 06:45 2,509,033 a------- C:\WE721-AEX_driver.zip
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-04-03 11:00 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-02-10 11:04 2,048 a------- c:\documents and settings\david sutherland\tetscore.dat
2006-02-10 11:04 2,048 a------- c:\documents and settings\david sutherland\simscore.dat
2006-02-10 11:04 40 a------- c:\documents and settings\david sutherland\score.dat

============= FINISH: 14:44:26.48 ===============

davesutherland
2009-02-28, 17:09
Should probably say - these settings are ones which I have manually enabled:



FF - prefs.js: network.proxy.http - 213.228.232.61
FF - prefs.js: network.proxy.http_port - 8213
FF - prefs.js: network.proxy.type - 1


I am currently using a proxy I run on my webserver to get round this issue.