Jump to content

Google Search Redirected


Frank

Recommended Posts

Okay,

New member, totally frustrated. Have ran Spybot, Adaware, Xoftspy and still no luck. If I search for something on Google, the first time I click on a link I either some porn site, Morwillsearch.com, or Commision Junction .com (sp?) Other sites popup every once in a while, but these are the top three that I see most often. If I close the new window, and click on the google search link again, it will take me to the page it was supposed to. Oh, i wanted to mention, when it shows me the porn site or morwill search, the url and title bar display the title of the expected web page, so you think you are going to the right page, and blamo, porno. Really disgusting type of stuff, and I am a whack job according to my buddies, so, you get the picture. anyway, any help with this darn thing would be greatly appreciated. Here is my Hijack This log, pretty sure it is the latest version. Thanks.

**********************************************

Logfile of HijackThis v1.99.1

Scan saved at 3:17:47 PM, on 12/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\devldr32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Soft Call Recorder 2.0\SOFTRECO.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\Frank\My Documents\Programs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Bho - {B00FC8A3-FC6B-4fe4-9D49-3045822380F9} - C:\WINDOWS\system32\xmojnjel.dll

O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Replicator.LNK = C:\Program Files\Karen's Replicator\PTReplicator.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase2213.cab

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{503C2792-AA23-463E-B060-6696CE7BB22D}: NameServer = 68.60.32.5,68.60.32.6

O17 - HKLM\System\CS1\Services\Tcpip\..\{503C2792-AA23-463E-B060-6696CE7BB22D}: NameServer = 68.60.32.5,68.60.32.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{503C2792-AA23-463E-B060-6696CE7BB22D}: NameServer = 68.60.32.5,68.60.32.6

O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

***********************************************

Link to post
Share on other sites

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O2 - BHO: Bho - {B00FC8A3-FC6B-4fe4-9D49-3045822380F9} - C:\WINDOWS\system32\xmojnjel.dll

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} -

O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

4. Delete the files. (if present)

C:\WINDOWS\system32\xmojnjel.dll

5. Reboot and post a new Hijackthis log here in a reply.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.