[first page of Google hijacked] - Computers



Search Tech-Forums - link takes you to our Forum's search page.

Note: The following is only a text archive!

To view the actual forum discussion, please visit our website at http://www.tech-forums.net

Pages:1


first page of Google hijacked

(Click here to view the original thread with full colors/images)


Posted by: cerberus98

could comebody please help me. my homepage ([url]www.google.com[/url]) has been hijacked I think. When i do a search not matter what for the first page of results always brings up pages for ebay, tag.com shopping.com etc. When i click to go to the next page it brings up the right search results. I noticed that when i click search down the bottom in the status bar it says opening page [url]Http://google.com[/url] but then changes to say
opening page [url]http://61.131.54.618.cc/search.php?then[/url] the search string. i have followed all the advicein the instruction post and have removed everything it has found but i still have this problem could anyone help me

Here is my hijack this Log

Logfile of HijackThis v1.99.0
Scan saved at 3:46:20 PM, on 2/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://home.microsoft.com/search/lobby/search.asp[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://home.microsoft.com/access/allinone.asp[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com.au/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.google.com/ie[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.google.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://home.microsoft.com/access/autosearch.asp?p=%s[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://www.google.com/keyword/%s[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\system32\DSMANA~1.DLL
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acronis_True_Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O15 - Trusted Zone: [url]http://www.flybuys.com.au[/url]
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Posted by: cerberus98

i also thought i should mention ive done a scan with cws shredder and it hasnt found anything


Posted by: mobo

Rescan once again now with hijack, insert a check next to each of the following then close all other open browser windows and click "fix checked"

[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [url]http://ie.search.msn.com/[/url]{SUB_RFC1766}/srchasst/srchcust.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://home.microsoft.com/search/lobby/search.asp[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://home.microsoft.com/access/allinone.asp[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://home.microsoft.com/access/autosearch.asp?p=%s[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://www.google.com/keyword/%s[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\system32\DSMANA~1.DLL

O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
[/b]
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot


Posted by: southernlady

And post a fresh log using the new version of HiJack This, version 1.99.1. You can find it by following the link in my signature. Liz


Posted by: southernlady

Closed due to lack of activity. Liz




vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited.


PPC Management
vB Easy Archive Final - Created by Xenon