Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Search - Bogus Google results


  • This topic is locked This topic is locked
2 replies to this topic

#1 marymart

marymart

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 29 December 2008 - 05:37 PM

When I do a google search, I get results that are not from google. Same search on other computer gives correct results.

Problem started on 12/27/08, about midday.

Bogus google results are from such website as:

toseeka

couponmountain

shipica


I ran spybot and malwarebytes scans. Maywalbytes found nothing. Spybot found a couple of things. I let it fix those things, but problem is still here.

Thanks in advance for any help you can provide.


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 14:04:16.81 on Mon 12/29/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1389 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WLTRAY .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.Mary-Laptop\Desktop\DONE\My Downloads\VIRUS\HIJACK_THIS\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.Mary-Laptop\Local Settings\Temporary Internet Files\Content.IE5\47JJEGL1\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6454
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6454
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6454
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: emirepair.com\www
Trusted Zone: powersupplyrepair.com\qa
Trusted Zone: powersupplyrepair.com\www
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.mar\applic~1\mozilla\firefox\profiles\rg0keqdo.default\

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-9-21 23200]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE" [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-7-10 369688]

=============== Created Last 30 ================

2008-12-29 12:35 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-29 12:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-29 12:33 <DIR> --d----- c:\program files\Safer Networking
2008-12-29 11:52 <DIR> --d----- c:\docume~1\owner~1.mar\applic~1\Malwarebytes
2008-12-29 11:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-29 11:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 11:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 11:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-29 11:43 <DIR> --d----- c:\program files\ACW
2008-12-29 11:43 <DIR> --d----- C:\6131378d8fca9a16b19d
2008-12-29 11:33 <DIR> --d----- c:\program files\Support Tools
2008-12-28 19:20 <DIR> --d----- c:\program files\Ontrack
2008-12-01 21:07 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-01 21:07 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-01 21:06 <DIR> --d----- c:\program files\common files\Nikon

==================== Find3M ====================

2008-12-29 11:33 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 13:07 23,052 a------- c:\windows\system32\wltray.exe
2008-11-22 08:38 215,616 a------- c:\windows\system32\drivers\truecrypt.sys
2008-11-05 14:33 34,352 a------- c:\docume~1\owner~1.mar\applic~1\GDIPFONTCACHEV1.DAT
2001-11-19 13:14 61,440 a------- c:\windows\inf\i386\gl.dll
2001-10-29 15:30 245,760 a------- c:\windows\inf\i386\viceo.dll
2001-08-17 18:43 32,768 a------- c:\windows\inf\i386\Wiamicro.dll

============= FINISH: 14:04:46.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 marymart

marymart
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 04 January 2009 - 09:18 PM

I have decided to just reformat my hard drive and reinstall the operating system. Thanks just the same!

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 05 January 2009 - 09:52 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HijackThis Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users