Search results not right

I came here from the Norton forums.
When I start IE, my home page is Yahoo, I put in a search term and the resulting links are wrong for the sites I know are out there.
ex-I put in Star Trek planets, the results should show Memory-Alpha (site) or Star Trek.com. Instead it get links to shopping sites, virus scanning sites, ect.
So far I have done the following-
1-Downloaded Malwarebytes updated it and did a full scan in safe mode. Result were 4 item, all removed, follow up scans show nothing.
2-Downloaded SuperAntispyware, updated it and did a full system scan in safe mode. Results were alot of cookies. All were removed and follow up scans show nothing.
3-Updated Norton Antivirus, ran a full system scan in safe mode. Results were nothing found.
4-Downloaded and ran Hijackthis, with the help of "Quads" over at the Norton forum, he told me what to check to fix.

That leads me to here.
One funny thing-I have IE set up so it promts me on running scripts and ActiveX controls. If I say no to scripts when IE loads up and after clicking the "Search" button, my links all come out like they should in the search results.

So I am asking you guys, what should or could I do next to fix this inconvience?

Thanks,
Tim

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
• When complete, click Select All, then choose Cure > Move incurable.
  (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

• Now put a check next to Complete scan to scan all local disks and removable media.
• In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
• When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
• Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
• In the top menu, click file and choose save report list.
• Save the DrWeb.csv report to your desktop.
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Ok here are the results.

WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Scripts;Modification of VBS.Stertor;Moved.;
weathercom_xml2.txt;C:\Program Files\HomeSeer 2\Scripts;Modification of VBS.Stertor;Moved.;
weathercom_xmlRR.txt;C:\Program Files\HomeSeer 2\Scripts;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Scripts\4 weather;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Updates2\WeatherXML2.0.2;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Updates2\WeatherXML2.0.4;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Updates2\WeatherXML2.0.4\backup;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\HomeSeer 2\Updates2\WeatherXML2.1.1;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\PooSeer\scripts;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\PooSeer\updates\WeatherXML1.0.11;Modification of VBS.Stertor;Moved.;
weathercom_xml2.txt;C:\Program Files\XXHomeSeer 2\Scripts;Modification of VBS.Stertor;Moved.;
weathercom_xmlRR.txt;C:\Program Files\XXHomeSeer 2\Scripts;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\XXHomeSeer 2\Scripts\4 weather;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\XXHomeSeer 2\Updates2\WeatherXML2.0.2;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\XXHomeSeer 2\Updates2\WeatherXML2.0.4;Modification of VBS.Stertor;Moved.;
weathercom_xml.txt;C:\Program Files\XXHomeSeer 2\Updates2\WeatherXML2.0.4\backup;Modification of VBS.Stertor;Moved.;

Yes I know I need to do some clean up : )
Thanks for helping me with this.
Tim

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

OK, dumb question.
My computer is set up to automatically logon, but I am not sure if it's the Admin account or not. I'm pretty sure it logs on as Owner.
How do I make sure?

Thanks,
Tim

Go Start > Control Panel > User Accounts and you should be able to see if your account is an Admin account.

Ran SDFix, here are the results.


SDFix: Version 1.240
Run by Owner on Mon 02/02/2009 at 03:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 15:55:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\HomeSeer 2\\Speaker.exe"="C:\\Program Files\\HomeSeer 2\\Speaker.exe:*:Enabled:HomeSeer Speaker"
"C:\\Program Files\\HomeSeer 2\\HomeSeer.exe"="C:\\Program Files\\HomeSeer 2\\HomeSeer.exe:*:Enabled:HomeSeer 2"
"C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LUALL.EXE:*:Enabled:LiveUpdate"
"C:\\Program Files\\Cinemar\\mainlobby.exe"="C:\\Program Files\\Cinemar\\mainlobby.exe:*:Enabled:MainLobby"
"C:\\Program Files\\HomeSeer 2\\hs_compatibility.exe"="C:\\Program Files\\HomeSeer 2\\hs_compatibility.exe:*:Enabled:HomeSeer 1.X Compatibility Interface"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe:*:Disabled:Zone Labs Security"
"C:\\Program Files\\PhotoDeluxe 2.0\\PD.exe"="C:\\Program Files\\PhotoDeluxe 2.0\\PD.exe:*:Disabled:Adobe PhotoDeluxe 2.0"
"C:\\Program Files\\ComponentsToGo\\C2GWHOIS\\C2GWHOIS.dll"="C:\\Program Files\\ComponentsToGo\\C2GWHOIS\\C2GWHOIS.dll:*:Disabled:C2GWHOIS.dll"
"C:\\Program Files\\HomeSeer 2\\hspi_Message_Server.exe"="C:\\Program Files\\HomeSeer 2\\hspi_Message_Server.exe:*:Enabled:hspi_Message_Server plug-in for HomeSeer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\HomeSeer 2\\html\\webcam 2000\\WebCam2000.exe"="C:\\Program Files\\HomeSeer 2\\html\\webcam 2000\\WebCam2000.exe:*:Disabled:WebCam2000 Image Server"
"C:\\Program Files\\xat.com xatshow\\xatshow.exe"="C:\\Program Files\\xat.com xatshow\\xatshow.exe:*:Disabled:xat.com xatshow"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\MLServer\\MLServer.exe"="C:\\Program Files\\MLServer\\MLServer.exe:*:Enabled:MainLobby Server"
"C:\\Program Files\\HomeSeer 2\\HsScript.exe"="C:\\Program Files\\HomeSeer 2\\HsScript.exe:*:Enabled:HsScript.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Disabled:Roxio Upnp Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 16 Feb 2005 3,112,968 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 28 May 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 28 May 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Fri 28 May 2004 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\Tim's Stuff\My Music\License Backup\drmv1key.bak"
Sat 5 Mar 2005 401 A..H. --- "C:\Documents and Settings\Owner\My Documents\Tim's Stuff\My Music\License Backup\drmv1lic.bak"
Fri 28 May 2004 312 ...H. --- "C:\Documents and Settings\Owner\My Documents\Tim's Stuff\My Music\License Backup\drmv2key.bak"
Sat 5 Mar 2005 1,536 A..H. --- "C:\Documents and Settings\Owner\My Documents\Tim's Stuff\My Music\License Backup\drmv2lic.bak"

Finished!

Thanks for helping me with this.
Tim

Run another quick scan with Malwarebytes and post the new log. Also, let us know how your computer is running.

In regular or safe mode?
Tim

In regular mode.

Here it is.

Malwarebytes' Anti-Malware 1.33
Database version: 1717
Windows 5.1.2600 Service Pack 2

2/2/2009 5:25:16 PM
mbam-log-2009-02-02 (17-25-16).txt

Scan type: Quick Scan
Objects scanned: 63643
Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,
Tim

How's your computer running now?

Still when I open Internet explorer, and my home page opens (Yahoo.com) and the "run scripts" prompt comes up, I click "yes" then perform a serch for anything, the links are still not right.

If I click "no" to the "run scripts" promt and do a search, all my links come out ok.

So no change yet.

Thanks
Tim

Try this:

• Start Internet Explorer 7.
• On the Tools menu, click Internet Options.
• On the Advanced tab, click Reset.
• In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

I am not using IE7.
Still using IE6 (on windows XP sp2)
Tim