Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirects to fake/wrong sites


  • This topic is locked This topic is locked
2 replies to this topic

#1 mmmm2446

mmmm2446

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 06 April 2009 - 06:48 AM

I am searching using google in firefox. I have not tested IE or other search engines. About 50% of the search results get redirected to a commercial site/fake site. For example, I might search on "Garmin Maps" and choose the third result which should take me to Garmins website. It redirects me to a Bizrate.com with some garmin related commercial stuff.

I have tried Norton Antivirus, SpyDoctor, Adaware, Malwarebytes, PandaActiveScan, CleanUp, and resetting router and modem. I still have the problem. I have seen other similar problems/threads, but no one answer that seems to work for me.


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 7:39:32.93 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2444 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\documents and settings\user\my documents\qualcomm\eudora\EuShlExt.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\57pmiobj.default\
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: XUL Cache: {1B661539-E585-4C0A-87F3-A934FDB627F1} - c:\documents and settings\user\local settings\application data\{1B661539-E585-4C0A-87F3-A934FDB627F1}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-5 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-2 130424]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-31 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-31 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090331.007\IDSXpx86.sys [2009-4-2 276344]
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2009-2-8 1984]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-31 115560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-2 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-2 1095560]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2009-2-3 30720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-31 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090405.020\NAVENG.SYS [2009-4-6 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090405.020\NAVEX15.SYS [2009-4-6 876144]

=============== Created Last 30 ================

2009-04-05 19:26 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-05 19:26 <DIR> --d----- c:\program files\Panda Security
2009-04-05 14:25 <DIR> --d----- c:\program files\CleanUp!
2009-04-05 08:25 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-04-05 08:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-05 08:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 08:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-05 08:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 07:58 <DIR> --d----- C:\Garmin
2009-04-05 07:53 <DIR> --d----- c:\program files\dnrgarmin
2009-04-02 07:20 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-02 07:20 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-02 07:20 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-02 07:20 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-02 07:19 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-02 07:19 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-02 07:19 <DIR> --d----- c:\docume~1\user\applic~1\PC Tools
2009-04-02 07:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-31 19:03 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-31 19:03 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-31 19:03 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-31 19:03 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-31 19:03 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-31 19:03 <DIR> --d----- c:\program files\Symantec
2009-03-31 19:03 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-31 19:03 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-03-31 19:03 <DIR> --d----- c:\program files\Norton AntiVirus
2009-03-31 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-31 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-03-31 19:01 <DIR> --d----- c:\program files\NortonInstaller
2009-03-31 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-31 18:46 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2009-03-31 18:22 61,224 a------- c:\documents and settings\user\GoToAssistDownloadHelper.exe
2009-03-30 19:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-30 19:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-30 19:15 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 09:48 16 a------- c:\windows\Thufuke.bin
2009-03-29 09:48 1,258 a------- c:\windows\Cvoce.dat
2009-03-25 20:18 <DIR> --d----- c:\docume~1\user\applic~1\Ace
2009-03-25 20:17 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-03-25 20:17 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-03-25 20:17 <DIR> --d----- c:\program files\THQ
2009-03-22 01:19 <DIR> --d----- C:\Temp
2009-03-21 08:07 208,744 a------- c:\windows\system32\muweb.dll
2009-03-21 08:07 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-21 08:07 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-15 18:15 <DIR> --d----- C:\Softendo
2009-03-15 16:12 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-15 16:12 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-15 16:12 <DIR> --d----- c:\program files\common files\Logitech
2009-03-13 19:38 <DIR> --d----- C:\SIERRA
2009-03-13 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-03-13 18:56 <DIR> --d----- c:\documents and settings\user\LocalLow
2009-03-13 18:56 <DIR> --d----- c:\program files\TVUPlayer
2009-03-10 01:33 <DIR> --d----- c:\program files\EA SPORTS
2009-03-09 19:20 <DIR> --d----- c:\program files\NASCAR SimRacing Demo
2009-03-09 19:07 4,096 a------- c:\windows\d3dx.dat
2009-03-09 19:06 <DIR> --d----- c:\program files\Marble Blast Gold Demo
2009-03-09 18:29 <DIR> --d-h--- c:\windows\PIF
2009-03-09 07:31 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-03-09 07:31 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2009-03-09 07:31 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-03-09 07:31 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-03-09 07:31 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-03-09 07:31 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-03-09 07:31 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-03-09 07:31 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-03-09 07:31 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-03-09 07:31 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-03-09 07:31 255,848 a------- c:\windows\system32\xactengine2_6.dll
2009-03-09 07:31 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-03-09 07:30 <DIR> --d----- C:\nfsunder
2009-03-07 19:47 <DIR> --d----- c:\program files\EA GAMES
2009-03-07 19:47 <DIR> --d----- C:\NFSMWDemo
2009-03-07 08:14 <DIR> --d----- c:\program files\Microsoft Games

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 13:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-04 12:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-03 22:05 94,149 a------- c:\windows\hppins05.dat
2009-02-03 12:24 315,392 a------- c:\windows\HideWin.exe
2009-02-03 11:57 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 7:40:17.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 mmmm2446

mmmm2446
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 06 April 2009 - 11:39 AM

After reading similar threads, I will just reformat and start over. I think that will be easier. Thanks.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:11 PM

Posted 09 April 2009 - 11:25 PM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact me or a Forum Moderator via PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users