Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/Google Search Problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 prac

prac

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2009 - 02:14 PM

Whenever I attempt to do a search via google.com or yahoo.com, or if I attempt to search via the search bar on mozilla or internet explorer, my results are redirected to a strange version of google.
All the results are the same websites, no matter what my search field is.
The sponsered links also show up in either russian or spanish sometimes.

If I attempt to click on anything on the page, such as next page, a download attempts to open for something called "setup".
This was a pretty big red flag for me.

The information bar at the bottom of the browser window appears to be retrieving its information from 2 sites:
xml.klikvip.com
bestcatalog-giam.org

So far I have run Trendmicro Housecall, Spybot, Adaware, SystemSuite, Spyware Blaster. All of them are coming up as if there is nothing wrong with my PC, which I know to be untrue.

Help is appreciated.

:::::Here Is my DDS Log:::::::

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 11:57:01.54 on Sat 06/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -7:00]

AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avanquest SystemSuite *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\system32\dllhost.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-43A4E962DC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mWinlogon: Shell=Explorer.exe rundll32.exe calc.ifo beforemain
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: XPL LinkScannerIE: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\LinkScannerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DataVault Object: {8373adc0-6330-11dd-9d77-22c856d89593} - c:\program files\avanquest\systemsuite\IE_ContextMenu_Vault.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [Steam] "c:\steam\Steam.exe" -silent
uRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\windows\temp\E_SAB.tmp" /EF "HKCU"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\ax4s3wah.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=10181&jr=true
FF - component: c:\program files\avanquest\systemsuite\firefox\components\SearchShield.dll
FF - component: c:\program files\avanquest\systemsuite\firefox3dv\components\VaultComponent.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: XUL Cache: {3007344C-C272-4273-B8DC-841B465B2D74} - c:\documents and settings\owner.your-43a4e962dc\local settings\application data\{3007344C-C272-4273-B8DC-841B465B2D74}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-20 64160]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-6-17 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-6-17 202928]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-10-17 353672]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-3 464264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2008-10-28 886056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-6-17 69168]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-11-20 60272]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-9-22 20225]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]

=============== Created Last 30 ================

2009-06-20 11:12 <DIR> --d----- c:\windows\pss
2009-06-20 01:51 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-20 01:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 12:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-19 12:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-19 12:15 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 11:50 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-17 22:28 69,168 a------- c:\windows\system32\drivers\sbapifs.sys
2009-06-17 22:28 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-06-17 22:28 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-06-17 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-06-17 22:24 <DIR> --d-h--- C:\_Backup
2009-06-17 22:24 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Avanquest
2009-06-17 22:24 <DIR> --d----- c:\program files\Avanquest update
2009-06-17 22:24 <DIR> --d----- c:\program files\common files\AntiVirus
2009-06-17 22:24 <DIR> --d----- c:\program files\Avanquest
2009-06-17 21:15 <DIR> --d----- c:\documents and settings\owner.your-43a4e962dc\.housecall6.6
2009-06-17 21:12 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-17 20:00 704,288 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-17 20:00 45,856 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-17 20:00 10,508 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-17 20:00 5,300 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 19:59 0 a------- C:\rollback.ini
2009-06-17 18:22 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-06-17 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS
2009-06-17 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-06-17 14:47 35,328 a------- c:\windows\system32\drivers\smss.exe
2009-06-14 18:14 <DIR> --dsh--- c:\documents and settings\owner.your-43a4e962dc\PrivacIE
2009-06-14 15:07 0 a------- c:\windows\system32\AVR09.exe
2009-06-14 15:06 22,528 a------- c:\windows\system32\calc.ifo
2009-06-09 17:20 <DIR> --dsh--- c:\documents and settings\owner.your-43a4e962dc\IETldCache
2009-06-09 13:05 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 13:05 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 13:05 <DIR> --d----- c:\windows\ie8updates
2009-06-09 13:04 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-09 13:03 <DIR> -cd-h--- c:\windows\ie8
2009-06-01 13:58 <DIR> --d----- c:\program files\2K Games

==================== Find3M ====================

2009-06-20 01:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-14 14:08 41,694 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-28 23:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2005-09-20 11:05 456,768 a------- c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 19:58 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 19:58 26,112 a------- c:\windows\inf\wg311t\install.exe
2009-01-07 22:15 109 a--sh--- c:\windows\system32\1623327608.dat

============= FINISH: 11:58:02.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 prac

prac
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 June 2009 - 11:18 PM

I was able to finally remedy this on my own using Malwarebytes Anti-malware as well as Kinesky.

Hope this maybe helps someone else struggling with this issue.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 21 June 2009 - 03:06 AM

Thank you for letting us know prac. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users