Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results redirecting...


  • This topic is locked This topic is locked
2 replies to this topic

#1 mosdunk

mosdunk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 14 July 2009 - 11:16 PM

Hello, BleepingComputer!

I'm having a problem where the most of the results from search engines (ie Google, Yahoo) are being redirected to 78.41.205.57 (displayed on the taskbar when clicking a result), resulting in advertising pages that are not related to the results at all. Furthermore, I have to click the 'back' button and re-click the result several times before finally reaching the required page. This problem only occurs on the first page of results (2nd page onwards do not get redirected) and doesn't occur at all on other sites (wikipedia, deviantart, ask.com).
Both Firefox and Internet Explorer are affected.

I have tried Anti-malware bytes and it did not return any results. Same goes for Norton.
Have cleared all temp files and cookies to no avail.

Your help will be much appreciated.


Below is the DDS.txt, attached is attach.txt

-----
DDS (Ver_09-06-26.01) - NTFSx86
Run by <name removed> at 14:08:38.73 on 07/15/2009 Wed
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.iprimus.com.au
mDefault_Page_URL = hxxp://www.iprimus.com.au
mStart Page = hxxp://www.iprimus.com.au
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashget\jccatch.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TosHKCW.exe] c:\program files\toshiba\wireless hotkey\TosHKCW.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TMEEJME.EXE] c:\program files\toshiba\tme3\TMEEJME.EXE
mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS32.EXE /Client
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Advanced Tools Check] c:\progra~1\norton~1\advtools\ADVCHK.EXE
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: 使用网际快车下载 - c:\progra~1\flashget\jc_link.htm
IE: 使用网际快车下载全部链接 - c:\progra~1\flashget\jc_all.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\lsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anniez~1\applic~1\mozilla\firefox\profiles\4t3z5q8u.default\
FF - prefs.js: browser.startup.homepage - about:blank

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-15 13:58 <DIR> --d----- C:\HJT
2009-07-13 17:15 <DIR> --d----- c:\windows\pss
2009-07-09 17:24 <DIR> --d----- c:\docume~1\anniez~1\applic~1\Malwarebytes
2009-07-09 17:23 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 17:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-09 17:23 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-06 16:46 180,224 a------- c:\windows\system32\lsp.dll
2009-07-05 21:15 1 a------- c:\windows\934fdfg34fgjf23
2009-07-05 21:14 <DIR> --d----- c:\program files\drv
2009-07-05 21:14 2 a------- c:\windows\0101120101464849.dat
2009-07-05 21:14 2 a------- c:\windows\010112010146118114.dat

==================== Find3M ====================

2009-04-07 21:00 28,848 a------- c:\docume~1\anniez~1\applic~1\GDIPFONTCACHEV1.DAT
2008-08-04 20:28 1,166 a------- c:\program files\Easy Paint Tool SAI V1.0.2d (繪蒜燚茆鈧體) 繁中化綠色版.txt
2008-08-04 20:09 59,157 a------- c:\program files\Easy Paint Tool SAI V1.0.2d.jpg

============= FINISH: 14:09:27.12 ===============

Attached Files


Edited by mosdunk, 14 July 2009 - 11:25 PM.


BC AdBot (Login to Remove)

 


m

#2 mosdunk

mosdunk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 July 2009 - 02:47 AM

Nevermind, ended up reinstalling windows. Everything's fine now.

Please close. Thanks.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:40 AM

Posted 22 July 2009 - 09:18 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users