Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results being redirected


  • Please log in to reply
4 replies to this topic

#1 anissa7118

anissa7118

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 September 2010 - 09:28 PM

Hi there! I'm trying to help my non-tech-savvy boss fix his computer. Whenever we do a Google search and click on one of the search results, the browser goes to a site that's vaguely similar to the search terms, but is not the same URL as the result we clicked on. For example, if I search Google for "bleeping computer site" the first search result has a URL of www.bleepingcomputer.com. But if I click there, I'm taken to this URL instead: http://0310yc.com/default.pk?tsearch=bleep...arch_button.y=0

We're running Windows XP Pro and Internet Explorer 6 on a Dell Optiplex GX270. (No, we can't upgrade IE - one of our company sites is compatible ONLY with IE 6. Not IE5, or IE7, or Firefox or Chrome. Don't ask why, we all think it's ridiculous.) I've scanned the computer with up-to-date versions of Avast Antivirus, Malwarebytes Anti-Malware, and Spybot Search and Destroy. None has discovered the problem. Our company's IT department requires us to mail them the computer, which means we wouldn't have one for a couple of weeks, and that's not really feasible. Tech wizards of Bleeping Computer, you are my only hope!

BC AdBot (Login to Remove)

 


#2 anissa7118

anissa7118
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 September 2010 - 09:30 PM

OK, I had to try five different times to get that to post. Apparently my HijackThis log file is too long? Here it is, in parts (sorry for the multi post, if I try to put it all in one I get a message saying that the connection was reset):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:03 PM, on 9/8/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\enstart.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\PBMS\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

#3 anissa7118

anissa7118
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 September 2010 - 09:32 PM

Part 2:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect2.pb.com/dana-na/auth/url_default/welcome.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1039
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-21-1370358948-2997871624-3282436667-1009\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\EMPLOY~1\LOCALS~1\Temp\AutoDetect.exe /active (User 'Employee Guest')
O4 - HKUS\S-1-5-18\..\Run: [cjbuewhm] C:\Documents and Settings\PBMS\Local Settings\Application Data\vwvkqnxsm\xbykaqitssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cjbuewhm] C:\Documents and Settings\PBMS\Local Settings\Application Data\vwvkqnxsm\xbykaqitssd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE



Part 3:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

#4 anissa7118

anissa7118
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 September 2010 - 09:36 PM

Great, I can't get ANY of the rest of the log to post! I'm constantly getting a message that the connection was reset. I switched over to Firefox because IE6 was being a pain.

I am suspicious of this particular entry: R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

Could that be the problem?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 AM

Posted 08 September 2010 - 09:50 PM

Perhaps this will work easier. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users