Members no-logic Posted January 25, 2010 Members Share Posted January 25, 2010 Whenever I do a search on Google or Bing I get a list of sites that I searched for. But when I click on one of the links it takes me to a shopping site of some sort. Sometimes I can go back and click on it again and it goes where it is supposed to. But sometimes it never does. What the hell is wrong? Link to comment Share on other sites More sharing options...
Moderators Kindness Posted January 25, 2010 Moderators Share Posted January 25, 2010 Sounds like your computer is sick. Can you give me an example search string and I'll see if my results are different. Link to comment Share on other sites More sharing options...
Members misterhinkydink Posted January 25, 2010 Members Share Posted January 25, 2010 Whenever I do a search on Goggle or Bing Are you really using Goggle? Link to comment Share on other sites More sharing options...
Moderators Kindness Posted January 25, 2010 Moderators Share Posted January 25, 2010 Are you really using Goggle? Google Goggles is pretty . Link to comment Share on other sites More sharing options...
Members HackedByChinese! Posted January 25, 2010 Members Share Posted January 25, 2010 Your DNS settings have been hijacked. Are you running Windows or OS X? If you're on Windows, go to Start --> Run, type in "cmd," and hit Enter. Run the ipconfig /all command, copy the results, and post them here. You may also want to download an anti-malware program like Malwarebytes' Anti-Malware, available at http://www.malwarebytes.org/, and run it. Link to comment Share on other sites More sharing options...
Moderators Kindness Posted January 25, 2010 Moderators Share Posted January 25, 2010 Holy scary avatar, HBC! Link to comment Share on other sites More sharing options...
Members engage757 Posted January 25, 2010 Members Share Posted January 25, 2010 haha... almost as scary as no-logic's avatar! Link to comment Share on other sites More sharing options...
Members BassMaster General Posted January 25, 2010 Members Share Posted January 25, 2010 I had a similar thing recently.I went into the add/remove programs list and found one that didn't belong (called ad-search or something like that). Just uninstall and delete.My wife downloaded some logic/puzzle game and that popped up. (Pick 6 Searches or something). Hopefully your fix is just as easy! Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 Your DNS settings have been hijacked.Are you running Windows or OS X?If you're on Windows, go to Start --> Run, type in "cmd," and hit Enter. Run the ipconfig /all command, copy the results, and post them here. You may also want to download an anti-malware program like Malwarebytes' Anti-Malware, available at http://www.malwarebytes.org/, and run it.Windows. I ran the suggested steps but could not get the results to copy. At least not using the right click option. Link to comment Share on other sites More sharing options...
Members HackedByChinese! Posted January 25, 2010 Members Share Posted January 25, 2010 Windows. I ran the suggested steps but could not get the results to copy. At least not using the right click option. Click on the little icon in the upper left of the window that looks like a window with C: in it. Go down to Edit and Select All, then go back to the same menu and select Copy. Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 Here it is: Microsoft Windows XP [Version 5.1.2600]© Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsRick.DCYFP9B1>ipconfig/all Windows IP Configuration Host Name . . . . . . . . . . . . : DCYFP9B1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : ADMtek AN983 based ethernet adapter Physical Address. . . . . . . . . : 00-50-BF-AE-EF-2E Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-16-76-68-58-5E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 Lease Obtained. . . . . . . . . . : Sunday, January 24, 2010 7:31:03 PM Lease Expires . . . . . . . . . . : Sunday, January 24, 2010 8:31:03 PM C:Documents and SettingsRick.DCYFP9B1> Link to comment Share on other sites More sharing options...
Members HackedByChinese! Posted January 25, 2010 Members Share Posted January 25, 2010 OK, the DNS servers that your PC is pointed at are OK (they're owned by your ISP.) I would try to download and run the anti-malware program I suggested earlier. Do you have any browser add-ons, like Yahoo Toolbar, Google Toolbar, etc.? Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 OK, the DNS servers that your PC is pointed at are OK (they're owned by your ISP.) I would try to download and run the anti-malware program I suggested earlier.Do you have any browser add-ons, like Yahoo Toolbar, Google Toolbar, etc.?No add-ons that I see. I'm using Firefox. I'll try the malware. Thanks! I have run Ad-Aware. Is that the same thing? Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 I ran the malware scan and it came up with a bunch of stuff. But the search does the same thing. Link to comment Share on other sites More sharing options...
Members HackedByChinese! Posted January 25, 2010 Members Share Posted January 25, 2010 Run this: http://free.antivirus.com/hijackthis/ and post the resulting log. Link to comment Share on other sites More sharing options...
Members Ender_rpm Posted January 25, 2010 Members Share Posted January 25, 2010 Run this: http://free.antivirus.com/hijackthis/and post the resulting log. +1, hijack this works really well. Link to comment Share on other sites More sharing options...
Members Bluescout Posted January 25, 2010 Members Share Posted January 25, 2010 I've dealt with this stuff many times. It's usually not a big deal. Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 Run this: http://free.antivirus.com/hijackthis/and post the resulting log.Here it is in 2 posts. See anything? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:02:19 PM, on 1/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesCommon FilesSymantec SharedccSetMgr.exeC:Program FilesCommon FilesSymantec SharedccEvtMgr.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32hkcmd.exeC:WINDOWSsystem32igfxpers.exeC:Program FilesDellMedia ExperienceDMXLauncher.exeC:Program FilesCreativeSBAudigySurround MixerCTSysVol.exeC:WINDOWSsystem32Rundll32.exeC:Program FilesCreativeVoiceCenterAndreaVC.exeC:Program FilesCommon FilesSymantec SharedccApp.exeC:WINDOWSsystem32CTsvcCDA.exeC:Program FilesNorton GhostAgentGhostTray.exeC:Program FilesCommon FilesInstallShieldUpdateServiceissch.exeC:WINDOWSSystem32GEARSec.exeC:WINDOWSSystem32DLADLACTRLW.EXEC:Program FilesJavajre6injqs.exeC:Program FilesMcAfee.comAgentmcagent.exeC:Program FilesMcAfeeSiteAdvisorMcSACore.exeC:Program FilesJavajre6injusched.exeC:Program FilesCreativeMediaSourceDetectorCTDetect.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesDigital Line DetectDLG.exeC:PROGRA~1McAfeeMSCmcmscsvc.exeC:DOCUME~1RICK~1.DCYLOCALS~1Tempclclean.0001c:PROGRA~1COMMON~1mcafeemnamcnasvc.exec:PROGRA~1COMMON~1mcafeemcproxymcproxy.exeC:PROGRA~1McAfeeVIRUSS~1mcshield.exeC:Program FilesMcAfeeMPFMPFSrv.exeC:Program FilesMcAfeeMSKMskSrver.exeC:Program FilesNorton GhostAgentVProSvc.exeC:WINDOWSsystem32svchost.exeC:Program FilesCanonCALCALMAIN.exeC:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exeC:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeC:Program FilesMessengermsmsgs.exec:PROGRA~1mcafeemscmcuimgr.exeC:Program FilesLavasoftAd-AwareAAWService.exeC:Program FilesLavasoftAd-AwareAAWTray.exeC:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exeC:Program FilesOutlook Expressmsimn.exeC:Program FilesMozilla Firefox 3.6 Beta 4firefox.exeC:Documents and SettingsRick.DCYFP9B1My DocumentsDownloadsHijackThis(3).exe Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rr.com/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLLO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dllO4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exeO4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exeO4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exeO4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exeO4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /rO4 - HKLM..Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXEO4 - HKLM..Run: [VoiceCenter] "C:Program FilesCreativeVoiceCenterAndreaVC.exe" /trayO4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"O4 - HKLM..Run: [Norton Ghost 10.0] "C:Program FilesNorton GhostAgentGhostTray.exe"O4 - HKLM..Run: [iSUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startupO4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -startO4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXEO4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkeyO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"O4 - HKCU..Run: [setDefaultMIDI] MIDIDef.exeO4 - HKCU..Run: [Creative Detector] "C:Program FilesCreativeMediaSourceDetectorCTDetect.exe" /RO4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startupO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXEO8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.htmlO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dllO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exeO23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSystem32GEARSec.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6injqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exeO23 - Service: Norton Ghost - Symantec Corporation - C:Program FilesNorton GhostAgentVProSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exeO24 - Desktop Component 0: (no name) - http://dsc.discovery.com/fansites/deadliestcatch/wallpaper/gallery/cornelia_1280.jpg --End of file - 10138 bytes Link to comment Share on other sites More sharing options...
Members VanHalen Posted January 25, 2010 Members Share Posted January 25, 2010 Looks pretty clean to me. I use two tools that have always worked to keep my PC's and servers clean. Spyware Doctor by pctools.com ($30 a year), and this free Windows cleaner tool called Ccleaner: http://www.ccleaner.com Whenever I used Ccleaner before I run the Spyware Doctor, I always get a clean report back from Spyware Doctor. Mainly because most adware is cookie-based, and Ccleaner cleans all that {censored} out. Make sure to run the registry cleaner feature on it. I use Ccleaner once every few weeks, and my PC runs like new afterwards. Link to comment Share on other sites More sharing options...
Members no-logic Posted January 25, 2010 Author Members Share Posted January 25, 2010 Looks pretty clean to me. I use two tools that have always worked to keep my PC's and servers clean. Spyware Doctor by pctools.com ($30 a year), and this free Windows cleaner tool called Ccleaner:http://www.ccleaner.comWhenever I used Ccleaner before I run the Spyware Doctor, I always get a clean report back from Spyware Doctor. Mainly because most adware is cookie-based, and Ccleaner cleans all that {censored} out. Make sure to run the registry cleaner feature on it.I use Ccleaner once every few weeks, and my PC runs like new afterwards.If it looks clean, any idea what may be causing my problem then? Link to comment Share on other sites More sharing options...
Members VanHalen Posted January 25, 2010 Members Share Posted January 25, 2010 If it looks clean, any idea what may be causing my problem then? Probably some adware in a cookie that didn't get cleaned out when you ran the other adware cleaner. Try Ccleaner - it's free, and very safe. Link to comment Share on other sites More sharing options...
Members no-logic Posted January 26, 2010 Author Members Share Posted January 26, 2010 Probably some adware in a cookie that didn't get cleaned out when you ran the other adware cleaner. Try Ccleaner - it's free, and very safe.Well that seemed to work. And it's much faster now. Thanks to all for your expertise!!!! Can I get rid of Ad-Aware now that I have the HyjackThis and Ccleaner? Link to comment Share on other sites More sharing options...
Members HackedByChinese! Posted January 26, 2010 Members Share Posted January 26, 2010 You can leave Ad-Aware on there without any harm. HijackThis isn't really an anti-virus or anti-malware program. Link to comment Share on other sites More sharing options...
Moderators Kindness Posted January 26, 2010 Moderators Share Posted January 26, 2010 So HBC, when can I bother you to help me figure out how to get my system startup time back to a manageable duration. It seems like every program I install adds itself to the startup process and now a year and a half in to running the T61 it works great once it is up and running, but the getting up and running business is pissing me off. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.