Why are my searchs going to shopping sites?

[no-logic]

Whenever I do a search on Google or Bing I get a list of sites that I searched for. But when I click on one of the links it takes me to a shopping site of some sort. Sometimes I can go back and click on it again and it goes where it is supposed to. But sometimes it never does. What the hell is wrong?

[Kindness]

Sounds like your computer is sick. Can you give me an example search string and I'll see if my results are different.

[misterhinkydink]

Whenever I do a search on Goggle or Bing

 

Are you really using Goggle?

[Kindness]

Are you really using Goggle?

 

Google Goggles is pretty .

[HackedByChinese!]

Your DNS settings have been hijacked.

 

Are you running Windows or OS X?

 

If you're on Windows, go to Start --> Run, type in "cmd," and hit Enter. Run the ipconfig /all command, copy the results, and post them here.

 

You may also want to download an anti-malware program like Malwarebytes' Anti-Malware, available at http://www.malwarebytes.org/, and run it.

[Kindness]

Holy scary avatar, HBC!

[engage757]

haha... almost as scary as no-logic's avatar!

[BassMaster General]

I had a similar thing recently.

I went into the add/remove programs list and found one that didn't belong (called ad-search or something like that). Just uninstall and delete.

My wife downloaded some logic/puzzle game and that popped up. (Pick 6 Searches or something). Hopefully your fix is just as easy!

[no-logic]

Your DNS settings have been hijacked. Are you running Windows or OS X? If you're on Windows, go to Start --> Run, type in "cmd," and hit Enter. Run the ipconfig /all command, copy the results, and post them here. You may also want to download an anti-malware program like Malwarebytes' Anti-Malware, available at http://www.malwarebytes.org/ , and run it.

Windows. I ran the suggested steps but could not get the results to copy. At least not using the right click option.

[HackedByChinese!]

 

Windows. I ran the suggested steps but could not get the results to copy. At least not using the right click option.

 

 

Click on the little icon in the upper left of the window that looks like a window with C: in it. Go down to Edit and Select All, then go back to the same menu and select Copy.

[no-logic]

Here it is:

 

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

 

C:Documents and SettingsRick.DCYFP9B1>ipconfig/all

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : DCYFP9B1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : ADMtek AN983 based ethernet adapter

Physical Address. . . . . . . . . : 00-50-BF-AE-EF-2E

 

Ethernet adapter Local Area Connection 2:

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connecti

on

Physical Address. . . . . . . . . : 00-16-76-68-58-5E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Sunday, January 24, 2010 7:31:03 PM

Lease Expires . . . . . . . . . . : Sunday, January 24, 2010 8:31:03 PM

 

C:Documents and SettingsRick.DCYFP9B1>

[HackedByChinese!]

OK, the DNS servers that your PC is pointed at are OK (they're owned by your ISP.) I would try to download and run the anti-malware program I suggested earlier.

 

Do you have any browser add-ons, like Yahoo Toolbar, Google Toolbar, etc.?

[no-logic]

OK, the DNS servers that your PC is pointed at are OK (they're owned by your ISP.) I would try to download and run the anti-malware program I suggested earlier. Do you have any browser add-ons, like Yahoo Toolbar, Google Toolbar, etc.?

No add-ons that I see. I'm using Firefox. I'll try the malware. Thanks! I have run Ad-Aware. Is that the same thing?

[no-logic]

I ran the malware scan and it came up with a bunch of stuff. But the search does the same thing.

[HackedByChinese!]

Run this: http://free.antivirus.com/hijackthis/

 

and post the resulting log.

[Ender_rpm]

 

Run this: http://free.antivirus.com/hijackthis/ and post the resulting log.

 

 

+1, hijack this works really well.

[Bluescout]

I've dealt with this stuff many times. It's usually not a big deal.

[no-logic]

 

Run this: http://free.antivirus.com/hijackthis/ and post the resulting log.

Here it is in 2 posts. See anything?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:02:19 PM, on 1/25/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32hkcmd.exe

C:WINDOWSsystem32igfxpers.exe

C:Program FilesDellMedia ExperienceDMXLauncher.exe

C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe

C:WINDOWSsystem32Rundll32.exe

C:Program FilesCreativeVoiceCenterAndreaVC.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:Program FilesNorton GhostAgentGhostTray.exe

C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

C:WINDOWSSystem32GEARSec.exe

C:WINDOWSSystem32DLADLACTRLW.EXE

C:Program FilesJavajre6injqs.exe

C:Program FilesMcAfee.comAgentmcagent.exe

C:Program FilesMcAfeeSiteAdvisorMcSACore.exe

C:Program FilesJavajre6injusched.exe

C:Program FilesCreativeMediaSourceDetectorCTDetect.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesDigital Line DetectDLG.exe

C:PROGRA~1McAfeeMSCmcmscsvc.exe

C:DOCUME~1RICK~1.DCYLOCALS~1Tempclclean.0001

c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe

c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe

C:PROGRA~1McAfeeVIRUSS~1mcshield.exe

C:Program FilesMcAfeeMPFMPFSrv.exe

C:Program FilesMcAfeeMSKMskSrver.exe

C:Program FilesNorton GhostAgentVProSvc.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesCanonCALCALMAIN.exe

C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe

C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe

C:Program FilesMessengermsmsgs.exe

c:PROGRA~1mcafeemscmcuimgr.exe

C:Program FilesLavasoftAd-AwareAAWService.exe

C:Program FilesLavasoftAd-AwareAAWTray.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:Program FilesOutlook Expressmsimn.exe

C:Program FilesMozilla Firefox 3.6 Beta 4firefox.exe

C:Documents and SettingsRick.DCYFP9B1My DocumentsDownloadsHijackThis(3).exe

[no-logic]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rr.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigySurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [VoiceCenter] "C:Program FilesCreativeVoiceCenterAndreaVC.exe" /tray

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [Norton Ghost 10.0] "C:Program FilesNorton GhostAgentGhostTray.exe"

O4 - HKLM..Run: [iSUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup

O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [mcagent_exe] C:Program FilesMcAfee.comAgentmcagent.exe /runkey

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"

O4 - HKCU..Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU..Run: [Creative Detector] "C:Program FilesCreativeMediaSourceDetectorCTDetect.exe" /R

O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_Print.html

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:Program FilesCommon FilesCreative Labs SharedServiceCreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSystem32GEARSec.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6injqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:Program FilesNorton GhostAgentVProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O24 - Desktop Component 0: (no name) - http://dsc.discovery.com/fansites/deadliestcatch/wallpaper/gallery/cornelia_1280.jpg

 

--

End of file - 10138 bytes

[VanHalen]

Looks pretty clean to me. I use two tools that have always worked to keep my PC's and servers clean. Spyware Doctor by pctools.com ($30 a year), and this free Windows cleaner tool called Ccleaner:

 

http://www.ccleaner.com

 

Whenever I used Ccleaner before I run the Spyware Doctor, I always get a clean report back from Spyware Doctor. Mainly because most adware is cookie-based, and Ccleaner cleans all that {censored} out. Make sure to run the registry cleaner feature on it.

 

I use Ccleaner once every few weeks, and my PC runs like new afterwards.

[no-logic]

Looks pretty clean to me. I use two tools that have always worked to keep my PC's and servers clean. Spyware Doctor by pctools.com ($30 a year), and this free Windows cleaner tool called Ccleaner: http://www.ccleaner.com Whenever I used Ccleaner before I run the Spyware Doctor, I always get a clean report back from Spyware Doctor. Mainly because most adware is cookie-based, and Ccleaner cleans all that {censored} out. Make sure to run the registry cleaner feature on it. I use Ccleaner once every few weeks, and my PC runs like new afterwards.

If it looks clean, any idea what may be causing my problem then?

[VanHalen]

 

If it looks clean, any idea what may be causing my problem then?

 

 

Probably some adware in a cookie that didn't get cleaned out when you ran the other adware cleaner. Try Ccleaner - it's free, and very safe.

[no-logic]

Probably some adware in a cookie that didn't get cleaned out when you ran the other adware cleaner. Try Ccleaner - it's free, and very safe.

Well that seemed to work. And it's much faster now. Thanks to all for your expertise!!!! Can I get rid of Ad-Aware now that I have the HyjackThis and Ccleaner?

[HackedByChinese!]

You can leave Ad-Aware on there without any harm. HijackThis isn't really an anti-virus or anti-malware program.

[Kindness]

So HBC, when can I bother you to help me figure out how to get my system startup time back to a manageable duration. It seems like every program I install adds itself to the startup process and now a year and a half in to running the T61 it works great once it is up and running, but the getting up and running business is pissing me off.