Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Search brings up False websites


  • Please log in to reply

#1
crazychilean7

crazychilean7

    Member

  • Member
  • PipPip
  • 30 posts
Whenever I search google it brings up the correct search titles but the the website addresses are wrong. It brings up addresses like:
www.searchexplorer.com
www.hotjobs.com
www.info.com
www.maximumpc.com

I'm not sure what's wrong. I saw other posts similar to this but it sounded like it was sort of a computer to computer basis (certain programs, anti-viruses, etc) I already downloaded malwarebytes and ran it but it didn't fix it. Please help. Thanks.

Jason

Here is the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:29 PM, on 9/25/2002
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\laptopuser\Desktop\Antivirus\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.design.iastate.edu/
O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [se] C:\WINDOWS\system\se.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3818 bytes





Also here is combofix log:

ComboFix 09-01-21.04 - laptopuser 2009-01-28 20:21:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.255.103 [GMT -6:00]
Running from: c:\documents and settings\laptopuser\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\windows\IE4 Error Log.txt
c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2005-01-05 18:54 1,663 ----a-w c:\windows\inf\COM76.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2003-04-14 1498032]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2001-08-23 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-24 4800512]
"se"="c:\windows\system\se.exe" [2002-09-22 30208]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-12-04 1370000]
"nwiz"="nwiz.exe" [2003-06-24 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\dop.exe"=
"c:\\WINDOWS\\system\\se.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2002-09-23 142592]
R3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2005-01-05 46108]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [2004-04-12 174464]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\System32\svchost.exe -k netsvcs [2001-08-23 12800]
S4 Auddf_tqnrt;Auddf_tqnrt; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.design.iastate.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 14:37:56
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\ODBC32.dll
c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'lsass.exe'(608)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\System32\dssenh.dll
c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'csrss.exe'(520)
c:\program files\PC Tools AntiVirus\PCTAVHook.dll
.
Completion time: 2009-01-28 14:40:14
ComboFix-quarantined-files.txt 2009-01-28 20:40:11

Pre-Run: 4,722,036,736 bytes free
Post-Run: 4,713,050,112 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

94

Edited by crazychilean7, 28 January 2009 - 03:11 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP