[Resolved] Yahoo Searches Redirected to Unwanted Pages

Hondo · 15th November 2008

Noahdfear,

I'm sorry to report that it has not worked. I'm still being redirected.

My search was the following:

• Prediction - MLB: NL MVP 2008 - ZiiTrend.com
Handicapping the National League Most Valuable Player field ... Who will win the NL MVP Award 2008? source: http://mlb.mlb.com/news/a... Prediction Guideline ...
http://www.ziitrend.com/predict/on/m...008_2008-11-10 - 112k - Cached

But I was redirected to a search engine called Info. Here is the link:
hxxp://search20.info.com/2008%20mlb%...ffiliate=45333

When I hit the back button on my browser trying to get back to Yahoo I was then redirected to this site:
hxxp://ylwbook.areaconnect.addresses...b384ea31104ae4

Each time I hit the back button I was redirected to other pages looking like search pages with the results of my search.

Hondo

**noahdfear** · 15th November 2008

Open a command window and type the following command then hit Enter.

ipconfig /flushdns

Try deleting your cookies too. Clear temporary internet files again while there.

Hondo · 15th November 2008

Following your instruction I received the message:

The requested operation requires elevation.

Hondo

**noahdfear** · 15th November 2008

Navigate to C:\Windows\System32, right click on cmd.exe and select Run as Administartor, then repeat the command.

Check your Search Providers in IE options too.

I've got some errands, but will be back later.

Hondo · 15th November 2008

Noahdfear,

Did all you have suggested but still having the same problem. I am being redirected to more search engine like pages.

**noahdfear** · 15th November 2008

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

Post both reports here. It will likely require more than 1 post.

Hondo · 16th November 2008

Here is the first scan.

DDS (Version 1.0) - NTFSx86
Run by Michael at 18:02:24.51 on Sat 11/15/2008
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1191 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup \onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-10 51280]

=============== Created Last 30 ================

2008-11-13 22:06 250 a------- c:\windows\gmer.ini
2008-11-12 21:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-12 21:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 21:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 16:36 <DIR> --d----- c:\program files\trend micro
2008-11-10 09:04 51,280 a------- c:\windows\system32\drivers\aswMonFlt.sys
2008-11-06 22:32 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-11-06 22:32 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-06 22:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-06 21:54 161,792 a------- c:\windows\SWREG.exe
2008-11-06 21:54 98,816 a------- c:\windows\sed.exe
2008-11-06 21:19 <DIR> --d----- c:\users\michael\appdata\roaming\Malwarebytes
2008-11-06 21:18 <DIR> --d----- c:\programdata\Malwarebytes
2008-11-06 21:18 <DIR> --d----- c:\progra~2\Malwarebytes
2008-11-04 09:18 <DIR> --d----- C:\PerfLogs
2008-10-31 23:07 428,032 a------- c:\windows\system32\EncDec.dll
2008-10-31 23:07 217,088 a------- c:\windows\system32\psisrndr.ax
2008-10-31 23:07 1,244,672 a------- c:\windows\system32\mcmde.dll
2008-10-31 23:07 292,352 a------- c:\windows\system32\psisdecd.dll
2008-10-31 23:07 177,152 a------- c:\windows\system32\mpg2splt.ax
2008-10-31 23:07 80,896 a------- c:\windows\system32\MSNP.ax
2008-10-31 23:07 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2008-10-31 23:07 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-10-30 05:38 441,856 a------- c:\windows\system32\win32spl.dll
2008-10-30 05:38 37,376 a------- c:\windows\system32\printcom.dll
2008-10-28 07:04 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2008-10-28 07:04 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

==================== Find3M ====================

2008-11-15 08:21 <DIR> --d----- c:\program files\Bible
2008-11-04 11:52 <DIR> --d----- c:\program files\Yahoo!
2008-10-14 19:08 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-10-14 19:08 <DIR> --d----- c:\program files\NCH Swift Sound
2008-10-10 16:33 <DIR> --d----- c:\program files\CD Wave
2008-10-09 17:22 <DIR> --d----- c:\program files\iTunes
2008-10-09 17:22 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 17:21 <DIR> --d----- c:\program files\iPod
2008-10-01 21:49 826,368 a------- c:\windows\system32\wininet.dll
2008-10-01 21:49 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-01 21:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-01 21:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-09-17 22:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 22:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-17 20:03 2,027,520 a------- c:\windows\system32\win32k.sys
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-03-10 17:56 <DIR> --d----- c:\progra~2\WORDsearch
2008-03-10 17:52 <DIR> --d----- c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}
2008-03-10 17:48 <DIR> --d----- c:\progra~2\wsc
2007-12-08 10:03 <DIR> --d----- c:\users\michael\appdata\roaming\NCH Swift Sound
2007-09-04 15:39 <DIR> --d----- c:\progra~2\Grisoft
2007-08-20 05:46 <DIR> --d----- c:\users\michael\appdata\roaming\PC Tools
2007-07-19 20:16 <DIR> --d----- c:\users\michael\appdata\roaming\WildTangent
2007-07-19 20:16 <DIR> --d----- c:\progra~2\WildTangent
2007-07-11 20:43 <DIR> --d----- c:\progra~2\Symantec
2006-12-18 13:39 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-01-16 21:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\his tory\history.ie5\index.dat
2008-01-16 21:05 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\tem porary internet files\content.ie5\index.dat
2008-01-16 21:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\c ookies\index.dat

============= FINISH: 18:03:44.02 ===============

Hondo · 16th November 2008

Here is the optional report.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2007 12:56:16 PM
System Uptime: 11/15/2008 2:45:11 PM (4 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz
BIOS: PhoenixBIOS 4.0 Release 6.1 | HPQOEM - 6040000 | F.3D | 11/21/2007 6:00:00 PM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 59.653 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.627 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
avast! Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner (remove only)
CD Wave Editor version 1.97
Conexant HD Audio
DivX
Express Burn
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Product Detection
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0041
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 3.8.0 Full
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 5.0
My HP Games
NCH Toolbox
NVIDIA Drivers
Online Bible 10.10.09
PDF Settings
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Skype™ 3.6
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Switch
Synaptics Pointing Device Driver
TSP_CODEC
Update for Office 2007 (KB946691)
WavePad Uninstall
Windows Easy Transfer Companion (Beta)
WORDsearch 7 Tozer Edition
Yahoo! Install Manager
Yahoo! Messenger

==== Event Viewer Messages ===================

11/9/2008 12:40:44 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
11/9/2008 12:40:44 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:45 AM, Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

**noahdfear** · 16th November 2008

Please check the contents of the following folders to see if you can determine what they belong to. You may have to paste the path into the address bar to get to them.

c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}
c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

Hondo · 16th November 2008

Noahdfear,

1. It seems that the first file in question c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} is part of a program called WordSearch. It is multi-volume library that I installed. Here are the sub-files that are in the file:

File:Setup.dat 1 KB 3/10/2008 6:52:57 PM
File:Setup.exe 2396 KB 9/24/2007 4:25:36 PM
File:Setup.msi 932 KB 9/24/2007 4:25:32 PM
File:Setup.par 5 KB 3/10/2008 6:52:57 PM
File:Setup.res 1880 KB 9/24/2007 4:25:38 PM
File:instance.dat 1 KB 3/10/2008 6:52:57 PM
File:mia.dll 562 KB 9/24/2007 4:25:37 PM

2. c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}

It is a file that is called x86. I have no idea what it is or belongs to. Here are the sub-files in it:
File:DIFxAPI.dll 312 KB 4/17/2008 1:12:54 PM
File:DifXInstall32.exe 54 KB 7/4/2008 1:35:40 PM
File:GEARAspiWDM.inf 3 KB 4/17/2008 1:12:54 PM
File:gearaspiwdmx86.cat 11 KB 4/24/2008 8:25:18 AM
x86

The smiley face is supposed to be a capital D

3. c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

This file seems to have something to do with a Microsoft Office. Here are its sub-files.

File:Microsoft Office Activation Assistant.dat 1 KB 12/18/2006 1:39:52 PM
File:Microsoft Office Activation Assistant.exe 2480 KB 11/29/2006 2:33:08 PM
File:Microsoft Office Activation Assistant.msi 573 KB 11/29/2006 2:33:08 PM
File:Microsoft Office Activation Assistant.par 2 KB 12/18/2006 1:39:52 PM
File:Microsoft Office Activation Assistant.res 1796 KB 11/29/2006 2:33:09 PM
File:instance.dat 1 KB 12/18/2006 1:39:52 PM
File:mia.dll

I feel like I'm not being much help here. I feel like a person learning how to fly in the dark. I'm flying by the instruments only and Noahdfear you are the instruments. Get me in safely!

**noahdfear** · 16th November 2008

Those are all legit. Did this behavior start after installing something? I see what appear to be 2 new installations.

2008-11-15 08:21 <DIR> --d----- c:\program files\Bible
2008-11-04 11:52 <DIR> --d----- c:\program files\Yahoo!

Hondo · 16th November 2008

I don't remember downloading or installing anything new prior to this weirdness. The two items you cited are a Bible program that I've had installed right after I got this computer. And if you notice it shows today's date. I have not installed anything new today except for what you have asked me to install. I used that program today, but that is all.

As for the Yahoo thing-I'm not for sure why it would have come up unless it was a yahoo toolbar I downloaded. But I'm working from a poor memory. I thought I had loaded the Yahoo toolbar before 11-4-08.

The only thing I remember concerning any type of virus is one day not long ago while doing a search I hit a search item and McAfee told me it was an infected site, but I thought that McAfee blocked it.

**noahdfear** · 16th November 2008

Please go to this proxy server and through it access Yahoo. Try your search again and see if the redirection persists.

Hondo · 16th November 2008

The redirection did not persist. Yahoo's search worked normally.

**noahdfear** · 16th November 2008

Does the Yahoo redirect happen on any of the other computers?
Do you know how to access your router control panel if needed?