Solved Yahoo Searches Redirected to Unwanted Pages

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

Post both reports here. It will likely require more than 1 post.

 

Yahoo Searches Redirected to Unwanted Pages

Here is the first scan.


DDS (Version 1.0) - NTFSx86
Run by Michael at 18:02:24.51 on Sat 11/15/2008
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1191 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-10 51280]

=============== Created Last 30 ================

2008-11-13 22:06 250 a------- c:\windows\gmer.ini
2008-11-12 21:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-12 21:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 21:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 16:36 <DIR> --d----- c:\program files\trend micro
2008-11-10 09:04 51,280 a------- c:\windows\system32\drivers\aswMonFlt.sys
2008-11-06 22:32 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-11-06 22:32 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-06 22:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-06 21:54 161,792 a------- c:\windows\SWREG.exe
2008-11-06 21:54 98,816 a------- c:\windows\sed.exe
2008-11-06 21:19 <DIR> --d----- c:\users\michael\appdata\roaming\Malwarebytes
2008-11-06 21:18 <DIR> --d----- c:\programdata\Malwarebytes
2008-11-06 21:18 <DIR> --d----- c:\progra~2\Malwarebytes
2008-11-04 09:18 <DIR> --d----- C:\PerfLogs
2008-10-31 23:07 428,032 a------- c:\windows\system32\EncDec.dll
2008-10-31 23:07 217,088 a------- c:\windows\system32\psisrndr.ax
2008-10-31 23:07 1,244,672 a------- c:\windows\system32\mcmde.dll
2008-10-31 23:07 292,352 a------- c:\windows\system32\psisdecd.dll
2008-10-31 23:07 177,152 a------- c:\windows\system32\mpg2splt.ax
2008-10-31 23:07 80,896 a------- c:\windows\system32\MSNP.ax
2008-10-31 23:07 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2008-10-31 23:07 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-10-30 05:38 441,856 a------- c:\windows\system32\win32spl.dll
2008-10-30 05:38 37,376 a------- c:\windows\system32\printcom.dll
2008-10-28 07:04 2,463,976 a------- c:\windows\system32\NPSWF32.dll
2008-10-28 07:04 190,696 a------- c:\windows\system32\NPSWF32_FlashUtil.exe

==================== Find3M ====================

2008-11-15 08:21 <DIR> --d----- c:\program files\Bible
2008-11-04 11:52 <DIR> --d----- c:\program files\Yahoo!
2008-10-14 19:08 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-10-14 19:08 <DIR> --d----- c:\program files\NCH Swift Sound
2008-10-10 16:33 <DIR> --d----- c:\program files\CD Wave
2008-10-09 17:22 <DIR> --d----- c:\program files\iTunes
2008-10-09 17:22 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 17:21 <DIR> --d----- c:\program files\iPod
2008-10-01 21:49 826,368 a------- c:\windows\system32\wininet.dll
2008-10-01 21:49 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-01 21:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-01 21:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-09-17 22:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 22:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-17 20:03 2,027,520 a------- c:\windows\system32\win32k.sys
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-03-10 17:56 <DIR> --d----- c:\progra~2\WORDsearch
2008-03-10 17:52 <DIR> --d----- c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}
2008-03-10 17:48 <DIR> --d----- c:\progra~2\wsc
2007-12-08 10:03 <DIR> --d----- c:\users\michael\appdata\roaming\NCH Swift Sound
2007-09-04 15:39 <DIR> --d----- c:\progra~2\Grisoft
2007-08-20 05:46 <DIR> --d----- c:\users\michael\appdata\roaming\PC Tools
2007-07-19 20:16 <DIR> --d----- c:\users\michael\appdata\roaming\WildTangent
2007-07-19 20:16 <DIR> --d----- c:\progra~2\WildTangent
2007-07-11 20:43 <DIR> --d----- c:\progra~2\Symantec
2006-12-18 13:39 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-01-16 21:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-16 21:05 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-16 21:05 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:03:44.02 ===============

 

Yahoo Searches Redirected to Unwanted Pages

Here is the optional report.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2007 12:56:16 PM
System Uptime: 11/15/2008 2:45:11 PM (4 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz
BIOS: PhoenixBIOS 4.0 Release 6.1 | HPQOEM - 6040000 | F.3D | 11/21/2007 6:00:00 PM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 59.653 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.627 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
avast! Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCleaner (remove only)
CD Wave Editor version 1.97
Conexant HD Audio
DivX
Express Burn
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Product Detection
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0041
HP Wireless Assistant
HPNetworkAssistant
iTunes
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 3.8.0 Full
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 5.0
My HP Games
NCH Toolbox
NVIDIA Drivers
Online Bible 10.10.09
PDF Settings
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Skypeâ„¢ 3.6
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Switch
Synaptics Pointing Device Driver
TSP_CODEC
Update for Office 2007 (KB946691)
WavePad Uninstall
Windows Easy Transfer Companion (Beta)
WORDsearch 7 Tozer Edition
Yahoo! Install Manager
Yahoo! Messenger

==== Event Viewer Messages ===================

11/9/2008 12:40:44 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
11/9/2008 12:40:44 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! iAVS4 Control Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:44 AM, Error: Service Control Manager [7030] - The avast! Mail Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2008 9:04:45 AM, Error: Service Control Manager [7030] - The avast! Web Scanner service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

 

Please check the contents of the following folders to see if you can determine what they belong to. You may have to paste the path into the address bar to get to them.

c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}
c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

1. It seems that the first file in question c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} is part of a program called WordSearch. It is multi-volume library that I installed. Here are the sub-files that are in the file:

File:Setup.dat 1 KB 3/10/2008 6:52:57 PM
File:Setup.exe 2396 KB 9/24/2007 4:25:36 PM
File:Setup.msi 932 KB 9/24/2007 4:25:32 PM
File:Setup.par 5 KB 3/10/2008 6:52:57 PM
File:Setup.res 1880 KB 9/24/2007 4:25:38 PM
File:instance.dat 1 KB 3/10/2008 6:52:57 PM
File:mia.dll 562 KB 9/24/2007 4:25:37 PM

2. c:\progra~2\{0EB526CD-341C-4A0A-A665-EF7BD140AC37}

It is a file that is called x86. I have no idea what it is or belongs to. Here are the sub-files in it:
FileIFxAPI.dll 312 KB 4/17/2008 1:12:54 PM
FileifXInstall32.exe 54 KB 7/4/2008 1:35:40 PM
File:GEARAspiWDM.inf 3 KB 4/17/2008 1:12:54 PM
File:gearaspiwdmx86.cat 11 KB 4/24/2008 8:25:18 AM
x86

The smiley face is supposed to be a capital D

3. c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

This file seems to have something to do with a Microsoft Office. Here are its sub-files.

File:Microsoft Office Activation Assistant.dat 1 KB 12/18/2006 1:39:52 PM
File:Microsoft Office Activation Assistant.exe 2480 KB 11/29/2006 2:33:08 PM
File:Microsoft Office Activation Assistant.msi 573 KB 11/29/2006 2:33:08 PM
File:Microsoft Office Activation Assistant.par 2 KB 12/18/2006 1:39:52 PM
File:Microsoft Office Activation Assistant.res 1796 KB 11/29/2006 2:33:09 PM
File:instance.dat 1 KB 12/18/2006 1:39:52 PM
File:mia.dll

I feel like I'm not being much help here. I feel like a person learning how to fly in the dark. I'm flying by the instruments only and Noahdfear you are the instruments. Get me in safely!

 

Those are all legit. Did this behavior start after installing something? I see what appear to be 2 new installations.

2008-11-15 08:21 <DIR> --d----- c:\program files\Bible
2008-11-04 11:52 <DIR> --d----- c:\program files\Yahoo!

 

Yahoo Searches Redirected to Unwanted Pages

I don't remember downloading or installing anything new prior to this weirdness. The two items you cited are a Bible program that I've had installed right after I got this computer. And if you notice it shows today's date. I have not installed anything new today except for what you have asked me to install. I used that program today, but that is all.

As for the Yahoo thing-I'm not for sure why it would have come up unless it was a yahoo toolbar I downloaded. But I'm working from a poor memory. I thought I had loaded the Yahoo toolbar before 11-4-08.

The only thing I remember concerning any type of virus is one day not long ago while doing a search I hit a search item and McAfee told me it was an infected site, but I thought that McAfee blocked it.

 

Please go to this proxy server and through it access Yahoo. Try your search again and see if the redirection persists.

 

Yahoo Searches Redirected to Unwanted Pages

The redirection did not persist. Yahoo's search worked normally.

 

Does the Yahoo redirect happen on any of the other computers?
Do you know how to access your router control panel if needed?

 

Yahoo Searches Redirected to Unwanted Pages

Yes, I think it is at least 3 computers. I think I know how to get to the router control panel.

 

I believe my previous conclusion that your router is not hijacked was wrong. Please configure the router to use Open DNS and let me know the results.

 

Yahoo Searches Redirected to Unwanted Pages

Reset the router using Opendns.

But the problem continues. Yahoo is still hijacked.

 

Highlight and copy the contents of the code box below.

Code:

reg query HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /s>check.txt
start notepad check.txt
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own and a log will open. Post the contents of that log.

 

Yahoo Searches Redirected to Unwanted Pages

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4CC222A1-5724-4797-822D-44E9C4B45C06}
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
DhcpIPAddress REG_SZ xxxxxxx
DhcpSubnetMask REG_SZ 255.255.255.0
DhcpServer REG_SZ 192.168.1.1
Lease REG_DWORD 0x15180
LeaseObtainedTime REG_DWORD 0x491f34f0
T1 REG_DWORD 0x491fddb0
T2 REG_DWORD 0x49205c40
LeaseTerminatesTime REG_DWORD 0x49208670
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x1
IPAutoconfigurationAddress REG_SZ 0.0.0.0
DhcpInterfaceOptions REG_BINARY 06000000000000000800000000000000DDDB204955FF702455FF702903000000000000000400000000000000DDDB2049C0A8010101000000000000000400000000000000DDDB2049FFFFFF0033000000000000000400000000000000DDDB20490001518036000000000000000400000000000000DDDB2049C0A8010135000000000000000100000000000000DDDB204905000000FC0000000000000000000000000000006F6E1F49
DhcpNameServer REG_SZ 85.255.112.36 85.255.112.41
DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1
DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90B417F8-A0C1-4A5C-B6FF-A35FD7E1A224}
UseZeroBroadcast REG_DWORD 0x0
EnableDeadGWDetect REG_DWORD 0x1
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x0
DhcpIPAddress REG_SZ 0.0.0.0
DhcpSubnetMask REG_SZ 255.0.0.0
DhcpServer REG_SZ 255.255.255.255
Lease REG_DWORD 0x0
LeaseObtainedTime REG_DWORD 0x0
T1 REG_DWORD 0x0
T2 REG_DWORD 0x0
LeaseTerminatesTime REG_DWORD 0x0
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x1
IPAutoconfigurationAddress REG_SZ xxxxxxx

 

Yahoo Searches Redirected to Unwanted Pages

Noahdfear,

I've discovered that the Open DNS changes did not take. I will try to reload it and get back to you tomorrow.

Hondo

 

Does the router by chance show the following address, which is also present in the export?

DhcpNameServer REG_SZ 85.255.112.36 85.255.112.41

If so, it might require resetting the router to clear. You will likely need to re-enable Wireless connections to the router, and any other security settings (WEP, WPA, etc).

 

Yahoo Searches Redirected to Unwanted Pages

You are right. The DhcpNameServer is REG_SZ 85.255.112.36 85.255.112.41

How do you reset the router to clear and re-enable Wireless connections to the router, and other security settings (WEP, WPA, etc)?

I'm not sure about that Open DNS. I can't seem to get it to work right. Now my DNS server address is changed to open dns but I can't seem to use it. I keep getting a warning sign that says that I'm not using Open DNS servers. It then tells me to go to the preferences and connect. But I'm not able to login. Oh, well this is not my main problem. I believe I can deal with this later.

 

What is the make and model of the router?

Advance notice - you will need to download install and update MBAM on all connected computers for the fix to be successful. Do not run it yet though. I'll post instructions once you provide router details.

 

Yahoo Searches Redirected to Unwanted Pages

What is the make and model of the router?

Netgear RangeMax WPNX24v2