Bushmaster78FS Posted February 23, 2010 Share Posted February 23, 2010 Folks, I decided to give Yahoo! Search a shot as an alternative to Google I have been using, but there is something really bothersome, I am wondering if it is Y! causing this or it is my system, browser, etc?When I type a search in Yahoo, for example "how to edit sendto menu pcmag", it pulls up results, since I am looking for what PCMag had to say about it, I add a pcmag keyword, the link I want to see is listed in the first place, but sometimes, not everytime, when I click on this link, I end up in a totally unrelated advertisement website. It doesn't happen with Google. Just a few minutes ago, I was doing another search about Windows 7's media center, I clicked on of the search results and I ended up in this VLC media player advertisement. At first you don't notice, you skim through the page and once you can't find the information you are looking for, usually you wake up within a second, you go back, click the link again and this time the result displays correctly.What is happening here? I use MSSE for virus protection and Spybot for spyware protection, if it is Yahoo abusing it, I am going back to Google. Please advise. Thanks... Link to comment Share on other sites More sharing options...
Sp0iLedBrAt Posted February 23, 2010 Share Posted February 23, 2010 I did your first search (how to edit sendto menu pcmag) and the first link I got was the exact answer by PCMag. Yes, I suppose it could be some kind of advertising, or even some kind of link redirecting. Do the results match on different browsers? (Asking because they obviously have different tolerance/ management of web pages) I used Firefox 3.6 on the Yahoo home page.If it is some infection, it is more probable that it is spyware. Link to comment Share on other sites More sharing options...
Tarun Posted February 23, 2010 Share Posted February 23, 2010 Please download my Anti-Malware Toolkit and get the package that matches your OS. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log. Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted February 25, 2010 Author Share Posted February 25, 2010 Sorry guys, I have been away past couple days, I am doing what Tarun suggests right now. Because these search redirects are getting out of control and Google is doing it too right now... Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted February 26, 2010 Author Share Posted February 26, 2010 Please download my Anti-Malware Toolkit and get the package that matches your OS. Then follow the directions in the PC Cleanup guide. After that, please post a HijackThis log.Tarun, I have followed the instructions and here is my HijackThis log after all those scans...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:39:21, on 2/25/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\SpeedFan\speedfan.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files (x86)\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeopleR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\RoboForm\roboform.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\John & Jolene Yasar\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\RoboForm\roboform.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO4 - HKLM\..\Run: [Yahoo! Widgets] C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exeO4 - HKLM\..\Run: [speedfan] C:\Program Files (x86)\SpeedFan\speedfan.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO13 - Gopher Prefix: O15 - Trusted Zone: http://software.kuaiche.comO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1264574732790O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabO16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (System Requirements Lab Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cabO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - AppInit_DLLs: acaptuser32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exeO23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exeO23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\PC Suite\SupServ.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Safer Networking\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @C:\Program Files (x86)\TuneUp Utilities\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities\TuneUpDefragService.exeO23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities\TuneUpUtilitiesService64.exeO23 - Service: TVersityMediaServer - Unknown owner - C:\Users\John & Jolene Yasar\AppData\Local\TVersity\Media Server\MediaServer.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 11783 bytesThank you for all your service to the community. I am still wondering where I got this from... MSSE is not a good product??? Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted February 27, 2010 Author Share Posted February 27, 2010 Bumping the thread... Link to comment Share on other sites More sharing options...
Tarun Posted February 28, 2010 Share Posted February 28, 2010 Did the scanners find and remove anything?This should go: O15 - Trusted Zone: http://software.kuaiche.com Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted February 28, 2010 Author Share Posted February 28, 2010 Did the scanners find and remove anything?This should go: O15 - Trusted Zone: http://software.kuaiche.comThanks. Only Superantispyware, 8 tracks, that's it... The rest didn't... The search behavior didn't repeat either... Link to comment Share on other sites More sharing options...
Tripredacus Posted March 1, 2010 Share Posted March 1, 2010 This line looks suspect:O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLLI know it says Office14, but note your other office14 paths are in the correct folders, not this MIF5BA~1. Link to comment Share on other sites More sharing options...
BetaMerc Posted March 1, 2010 Share Posted March 1, 2010 (edited) This line looks suspect:O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLLI know it says Office14, but note your other office14 paths are in the correct folders, not this MIF5BA~1.That line is weird. Have you cleaned this line? if so still happens? Edited March 1, 2010 by BetaMerc Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted March 1, 2010 Author Share Posted March 1, 2010 This line looks suspect:O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLLI know it says Office14, but note your other office14 paths are in the correct folders, not this MIF5BA~1.That line is weird. Have you cleaned this line? if so still happens?I have the Office 2010 Beta, I wonder if it is related. However since I ran the Anti-Malware kit (PC Cleanup) I haven't had the redirect problem. Should I still consider deleting this line? Link to comment Share on other sites More sharing options...
Tripredacus Posted March 2, 2010 Share Posted March 2, 2010 I can't find what the full path is that this folder is shortening. It would appear to be a legit path. Can you post the full path? Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted March 2, 2010 Author Share Posted March 2, 2010 I can't find what the full path is that this folder is shortening. It would appear to be a legit path. Can you post the full path?You mean this folder? "C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL" ??I can't find the folder myself, there is no MIF5BA~1 in either x86 or x64 folders.. I am searching for URLREDIR.DLL right now. Link to comment Share on other sites More sharing options...
Bushmaster78FS Posted March 2, 2010 Author Share Posted March 2, 2010 URLREDIR happens to be in MS Office folder, but no MIF5BA~1... Weird... Link to comment Share on other sites More sharing options...
Tripredacus Posted March 4, 2010 Share Posted March 4, 2010 Its probably in ProgramData, which is a Hidden System file. If you change your display options to view these types of files, you might find it. I can't find it on my PC.Anyways, if the probably hasn't come back, you can probably safely ignore this file. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now