Broken Searches & Bad Yahoo Links

Computing.Net > Forums > Security and Virus > Broken Searches & Bad Yahoo Links

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Broken Searches & Bad Yahoo Links

Name: castlewall
Date: November 23, 2003 at 21:28:34 Pacific
OS: Win XP Pro SP 1
CPU/Ram: P3 500/640MB

Comment:

My wife's Yahoo stopped working about 2 months ago and I have been unable to fix it. She cannot use it for searches and all of the links are inoperable. When attempting either of these operations nothing happens - the flag does not wave, nothing appears in the status bar, no
blinking lights in the systray - nothing. There are no redirects or error messages, as described elsewhere in the forum, just nothing happens. Oh,links turn purple when clicked, but that's all. I get the same behavior from Google, Alta Vista and Dogpile. Interestingly, MSN seems to work OK. I mention this as my wife's problem because my login does not experience any of this behavior, only her's. I tried creating a new user for her to use, but it has the same affliction.
My anti-virus and firewall are up-to-date. I regularly (weekly) update and run ad-adware and spybotSD. They do not ever find anything. I have run CWShredder, HijackThis (see latest log below), all of the PCFlank tests, and TrojanScan. Nothing ever seems to turn up. HostReader doesn't find any "hosts" files on my system - illicit, or otherwise. I am not skilled enough to completely comprehend the HijackThis log and hope that someone will take a look at it.
BTW - why do certain words appearing in the forums get "green-linked" to an unrelated website? Is this a problem on my PC, or Computing.Net's website? I just noticed it for the first time tonight.
Thanks in advance!
Logfile of HijackThis v1.97.3
Scan saved at 9:03:02 PM, on 11/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\AVPersonal\AVGUARD.exe
C:\Program Files\AVPersonal\AVWUPSRV.exe
C:\WINDOWS\System32\drivers\CDAC11BA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\CTHELPER.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AT&T\WnClient\Programs\wnConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe
C:\HIJACK_THIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0730342649670f527902/netzip/RdxIE2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.8244097222
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117D8604-1D10-4FE4-BC3F-FB5D29103961}: NameServer = 12.102.244.4 204.127.129.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{117D8604-1D10-4FE4-BC3F-FB5D29103961}: NameServer = 12.102.244.4 204.127.129.4

Sponsored Link

Ads by Google

Response Number 1

Name: Arlet
Date: November 24, 2003 at 00:27:26 Pacific

Reply:

disable Systemrestore:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
run hijackthis again and put a checkmark against these entries....
.....then,close all browser and outlook windows and "fix checked"
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/0730342649670f527902/netzip/RdxIE2.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab
restart and paste a new log

Response Number 2

Name: castlewall
Date: November 24, 2003 at 20:50:14 Pacific

Reply:

Arlet,
Thanks for the response. I cleaned up my HijackThis log, per your helpful instructions. The latest log is below. Unfortunately this did not solve my problem. Any other ideas?
Logfile of HijackThis v1.97.3
Scan saved at 5:16:22 PM, on 11/24/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\AVPersonal\AVGUARD.exe
C:\Program Files\AVPersonal\AVWUPSRV.exe
C:\WINDOWS\System32\drivers\CDAC11BA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTHELPER.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\HIJACK_THIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.8244097222
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

Sponsored Link

Ads by Google

vista onscreen display yahoo status webseite specified command search directory bad	specified command search directory bad ebay search redirects to yahoo google and yahoo links redirected
See More

trojan.swice.11384 ?

IE has been taken over

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Broken Searches & Bad Yahoo Links

Can't search with www.yahoo.com etc

Summary

www.computing.net/answers/security/cant-search-with-wwwyahoocom-etc/9009.html

Yahoo search disabled

Summary

www.computing.net/answers/security/yahoo-search-disabled/7077.html

Need Help With HJT report

Summary

www.computing.net/answers/security/need-help-with-hjt-report/9032.html

From the Geek Dictionary
Noob - Perpetual newb, person that will never cease to be a newbie because he or...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Ping only works one-way on two-PC LAN

wireless and cable

wlan card

Keys dont work

How to Install Mac OS X 10.5.1

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE