WiredWX Hobby Weather ToolsLog in

 


Google/Yahoo search results misdirecting

2 posters

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Do you have a router?

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Yes, I have a linksys router.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Let me look at something real quick...

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.1.7600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nathan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-54-DA-50-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d1e8:42a2:5bab:5ea3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 09, 2010 2:19:37 PM
Lease Expires . . . . . . . . . . : Saturday, September 11, 2010 2:19:37 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-AC-3F-E6-00-23-54-DA-50-9D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7668F7E2-CA66-40BD-9C17-839153EAC4C7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:341b:3fc:9d6b:40b(Preferred)
Link-local IPv6 Address . . . . . : fe80::341b:3fc:9d6b:40b%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=80ms TTL=48
Reply from 209.191.122.70: bytes=32 time=62ms TTL=47
Reply from 209.191.122.70: bytes=32 time=58ms TTL=48
Reply from 209.191.122.70: bytes=32 time=61ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 80ms, Average = 65ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=27ms TTL=111
Reply from 64.202.189.170: bytes=32 time=25ms TTL=111
Reply from 64.202.189.170: bytes=32 time=26ms TTL=111
Reply from 64.202.189.170: bytes=32 time=26ms TTL=111

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 27ms, Average = 26ms

Pinging facebook.com [69.63.181.11] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 69.63.181.11:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging microsoft.com [207.46.232.182] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.232.182:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Right now I'm using peerblock to stop the redirects and its working well although once I disable it or exit it the redirects continue.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Let's begin by opening up Internet Explorer, and go to the following address:

http://192.168.1.1

if that does not display a blank page with a password prompt, then try this one:

http://192.168.2.1


Once you get the password prompt, enter your password if you selected one, or otherwise enter in admin in to the password box.

Once you confirm that, you shall see the router configuration screen.




Please list for me the values included in the boxes similarly named:

-Internet Connection type
-Local IP address
-Static DNS 1
-Static DNS 2
-Static DNS 3
-IP Address Range
-Host name
-Domain name


If some of those you cannot find, then let me know which ones you could not find.

After I know this information, I will tell you how to proceed after this.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Internet Connection Type: Obtain an IP automatically
Local IP Address: 192.168.1.1
Static DNS 1: 0.0.0.0
Static DNS 2: 0.0.0.0
Static DNS 3: 0.0.0.0
IP Address Range: DHCP Address Range?
Host Name: Nothing
Domain name: Nothing

Screenshot
Google/Yahoo search results misdirecting - Page 3 Routset

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
But you still have internet access? And search redirects?

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
I have internet access, I've always had internet. Yes, the redirects still happen.

I'm pretty sure whats causing it has something to do with my infected wininit.exe which then infects my browsers exe.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:

    :filefind
    wininit.exe
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
SystemLook 04.09.10 by jpshortstuff
Log created at 21:44 on 12/09/2010 by Nathan
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a---- 175616 bytes [23:33 13/07/2009] [01:16 14/07/2009] 26073302DAEA83CC5B944C546D6B47D2
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll --a---- 175616 bytes [23:33 13/07/2009] [01:16 14/07/2009] 26073302DAEA83CC5B944C546D6B47D2

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a---- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll --a---- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81

Searching for "eventlog.dll"
No files found.

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a---- 285696 bytes [20:52 17/06/2010] [06:17 28/10/2009] 37CDB7E72EB66BA85A87CBE37E7F03FD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe --a---- 285696 bytes [23:37 13/07/2009] [01:14 14/07/2009] 8EC6A4AB12B8F3759E21F8E3A388F2CF
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe --a---- 285696 bytes [20:52 17/06/2010] [06:17 28/10/2009] 37CDB7E72EB66BA85A87CBE37E7F03FD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe --a---- 285696 bytes [20:52 17/06/2010] [05:52 28/10/2009] 3BABE6767C78FBF5FB8435FEED187F30

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a---- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll --a---- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a---- 1151488 bytes [23:34 13/07/2009] [01:15 14/07/2009] E6B5DE86ABF68D7D67E451C29287B5C5
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7600.16385_none_5b4617ff3f275c4b\crypt32.dll --a---- 1151488 bytes [23:34 13/07/2009] [01:15 14/07/2009] E6B5DE86ABF68D7D67E451C29287B5C5

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a---- 951808 bytes [23:38 13/07/2009] [01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6\gpedit.dll --a---- 951808 bytes [23:38 13/07/2009] [01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe --a---- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a---- 2560 bytes [23:15 13/07/2009] [01:10 14/07/2009] 40CAEEE0EAF1B8569F7C8DF6420F2CB9
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll --a---- 2560 bytes [23:15 13/07/2009] [01:10 14/07/2009] 40CAEEE0EAF1B8569F7C8DF6420F2CB9

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a---- 12288 bytes [23:32 13/07/2009] [01:15 14/07/2009] 50BA656134F78AF64E4DD3C8B6FEFD7E
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll --a---- 12288 bytes [23:32 13/07/2009] [01:15 14/07/2009] 50BA656134F78AF64E4DD3C8B6FEFD7E

Searching for "beep.sys"
C:\Windows\System32\drivers\beep.sys --a---- 6144 bytes [23:45 13/07/2009] [23:45 13/07/2009] 505506526A9D467307B3C393DEDAF858
C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys --a---- 6144 bytes [23:45 13/07/2009] [23:45 13/07/2009] 505506526A9D467307B3C393DEDAF858

Searching for "wscntfy.exe"
No files found.

Searching for "atapi.sys"
C:\Windows\System32\drivers\atapi.sys --a---- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys --a---- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys --a---- 21584 bytes [23:11 13/07/2009] [01:26 14/07/2009] 338C86357871C167A96AB976519BF59E

-= EOF =-

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Also I noticed a lock on my wininit.exe in my system32 folder. I did not edit the file in anyway so I dunno how it got there.

Google/Yahoo search results misdirecting - Page 3 Capture

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Please go to: VirusTotal


    Google/Yahoo search results misdirecting - Page 3 79566475

  • Click the Browse button and search for the following file: c:\windows\system32\wininit.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
How exactly do I get the the results? Should I copy and paste the actual page in notepad, or should I just make a screen shot of the page?

I've been sitting at the page for a couple hours now and its still sitting at 0/42 results. I don't know if this is normal.

Google/Yahoo search results misdirecting - Page 3 Ssz

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
Looks fine.

And you keep getting warnings on it being infected?

descriptionGoogle/Yahoo search results misdirecting - Page 3 EmptyRe: Google/Yahoo search results misdirecting

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum