1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google & Yahoo Search taking too long/hanging up

Discussion in 'Virus & Other Malware Removal' started by srcheng731, Feb 12, 2005.

Thread Status:
Not open for further replies.
  1. srcheng731

    srcheng731 Thread Starter

    Joined:
    Feb 12, 2005
    Messages:
    2
    Hi, everyone.

    About 2-3 days ago, my Google (as well as Yahoo) searches began to act very weird. EITHER Google/Yahoo would take a long time to return any results OR the first page of search results brought back by Google & Yahoo were links to other unknown search engines or web sites, irrelevant of any search term/keyword that I had typed in. However, the second and any other subsequent Google/Yahoo search result pages looked normal.

    I have already scanned my computer with Ad-Adware, Spybot S&D, and PestPatrol with the latest updates. None of these anti-spyware programs detected any abnormalities except for DivX player files, which were flagged by PestPatrol. I am assuming that the DivX player is OK for video files.

    After reading the FAQ and following the listed directions, I was wondering if someone can help me with this Google/Yahoo search problem. Below is the HiJackThis log that was generated:


    Logfile of HijackThis v1.98.2
    Scan saved at 1:46:17 PM, on 2/12/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\CD-Writer Plus\HP Simple Trax\hpcron.exe
    C:\progra~1\cd-wri~1\directcd\DIRECTCD.EXE
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\QuickTime6\qttask.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 197.200.178.200:80
    O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts
    O1 - Hosts: 197.200.178.200
    O2 - BHO: BHO Class - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRA~1\ANONYM~1\ANONYM~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HP Simple Trax] C:\Program Files\CD-Writer Plus\HP Simple Trax\hpcron.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] c:\progra~1\cd-wri~1\directcd\DIRECTCD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime6\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Outlook2002\Office10\OSA.EXE
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Anonymizer - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRA~1\ANONYM~1\ANONYM~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT....com/files/theago/noplugin.html?theago_a.html
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9509B1F-2355-41B5-B266-3C8B13A1084C}: NameServer = 197.200.178.200


    I was wondering if the fltmgr.dll file (O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll) has anything to do with my Google/Yahoo searches, perhaps redirecting or blocking my search requests ??

    Thanks in advance for any help/assistance/advice,
    srcheng731
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you are not aware of 197.200.178.200 do below otherwise post back. You can run LSP fix however

    Then

    http://www.cexx.org/lspfix.htm

    Launch the application, and click the "I know what I'm doing" checkbox.

    Check all instances of fltmgr.dll (and nothing else), and move them to
    the "Remove" pane.
    Then click Finish.

    Download the Hoster from here:
    http://members.aol.com/toadbee/hoster.zip
    Run Hoster and press Restore Original Hosts, OK, and Exit Program.

    Print this and boot to safe mode
    Fix these with HJT

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 197.200.178.200:80

    O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts

    O1 - Hosts: 197.200.178.200

    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\fltmgr.dll

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...l?theago_a.html

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9509B1F-2355-41B5-B266-3C8B13A1084C}: NameServer = 197.200.178.200

    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    c:\winnt\system32\fltmgr.dll

    START – RUN – key in %temp% OK - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  3. srcheng731

    srcheng731 Thread Starter

    Joined:
    Feb 12, 2005
    Messages:
    2
    Hi, MFDnSC.

    I forgot to mention that 197.200.178.200 is the proxy server that I am using to access the Internet. I did run LSPfix and followed your instructions as well as the LSPFix directions. I went ahead and removed the fltmgr.dll entry in LSPFix.

    I also rebooted my PC and started Windows in safe mode. I ran HJT and allowed it to remove any entries not related to my proxy server IP address.
    I deleted the fltmgr.dll file in the C:\WINNT\system32 directory. And I cleaned up my temp directory and emptied my recycle bin as well.

    After rebooting Windows into normal mode, my Internet connection was still working fine and I tested out Google & Yahoo searches. Both search engines were returning normal 1st pages of search results.

    You can go ahead and close out this issue.

    Thank you very much,
    srcheng731
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329803

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice