Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google results redirected to ad-filled website


  • This topic is locked This topic is locked
3 replies to this topic

#1 omgsunflower

omgsunflower

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 25 March 2009 - 11:07 PM

all of my google results redirect me to websites, especially toseeka.com. When I hover over the link, it looks like it will direct me to the correct website, but after I click it it shows that I am being redirected to windowsclicks.com/go.php? etc etc. I downloaded some spyware programs, some wouldn't install, some didn't help.


DDS (Ver_09-03-16.01) - NTFSx86
Run by jake at 23:56:51.42 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.322 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\ApexDC++\ApexDC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\jake\Desktop\New Folder\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {3ae10e6a-86da-4248-b0f3-bae086f810ea} - c:\windows\system32\rboehxc.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PromoReg] c:\docume~1\jake\locals~1\temp\bleep3.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\jake\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234465386547
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: trgadncs - rboehxc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jake\applic~1\mozilla\firefox\profiles\qnuuucu7.default\
FF - component: c:\documents and settings\jake\application data\mozilla\firefox\profiles\qnuuucu7.default\extensions\ubiquity@labs.mozilla.com\platform\winnt_x86-msvc\components\ubiquity.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-25 22024]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-3-25 4414008]
R2 gterryhn;Disk Controller;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-12 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-12 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-12 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-12 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-12 1079176]

=============== Created Last 30 ================

2009-03-25 23:47 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-03-25 23:47 <DIR> --d----- c:\program files\Prevx
2009-03-25 23:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-03-25 23:47 63 a------- c:\windows\wininit.ini
2009-03-25 12:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-25 12:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-25 11:32 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-25 05:47 <DIR> --d----- c:\program files\WinPcap
2009-03-25 05:45 <DIR> --dsh--- c:\windows\system32\lowsec
2009-03-12 15:06 <DIR> --d----- c:\program files\iPod
2009-03-12 15:06 <DIR> --d----- c:\program files\iTunes
2009-03-12 14:41 168,448 a------- c:\windows\system32\unrar.dll
2009-03-12 14:41 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-12 14:24 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-12 14:24 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-12 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-10 17:49 103,744 a------- c:\windows\system32\MSCOMM32.OCX
2009-03-10 17:43 <DIR> --d----- c:\program files\SecondLife
2009-03-04 12:18 275,456 a------- c:\windows\system32\gfbaksm.dll
2009-03-04 12:18 275,456 a------- c:\windows\system32\gfbaksm.dat
2009-03-03 22:46 1,072,128 a------- c:\windows\system32\vbsgf.dll
2009-03-03 22:46 614,912 a------- c:\windows\system32\gfkernel.dll
2009-03-03 22:46 <DIR> --d----- c:\program files\GetFLV
2009-03-03 19:58 <DIR> --d----- c:\program files\AoA Audio Extractor
2009-03-03 19:13 1,452 a------- c:\windows\system32\cacls
2009-03-03 19:01 <DIR> --d----- c:\docume~1\jake\applic~1\Ableton
2009-03-03 19:00 368,640 a------- c:\windows\system32\ReWire.dll
2009-03-03 19:00 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-03-03 19:00 <DIR> --d----- c:\program files\Ableton
2009-03-02 22:59 <DIR> --dsh--- C:\found.000
2009-02-24 17:58 <DIR> --d----- c:\docume~1\jake\applic~1\AirTalkr.2BD262AE7F95B38C53B392A91BDA5BAD8AF4229B.1
2009-02-24 17:58 <DIR> --d----- c:\program files\AirTalkr

==================== Find3M ====================

2009-02-13 00:48 6,820 a------- c:\windows\system32\d3d9caps.dat
2009-02-12 16:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-12 15:09 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-12 14:37 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-14 01:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-14 00:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-14 00:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 00:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-14 00:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 00:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 00:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-14 00:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 00:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-14 00:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-14 00:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-14 00:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-14 00:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-14 00:05 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-01-14 00:05 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-01-14 00:05 887,724 a------- c:\windows\system32\ativva6x.dat
2009-01-13 23:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-13 23:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-13 23:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-13 23:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-13 23:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-13 23:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-13 22:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-13 22:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-13 22:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-13 22:05 593,920 -------- c:\windows\system32\ati2sgag.exe

============= FINISH: 23:57:43.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:49 PM

Posted 04 April 2009 - 06:27 PM

Hello omgsunflower,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 omgsunflower

omgsunflower
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 04 April 2009 - 11:00 PM

Fixed the problem with combofix, thanks though.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:49 PM

Posted 04 April 2009 - 11:08 PM

Thanks for letting me know. :thumbup2:


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users