Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to windowsclick.com and toseeka


  • This topic is locked This topic is locked
2 replies to this topic

#1 squeakers

squeakers

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 30 March 2009 - 08:26 PM

I've tried to run ad aware, and malwarebytes anti-malware and neither of them have worked (I can't even get the 2nd one to open). Here are the results of my dds scan:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 20:03:38.26 on Mon 03/30/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_01binssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:program filesnorton internet securitynorton antivirusNavShExt.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:program fileszonealarmsbbar1.binSPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar1.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:program filesnorton internet securitynorton antivirusNavShExt.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:program fileszonealarmsbbar1.binSPYBLOCK.DLL
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [Aim6]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:program fileshewlett-packardhp boot optimizerHPBootOp.exe" /run
mRun: [SunJavaUpdateSched] "c:program filesjavajre1.6.0_01binjusched.exe"
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [URLLSTCK.exe] c:program filesnorton internet securityUrlLstCk.exe
mRun: [Symantec NetDriver Monitor] c:progra~1symnet~1SNDMon.exe /Consumer
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
IE: &Google Search - c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesgoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:progra~1mi1933~1office10EXCEL.EXE/3000
IE: Similar Pages - c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:windowspchealthhelpctrvendorscn=hewlett-packard,l=cupertino,s=ca,c=usiebuttonsupport.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_01binssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1mi1933~1office11REFIEBAR.DLL
Trusted Zone: labelscar.comwww
Trusted Zone: macys.comwww
Trusted Zone: nyandcompany.comwww
Trusted Zone: sephora.comwww
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136223400906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coke/Coupons.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-29 22:51 <DIR> --d----- c:program filesTrend Micro
2009-03-14 19:51 <DIR> --d----- c:program filesSonicWallES
2009-03-14 09:06 <DIR> --d----- c:docume~1compaq~1applic~1MailFrontier

==================== Find3M ====================

2009-03-30 19:59 4,212 ----h--- c:windowssystem32zllictbl.dat
2009-03-29 22:57 29,863,712 a--sh--- c:windowssystem32driversfidbox.dat
2009-03-29 22:57 401,036 a--sh--- c:windowssystem32driversfidbox.idx
2009-02-09 06:13 1,846,784 a------- c:windowssystem32win32k.sys
2009-02-09 06:13 1,846,784 -------- c:windowssystem32dllcachewin32k.sys
2009-02-01 09:39 10,520 a------- c:windowssystem32avgrsstx.dll
2009-02-01 09:39 325,128 a------- c:windowssystem32driversavgldx86.sys
2009-02-01 09:39 107,272 a------- c:windowssystem32driversavgtdix.sys
2008-12-14 17:23 127,776 a------- c:docume~1compaq~1applic~1GDIPFONTCACHEV1.DAT
2007-06-01 15:21 0 a------- c:docume~1compaq~1applic~1wklnhst.dat

============= FINISH: 20:04:33.50 ===============

Thanks for any help you can provide! :thumbup2:

Here is the attach file

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 30 March 2009 - 10:00 PM.


BC AdBot (Login to Remove)

 


#2 squeakers

squeakers
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 01 April 2009 - 10:07 PM

Mods, feel free to delete this request because I have fixed my issues. :thumbup2:

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:38 AM

Posted 08 April 2009 - 02:57 PM

Thank you for letting me know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by suebaby41, 08 April 2009 - 02:58 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users