Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Firefox google searches redirects

  • This topic is locked This topic is locked
2 replies to this topic

#1 mkabwilliams


  • Members
  • 6 posts
  • Local time:04:02 AM

Posted 15 July 2009 - 10:15 AM

When I do a search on google and click a link in the search results i see something in the bottom left corner that i think says overclick but it goes by way to fast. I've done a mailwarebytes scan and a spybot but don't find anything.

When I run the dds.scr I get a message over and over that says "Not enough main memory to complete the sort." but it does finish and here is my info.


DDS (Ver_09-06-26.01) - NTFSx86  
Run by mwilliams at  9:13:03.00 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12

============== Running Processes ===============

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Building Materials Holding Corp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\documents and settings\mwilliams\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\mwilli~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
uPolicies-explorer: NoAutorun = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
uPolicies-system: HideLogonScripts = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: pl15w2sp.dll
Trusted Zone: bmhc.com
Trusted Zone: bmhc.com\dclv-av1
Trusted Zone: dclv-mon3
Trusted Zone: dclv-mon4
DPF: iLO 2 Remote Console Applet - hxxps://test-vm5c/dvc.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {43E4476A-6C11-4274-AFA4-DF665B26EAE0} - hxxps://test-vm6c/plugins/vkvm/ActiveXVideoViewer.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-
DPF: {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/root/AtxConsole.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {6286EF1A-B56E-48EF-90C3-743410657F3C} - hxxps://dclv-mon4:2607/detectIESettingsForITA.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231260084268
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} - hxxps://dclv-av1.bmhc.com:4343/officescan/console/html/root/AtxPie.cab
DPF: {B996510E-30C9-4083-ADB9-9FD3760D689D} - hxxp://dclv-apcmon1/ApcIsxInstaller.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bmhc.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F651630F-2847-4A80-8701-AD96312C9237} - hxxps://imagedirect.dell.com/ImageDirect/CabFile/IBTransfer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - 
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-07-15 07:21	<DIR>	--d-----	c:\program files\Spybot - Search & Destroy
2009-07-15 07:21	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-14 15:46	<DIR>	--d-----	c:\docume~1\mwilli~1\applic~1\Windows Desktop Search
2009-07-14 14:31	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\11763594
2009-07-10 08:12	<DIR>	--d-----	c:\program files\Back Link Analyzer v2.0-cp
2009-07-01 14:20	<DIR>	--d-----	c:\docume~1\mwilli~1\applic~1\Malwarebytes
2009-07-01 14:20	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-01 14:20	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware

==================== Find3M  ====================

============= FINISH:  9:14:16.51 ===============

Attached Files

BC AdBot (Login to Remove)


#2 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:02 AM

Posted 19 July 2009 - 10:08 PM

Hello mkabwilliams,

What antivirus are you running on this computer?

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


Please do this:
1. Download HijackThis here:

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.
Please post it.


Let's look in a different place for signs.

Open HijackThis 2.0.2
Press the button 'View Misc Tools Section'
Press the button 'open uninstall manager'
Press the button 'save list'
Save it to your desktop.
Press Save. Save it your desktop.
A notepad file will open.
If no notepad opens then it will be on your desktop (where you saved it)
Post the content here in your reply.
Close HijackThis.

Edited by SifuMike, 19 July 2009 - 10:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike


    malware expert

  • Staff Emeritus
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:02 AM

Posted 24 July 2009 - 10:20 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users