sujitsingh

Dear Sir/Madam;
I am having problem with Google search. When Search result is displayed and link is clicked, it is redirecting me to some other websites.
I am new member and did not see the first steps guide and I am really sorry. So I missed running run DDS and GMER . I ran combofix and hope I haven't messed anything up :(


Here is a log from Combofix.

ComboFix 09-04-25.A3 - ssingh 04/27/2009 10:48.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.254.90 [GMT -4:00]
Running from: c:\documents and settings\ssingh\Desktop\Combofix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-0-7-83-100008847-100025721-100029747-5498.com
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\drivers\gxvxcoiprlnsbmhfviakibmttusiuyxewvsxe.sys
c:\winnt\system32\gxvxccounter
c:\winnt\system32\gxvxcwyerxdpfmntymojxrmpjxubfxleenbmk.dll
c:\winnt\system32\open.ico
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 15:11 . 2009-04-27 15:11 -------- d-----w C:\found.000
2009-04-27 05:45 . 2009-04-06 19:32 15504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-04-27 05:45 . 2009-04-06 19:32 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-27 05:45 . 2009-04-27 05:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 05:45 . 2009-04-27 05:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 04:53 . 2009-04-27 05:52 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-27 04:53 . 2009-04-27 04:53 -------- d-----w c:\program files\NortonInstaller
2009-04-27 04:46 . 2009-04-27 04:52 -------- d-----w c:\documents and settings\ssingh\Application Data\GetRightToGo
2009-04-27 04:22 . 2009-04-27 04:22 16384 ----atw c:\winnt\system32\Perflib_Perfdata_440.dat
2009-04-26 19:10 . 2009-04-26 19:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 19:10 . 2009-04-26 19:11 -------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 18:30 . 2008-06-19 20:24 28544 ----a-w c:\winnt\system32\drivers\pavboot.sys
2009-04-26 18:30 . 2009-04-26 18:30 -------- d-----w c:\program files\Panda Security
2009-04-26 17:02 . 2009-04-26 15:46 15688 ----a-w c:\winnt\system32\lsdelete.exe
2009-04-26 15:46 . 2009-04-26 15:45 64160 ----a-w c:\winnt\system32\drivers\Lbd.sys
2009-04-26 15:41 . 2009-04-26 15:41 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-26 15:41 . 2009-04-26 15:41 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-25 05:04 . 2009-04-25 05:04 -------- d-----w c:\documents and settings\ssingh\Application Data\AVGTOOLBAR
2009-04-25 02:07 . 2008-12-11 12:38 159600 ----a-w c:\winnt\system32\drivers\pctgntdi.sys
2009-04-25 02:07 . 2009-04-03 15:18 130936 ----a-w c:\winnt\system32\drivers\PCTCore.sys
2009-04-25 02:07 . 2008-12-18 16:16 73840 ----a-w c:\winnt\system32\drivers\PCTAppEvent.sys
2009-04-25 02:07 . 2009-04-25 02:07 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-25 02:07 . 2008-12-10 15:36 64392 ----a-w c:\winnt\system32\drivers\pctplsg.sys
2009-04-25 02:06 . 2002-05-15 19:16 360448 ----a-w c:\winnt\system32\oleacc.dll
2009-04-25 02:06 . 2002-05-15 19:16 356352 -c--a-w c:\winnt\system32\dllcache\oleaccrc.dll
2009-04-25 02:06 . 2002-05-15 19:16 356352 ----a-w c:\winnt\system32\oleaccrc.dll
2009-04-25 02:06 . 2009-04-25 05:08 -------- d-----w c:\program files\Spyware Doctor
2009-04-25 02:06 . 2009-04-25 02:06 -------- d-----w c:\documents and settings\ssingh\Application Data\PC Tools
2009-04-25 02:06 . 2009-04-25 02:06 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-25 02:06 . 2002-05-15 19:16 462848 ----a-w c:\winnt\system32\msaatext.dll
2009-04-24 23:41 . 2009-04-24 23:38 102664 ----a-w c:\winnt\system32\drivers\tmcomm.sys
2009-04-24 23:38 . 2009-04-27 06:00 -------- d-----w c:\documents and settings\ssingh\.housecall6.6
2009-04-24 23:32 . 2009-04-24 23:32 -------- d-----w c:\program files\Trend Micro
2009-04-24 18:10 . 2009-02-20 15:22 65128 ----a-w c:\winnt\system32\drivers\avgntflt.sys
2009-04-24 15:00 . 2009-04-24 15:00 -------- d-----w c:\documents and settings\Default User\Application Data\Yahoo!
2009-04-24 06:24 . 2003-06-19 19:05 12592 ----a-w c:\winnt\system32\drivers\usbscan.sys
2009-04-22 20:15 . 2009-04-07 17:47 20648 ----a-w c:\winnt\system32\novamnp6.dll
2009-04-22 20:15 . 2009-04-07 17:47 19112 ----a-w c:\winnt\system32\novamip6.dll
2009-04-22 20:15 . 2009-03-10 21:16 7533 ----a-w c:\winnt\system32\novap6.ctm
2009-04-22 20:06 . 2009-04-22 20:06 -------- d-----w c:\documents and settings\Default User\Application Data\Softland
2009-04-22 20:04 . 2008-10-13 20:23 7533 ----a-w c:\winnt\system32\dopdf6.ctm
2009-04-22 20:04 . 2009-04-24 06:17 -------- d-----w c:\program files\Softland
2009-04-17 14:38 . 2009-04-27 05:51 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 19:16 . 2009-04-09 19:16 32 ----a-w c:\winnt\gca631.INI
2009-04-09 19:15 . 2009-04-09 19:15 -------- d-----w C:\TurboSystemsCo
2009-04-07 22:30 . 2009-04-07 22:41 -------- d-----w c:\documents and settings\ssingh\Local Settings\Application Data\ShippingAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 15:12 . 2009-04-26 17:07 4836 ----a-w C:\aaw7boot.log
2009-04-27 14:00 . 2005-10-03 15:43 494 ----a-w C:\hpfr5550.xml
2009-04-26 15:41 . 2007-03-06 23:50 -------- d-----w c:\program files\Lavasoft
2009-04-25 13:45 . 2005-10-03 16:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-25 13:45 . 2009-01-31 16:16 1892 ----a-w C:\InstallHelper.log
2009-04-25 13:44 . 2009-02-19 05:07 -------- d-----w c:\program files\PageBreeze
2009-04-25 05:04 . 2008-07-23 05:06 -------- d---a-w c:\documents and settings\All Users\Application Data\avg8
2009-04-17 15:04 . 2005-10-03 21:42 27200 -c--a-w c:\documents and settings\ssingh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 04:33 . 2007-04-03 15:35 -------- d--h--w c:\documents and settings\ssingh\Application Data\Move Networks
2009-02-19 21:33 . 2009-02-19 21:33 576512 ----a-w c:\winnt\system32\WININET.DLL
2009-02-19 05:17 . 2009-02-19 05:17 129 ----a-w c:\documents and settings\ssingh\Local Settings\Application Data\fusioncache.dat
2009-02-19 05:02 . 2009-02-19 05:02 730 ----a-w C:\odbcconf.log
2009-02-08 16:16 . 1999-12-07 18:00 1644784 ----a-w c:\winnt\system32\WIN32K.SYS
2009-02-04 04:20 . 2009-02-04 04:20 47376 ----a-w c:\winnt\system32\secur32.dll
2009-01-28 15:22 . 2007-10-04 19:15 0 ---ha-w c:\program files\hpothb07.tif
2009-01-28 15:22 . 2007-10-04 19:15 0 ---ha-w c:\program files\hpothb07.dat
2009-01-28 15:19 . 2007-10-04 19:18 487 ---ha-w c:\documents and settings\SYSTEM\hpothb07.dat
2009-01-28 15:19 . 2007-04-09 15:38 503 ---ha-w c:\documents and settings\ssingh\hpothb07.dat
2009-01-28 00:57 . 2007-10-04 19:18 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2009-01-28 00:57 . 2007-05-05 17:40 0 ---ha-w c:\documents and settings\Default User\hpothb07.dat
2007-11-20 17:56 . 2007-02-05 21:07 168 ---h--w c:\documents and settings\Administrator\hpothb07.dat
2007-10-08 16:23 . 2007-10-08 16:23 119968 ------w c:\documents and settings\ssingh\HpAiOFWUpdate2_2.exe
2007-10-04 19:17 . 2007-10-04 19:17 209 ---h--w c:\documents and settings\Administrator\Local Settings\Application Data\hpothb07.dat
2006-12-15 16:17 . 2006-12-15 16:17 15216 ------w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-30 17:40 . 2005-09-30 17:40 271 ---h--w c:\program files\desktop.ini
2005-09-30 17:40 . 2005-09-30 17:40 21952 ---h--w c:\program files\folder.htt
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w c:\winnt\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-26 516440]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave4"= serwvdrv.dll
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=
"wave"= serwvdrv.dll
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\^Criminal Areas of Responsibilities.xls]
path=\Criminal Areas of Responsibilities.xls

[HKLM\~\startupfolder\^Dalai Lama.doc]
path=\Dalai Lama.doc

[HKLM\~\startupfolder\^good karma.pps]
path=\good karma.pps

[HKLM\~\startupfolder\^rabi.pdf]
path=\rabi.pdf

[HKLM\~\startupfolder\^rabi1.pdf]
path=\rabi1.pdf

[HKLM\~\startupfolder\^rabi2.tif]
path=\rabi2.tif

[HKLM\~\startupfolder\^sajal.pdf]
path=\sajal.pdf

[HKLM\~\startupfolder\^sajal1.pdf]
path=\sajal1.pdf

[HKLM\~\startupfolder\^tcby.doc]
path=\tcby.doc

R3 Netopia_iphelp;Netopia WLAN IP Utility; [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 Slnt7554;USB Soft Modem Driver;c:\winnt\system32\DRIVERS\SLDRV\slnt7554.sys [2005-05-10 225272]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [2009-04-03 130936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\DRIVERS\el90xbc5.sys [1999-10-23 61712]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
*NewlyCreated* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder

2009-04-26 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:44]

2009-04-24 c:\winnt\Tasks\CHKDSK.job
- c:\winnt\system32\CHKDSK.EXE [1999-12-07 02:47]

2009-04-27 c:\winnt\Tasks\Disk Cleanup.job
- c:\winnt\System32\cleanmgr.exe [1999-12-07 18:00]

2008-04-14 c:\winnt\Tasks\FRU Task 2002-12-04 03:40ewlett-Packard2002-12-04 03:40p officejet 6100 series324C9EBEBB389A3CB37E16C7992E8342068F8B15200326203.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-04 00:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: infomart-usa.com\webmail
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
FF - ProfilePath - c:\documents and settings\ssingh\Application Data\Mozilla\Firefox\Profiles\zr9ir3tj.default\
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPJPI142_14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_14\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 11:13
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(208)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(276)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
.
Completion time: 2009-04-27 11:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 15:19

Pre-Run: 16,598,347,776 bytes free
Post-Run: 16,770,371,584 bytes free

239 --- E O F --- 2009-04-19 20:08

Attached Files

ComboFix.txt (13.7 KB, 0 views)

forumuser10

This usually is caused by viruses on your computer, or more specific adware. The adware is usually on your computer but can sometimes be infected in the website. What virus programs are you running. I suggest you dowonload avira anti virus. Its the best ive found.

Riskyone101

Hello and Welcome to TSF,

Please do not post any combo fix or hijack logs in here!

Report here and dont download anything on the pc unless instructed to:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Please read “Virus/Trojan/Spyware Removal Help “ and follow the instructions
very carefully; then, post all the requested logs and information in the Virus Help Forum
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.
Please be patient, as the Security Team Analysts are usually very busy; one of them will
answer your request as soon as they can.