Google search results redirected and internet explorer will not open

[lorelai87]

When I use Google, the results appear to be correct but when I click on them, I am redirected to incorrect sites. The sites vary according to what I am searching for but are never the proper nor relevant sites. Additionally, an perhaps unconnected, when I open Internet Explorer, the window opens but then shuts down.

This is the contents of my DDS.txt:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Ashley at 18:18:02.28 on 2009-01-16
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.502 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1134100721\ee\AOLSoftware.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ashley\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://freerice.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.18.0.14\PlaxoHelper_en.exe -a
uRun: [Active Desktop Calendar] c:\program files\active desktop calendar\ADC.exe
uRun: [PlaxoSysTray] c:\program files\plaxo\3.18.0.14\PlaxoSysTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1134100721\ee\AOLSoftware.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\post it notes\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ritzpi~1.lnk - c:\windows\installer\{56fb9ba2-bb0f-41e8-b55f-cc93a1a404a6}\Icon020A87392.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: brookscole.com
Trusted Zone: irln.com
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ashley\applic~1\mozilla\firefox\profiles\j89g07u9.default\
FF - component: c:\program files\siteadvisor\6173\ff\components\FFHook.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-12-8 58464]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-12-8 108480]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-12-8 102463]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-12 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-28 33752]

=============== Created Last 30 ================

2009-01-16 11:00 <DIR> --d----- C:\cmdcons
2009-01-16 10:59 161,792 a------- c:\windows\SWREG.exe
2009-01-16 10:59 98,816 a------- c:\windows\sed.exe
2009-01-16 10:58 <DIR> --d----- C:\ComboFix
2009-01-16 10:58 388,608 a------- c:\windows\system32\CF7781.exe
2009-01-16 10:54 <DIR> --d----- c:\program files\Trend Micro
2009-01-15 17:39 <DIR> --d----- c:\docume~1\ashley\applic~1\Malwarebytes
2009-01-15 17:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 17:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-15 17:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 16:30 <DIR> --d----- c:\windows\l2schemas
2009-01-15 16:22 <DIR> --d----- C:\OIT Zone Network Wlan

==================== Find3M ====================

2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll

============= FINISH: 18:18:50.98 ===============


I have attached my attach.txt and ark.txt.

Thank you in advance for any help you can provide!

[amateur]

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

[lorelai87]

After running ComboFix and saving the log, my desktop icons were no longer there and neither was my clock/start menu at the bottom of my screen. I will restart it to see if that solves the problem, but I just wanted to report that. Here is my Combofix log:

ComboFix 09-01-19.03 - Ashley 2009-01-19 19:01:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.535 [GMT -5:00]
Running from: c:\documents and settings\Ashley\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-17 11:25 . 2009-01-17 11:25 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-16 18:22 . 2009-01-16 18:23 250 --a------ c:\windows\gmer.ini
2009-01-16 10:54 . 2009-01-16 10:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-15 17:39 . 2009-01-15 17:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 17:39 . 2009-01-15 17:39 <DIR> d-------- c:\documents and settings\Ashley\Application Data\Malwarebytes
2009-01-15 17:39 . 2009-01-15 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 17:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 17:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 16:30 . 2009-01-15 16:30 <DIR> d-------- c:\windows\l2schemas
2009-01-15 16:22 . 2009-01-15 16:22 <DIR> d-------- C:\OIT Zone Network Wlan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 23:45 --------- d-----w c:\documents and settings\Ashley\Application Data\Ruckus Network
2009-01-19 23:45 --------- d-----w c:\documents and settings\Ashley\Application Data\goombah
2009-01-17 23:28 --------- d--h--w c:\documents and settings\Ashley\Application Data\Move Networks
2009-01-16 15:38 --------- d-----w c:\program files\Plaxo
2009-01-10 03:22 --------- d-----w c:\documents and settings\Ashley\Application Data\SiteAdvisor
2008-12-24 20:48 --------- d-----w c:\documents and settings\LocalService\Application Data\SiteAdvisor
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-07 20:04 --------- d-----w c:\program files\Soulseek
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"PlaxoUpdate"="c:\program files\Plaxo\3.18.0.14\PlaxoHelper_en.exe" [2008-12-08 370759]
"PlaxoSysTray"="c:\program files\Plaxo\3.18.0.14\PlaxoSysTray.exe" [2008-12-08 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"HostManager"="c:\program files\Common Files\AOL\1134100721\ee\AOLSoftware.exe" [2006-05-09 50760]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-04-04 335872]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Post-itr Software Notes Lite.lnk - c:\program files\Post It Notes\PsnLite.exe [2004-10-15 2080768]
RitzPix E-Z Print & Share.lnk - c:\windows\Installer\{56FB9BA2-BB0F-41E8-B55F-CC93A1A404A6}\Icon020A87392.ico [2006-01-11 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134100721\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134100721\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-12-08 58464]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-05-03 80384]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-12 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-28 33752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf683d9-b322-11dc-8cd9-0014a50c21f6}]
\Shell\AutoRun\command - E:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-16 c:\windows\Tasks\At1.job
- c:\program files\Spybot - Search & Destroy\spybotsd.exe [2005-05-31 01:04]

2009-01-16 c:\windows\Tasks\At2.job
- c:\program files\Spybot - Search & Destroy\spybotsd.exe [2005-05-31 01:04]

2008-12-24 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16 []

2009-01-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Active Desktop Calendar - c:\program files\Active Desktop Calendar\ADC.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://freerice.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.brookscole.com
Trusted Zone: *.irln.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ashley\Application Data\Mozilla\Firefox\Profiles\j89g07u9.default\
FF - component: c:\program files\SiteAdvisor\6173\FF\components\FFHook.dll
FF - plugin: c:\documents and settings\Ashley\Application Data\Mozilla\Firefox\Profiles\j89g07u9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 19:08:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\EntApi.dll
.
Completion time: 2009-01-19 19:11:34
ComboFix-quarantined-files.txt 2009-01-20 00:10:29

Pre-Run: 8,775,200,768 bytes free
Post-Run: 9,944,887,296 bytes free

160 --- E O F --- 2009-01-19 16:09:20




Thank you!

[lorelai87]

This appears to have fixed my Google search results. Thank you :)

[amateur]

Hi,

Quote:

This appears to have fixed my Google search results. Thank you :)

Glad to hear that, we have a little more work to do.

brookscole.com and irln.com are in your trusted zone. It may be helpful to know that when you put an item in your Trusted Zone, it has pretty much full access to your computer... Are you sure you trust these sites to that degree?? If you're not sure, and/or you do not need these in your trusted zone to facilitate access, or you did not knowingly permit this access yourself, let me know so that I can include them in my next step of instructions.

[amateur]

Hi lorelai87,

Are you still with us?

[amateur]

Since your issues appear to have been resolved, please proceed with the following steps to finish the cleaning process:

• Click Start then Run
• Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing and Think Prevention!