[r-m.a.johnson]

Clicking on my Google search results took me to the wrong websites through a redirect called copybook. I then could not click back to my Google search.
Here's my log:
DDS (Version 1.0) - NTFSx86
Run by Peter at 22:17:19.87 on Sat 29/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.589 [GMT 11:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMS.EXE
C:\Program Files\NetComm\MFP Server Control Center\Control Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Peter\Desktop\gmer\gmer.exe
C:\Documents and Settings\Peter\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.blackle.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [LVCOMS] c:\windows\system32\LVCOMS.EXE
mRun: [Control Center] c:\program files\netcomm\mfp server control center\Control Center.exe -mini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-6 59328]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2007-6-4 48256]
S1 lusbaudio;Logitech USB Microphone;c:\windows\system32\drivers\OVSound2.sys [2008-1-15 25216]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\PPSCAN.sys [2008-2-24 91520]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-4 33752]
S3 KUSBusByTCP;%KUSBusByUSB.SvcDesc%;c:\windows\system32\drivers\KUSBusByTCP.sys [2007-6-4 80000]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2008-1-15 31872]
S3 RDID1009;EDIROL UM-1 USB Driver;c:\windows\system32\drivers\rdwm1009.sys [2008-1-7 60730]
S3 Snzi3Usb;Snazzi*III USB2 Device;c:\windows\system32\drivers\Snzi3Usb.sys [2008-7-8 77952]

=============== Created Last 30 ================

2008-11-29 21:57 250 a------- c:\windows\gmer.ini
2008-11-10 19:01 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-10 18:16 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-10 18:16 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2008-11-10 18:16 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2008-11-10 18:04 46,456 a----r-- c:\windows\system32\exitwx.exe
2008-11-10 17:56 661,808 a------- c:\windows\system32\UfWSC.cpl
2008-11-10 17:56 1,195,448 a------- c:\windows\system32\drivers\vsapint.sys
2008-11-10 17:56 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2008-11-10 17:56 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2008-11-10 17:56 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2008-11-10 17:56 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2008-11-10 17:52 <DIR> --d----- C:\trendmicro update
2008-11-09 16:54 <DIR> --d----- c:\windows\system32\scripting
2008-11-09 16:54 <DIR> --d----- c:\windows\l2schemas
2008-11-09 16:54 <DIR> --d----- c:\windows\system32\en
2008-11-09 16:54 <DIR> --d----- c:\windows\system32\bits
2008-11-09 16:50 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-09 16:46 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2008-11-28 17:35 12,496 a------- c:\windows\MSPuzzle.dat
2008-11-26 12:15 11,289 a------- c:\windows\system32\nvModes.dat
2008-11-10 20:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2008-11-10 18:16 <DIR> --d----- c:\program files\Trend Micro
2008-11-09 16:58 <DIR> --d----- c:\program files\Messenger
2008-11-09 16:57 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-09 16:49 <DIR> --d----- c:\program files\Windows NT
2008-10-02 12:10 <DIR> --d----- c:\program files\Web Publish
2008-09-15 23:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-08-16 23:40 <DIR> --d----- c:\docume~1\peter\applic~1\ZoomBrowser EX
2008-08-16 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2008-06-06 11:57 <DIR> --d----- c:\docume~1\peter\applic~1\Xfire
2008-01-28 16:48 <DIR> --d----- c:\docume~1\peter\applic~1\Goodsol
2008-01-15 16:57 <DIR> --d----- c:\docume~1\peter\applic~1\Canon
2008-01-11 18:56 <DIR> --d----- c:\docume~1\peter\applic~1\Anvil Studio
2008-01-03 18:19 <DIR> --d----- c:\docume~1\peter\applic~1\Nokia
2007-12-31 13:30 <DIR> --d----- c:\docume~1\peter\applic~1\Nokia Multimedia Player
2007-12-30 14:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Suite
2007-12-30 14:14 <DIR> --d----- c:\docume~1\peter\applic~1\AdobeAUM
2007-12-30 14:11 <DIR> --d----- c:\docume~1\peter\applic~1\PC Suite
2007-12-30 14:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Installations

============= FINISH: 22:17:38.60 ===============

 

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

 

[sUBs]

Due to the lack of feedback, this Topic is closed.