Tech Support Forum - View Single Post

SearchHelp · 01-11-2009, 08:06 PM

Hello Tech support team,

Per your guidance under "Read This Before Posting For Malware Removal Help" please find my issue below. thanks in advance for any help you can give.
I have a problem with my google/yahoo..(all search engines) search results taking me to the wrong links. the title & discription of my search is correct but the link is not. I think that is only on the first two pages.
I am afraid of this being a backdoor virus or something of sort.
I have used the following anti spyware
- Malwarebytes, Spybot, SUPERAntiSpyware and Ad-Aware
I also used the following anti virus programs:
- Symantic antivirus, Mccafee (online scan), Avast & AVG
They all found some viruses and spyware which I cleaned them but my problem still exists. please find the result of DDS.txt below:

DDS (Ver_09-01-07.01) - NTFSx86
Run by gn00039 at 21:35:54.17 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1415 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ON Technology\ON Command Remote Host\ph32svc.exe
c:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SmsSysTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Equant\Dialer\EACSys.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gn00039\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = frd-proxy.emea.zf-world.com:8080
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {43EE3219-A776-497C-9287-A8B7FB208DFB} - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D339EFC0-2EBA-46E7-971C-8EAD136D3F05} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SmsSysTray] SmsSysTray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SMrhcg7dj0e73e] c:\program files\rhcg7dj0e73e\rhcg7dj0e73e.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: PerInstanceIconHandlerForOffline = 1 (0x1)
mPolicies-explorer: UseDesktopIniCache = 1 (0x1)
dPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: mfdgbf.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gn00039\applic~1\mozilla\firefox\profiles\hf8m4o8z.default\
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-1-21 24521]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-7 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\naveng.sys [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\navex15.sys [2009-1-9 876112]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-1-21 155216]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-1-21 58240]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-11 21:35 <DIR> --d----- c:\temp\RarSFX0
2009-01-11 21:30 <DIR> --d----- c:\program files\CCleaner
2009-01-11 20:45 250 a------- c:\windows\gmer.ini
2009-01-08 00:06 <DIR> --d----- c:\program files\Lavasoft
2009-01-08 00:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-07 23:04 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-07 12:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-07 12:49 1,409 a------- c:\windows\QTFont.for
2009-01-07 12:04 0 a------- c:\windows\vpc32.INI
2009-01-07 11:20 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 11:20 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-07 11:20 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 11:20 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-07 11:19 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-07 10:59 <DIR> --d----- c:\program files\NoNAV
2009-01-07 10:29 <DIR> --d----- C:\SymNoNav
2009-01-07 10:11 573,440 a------- c:\windows\system32\slAgent.exe
2009-01-07 10:07 268 a---h--- C:\sqmdata00.sqm
2009-01-07 10:07 244 a---h--- C:\sqmnoopt00.sqm
2009-01-04 21:39 <DIR> --d----- c:\documents and settings\gn00039\.housecall6.6
2009-01-03 11:49 <DIR> --d----- c:\program files\Trend Micro
2009-01-02 22:59 <DIR> --d----- c:\program files\AVG
2009-01-01 00:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-01 00:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-01 00:53 <DIR> --d----- c:\docume~1\gn00039\applic~1\SUPERAntiSpyware.com
2008-12-31 21:17 <DIR> --d----- c:\windows\McAfee.com
2008-12-29 15:06 <DIR> --d----- c:\program files\common files\Vbox
2008-12-29 15:06 72,192 a------- c:\windows\unlite3.exe
2008-12-29 15:06 <DIR> --d----- c:\program files\Bradbury
2008-12-29 15:06 <DIR> --d----- c:\program files\Macromedia
2008-12-29 09:20 120 ---sh--- c:\windows\system32\kjpslwng.ini
2008-12-22 00:43 <DIR> --d----- c:\program files\xTuple
2008-12-21 22:21 <DIR> --d----- c:\documents and settings\gn00039\.turquaz
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gconfd
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gconf
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnome2_private
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnome2
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnucash
2008-12-21 10:21 <DIR> --d----- c:\program files\OrangeHRM
2008-12-21 02:33 <DIR> --d----- c:\program files\TimeTrex
2008-12-21 02:02 <DIR> --d----- c:\documents and settings\gn00039\flexdock
2008-12-21 01:52 <DIR> --d----- c:\docume~1\gn00039\applic~1\Buddi
2008-12-21 01:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 01:51 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-19 00:57 <DIR> --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2008-11-29 10:51 685,056 a------- c:\windows\is-B3DC1.exe
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-03-26 09:08 28,672 a------- c:\documents and settings\gn00039\atwbxdet.dll

============= FINISH: 21:36:04.64 ===============

Also attached is my Attach.zip file. thanks again and hope to hear from you.