SearchHelp

Hello Tech support team,

Per your guidance under "Read This Before Posting For Malware Removal Help" please find my issue below. thanks in advance for any help you can give.
I have a problem with my google/yahoo..(all search engines) search results taking me to the wrong links. the title & discription of my search is correct but the link is not. I think that is only on the first two pages.
I am afraid of this being a backdoor virus or something of sort.
I have used the following anti spyware
- Malwarebytes, Spybot, SUPERAntiSpyware and Ad-Aware
I also used the following anti virus programs:
- Symantic antivirus, Mccafee (online scan), Avast & AVG
They all found some viruses and spyware which I cleaned them but my problem still exists. please find the result of DDS.txt below:

DDS (Ver_09-01-07.01) - NTFSx86
Run by gn00039 at 21:35:54.17 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1415 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ON Technology\ON Command Remote Host\ph32svc.exe
c:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SmsSysTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Equant\Dialer\EACSys.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gn00039\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = frd-proxy.emea.zf-world.com:8080
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {43EE3219-A776-497C-9287-A8B7FB208DFB} - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D339EFC0-2EBA-46E7-971C-8EAD136D3F05} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SmsSysTray] SmsSysTray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SMrhcg7dj0e73e] c:\program files\rhcg7dj0e73e\rhcg7dj0e73e.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: PerInstanceIconHandlerForOffline = 1 (0x1)
mPolicies-explorer: UseDesktopIniCache = 1 (0x1)
dPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: mfdgbf.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gn00039\applic~1\mozilla\firefox\profiles\hf8m4o8z.default\
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-1-21 24521]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-7 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\naveng.sys [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\navex15.sys [2009-1-9 876112]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-1-21 155216]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-1-21 58240]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-11 21:35 <DIR> --d----- c:\temp\RarSFX0
2009-01-11 21:30 <DIR> --d----- c:\program files\CCleaner
2009-01-11 20:45 250 a------- c:\windows\gmer.ini
2009-01-08 00:06 <DIR> --d----- c:\program files\Lavasoft
2009-01-08 00:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-07 23:04 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-07 12:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-07 12:49 1,409 a------- c:\windows\QTFont.for
2009-01-07 12:04 0 a------- c:\windows\vpc32.INI
2009-01-07 11:20 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 11:20 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-07 11:20 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 11:20 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-07 11:19 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-07 10:59 <DIR> --d----- c:\program files\NoNAV
2009-01-07 10:29 <DIR> --d----- C:\SymNoNav
2009-01-07 10:11 573,440 a------- c:\windows\system32\slAgent.exe
2009-01-07 10:07 268 a---h--- C:\sqmdata00.sqm
2009-01-07 10:07 244 a---h--- C:\sqmnoopt00.sqm
2009-01-04 21:39 <DIR> --d----- c:\documents and settings\gn00039\.housecall6.6
2009-01-03 11:49 <DIR> --d----- c:\program files\Trend Micro
2009-01-02 22:59 <DIR> --d----- c:\program files\AVG
2009-01-01 00:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-01 00:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-01 00:53 <DIR> --d----- c:\docume~1\gn00039\applic~1\SUPERAntiSpyware.com
2008-12-31 21:17 <DIR> --d----- c:\windows\McAfee.com
2008-12-29 15:06 <DIR> --d----- c:\program files\common files\Vbox
2008-12-29 15:06 72,192 a------- c:\windows\unlite3.exe
2008-12-29 15:06 <DIR> --d----- c:\program files\Bradbury
2008-12-29 15:06 <DIR> --d----- c:\program files\Macromedia
2008-12-29 09:20 120 ---sh--- c:\windows\system32\kjpslwng.ini
2008-12-22 00:43 <DIR> --d----- c:\program files\xTuple
2008-12-21 22:21 <DIR> --d----- c:\documents and settings\gn00039\.turquaz
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gconfd
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gconf
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnome2_private
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnome2
2008-12-21 19:00 <DIR> --d----- c:\documents and settings\gn00039\.gnucash
2008-12-21 10:21 <DIR> --d----- c:\program files\OrangeHRM
2008-12-21 02:33 <DIR> --d----- c:\program files\TimeTrex
2008-12-21 02:02 <DIR> --d----- c:\documents and settings\gn00039\flexdock
2008-12-21 01:52 <DIR> --d----- c:\docume~1\gn00039\applic~1\Buddi
2008-12-21 01:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 01:51 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-19 00:57 <DIR> --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2008-11-29 10:51 685,056 a------- c:\windows\is-B3DC1.exe
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-03-26 09:08 28,672 a------- c:\documents and settings\gn00039\atwbxdet.dll

============= FINISH: 21:36:04.64 ===============

Also attached is my Attach.zip file. thanks again and hope to hear from you.

Attached Files

Attach.zip (3.8 KB, 5 views)

Blade81

Hi SearchHelp

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.