All the results are the same websites, no matter what my search field is.
The sponsered links also show up in either russian or spanish sometimes.
If I attempt to click on anything on the page, such as next page, a download attempts to open for something called "setup".
This was a pretty big red flag for me.
The information bar at the bottom of the browser window appears to be retrieving its information from 2 sites:
xml.klikvip.com
bestcatalog-giam.org
So far I have run Trendmicro Housecall, Spybot, Adaware, SystemSuite, Spyware Blaster. All of them are coming up as if there is nothing wrong with my PC, which I know to be untrue.
Help is appreciated.
:::::Here Is my DDS Log:::::::
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 11:57:01.54 on Sat 06/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -7:00]
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avanquest SystemSuite *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\WINDOWS\system32\dllhost.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-43A4E962DC\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mWinlogon: Shell=Explorer.exe rundll32.exe calc.ifo beforemain
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: XPL LinkScannerIE: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\LinkScannerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DataVault Object: {8373adc0-6330-11dd-9d77-22c856d89593} - c:\program files\avanquest\systemsuite\IE_ContextMenu_Vault.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BhoMisc Class: {e3578b37-6346-4ec1-a82b-38273a100dcf} - c:\program files\trend micro\trendprotect\msie\wrs.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: TrendProtect: {f83be649-1cc3-48ee-b2e2-0826cef3822a} - c:\program files\trend micro\trendprotect\msie\wrs.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [Steam] "c:\steam\Steam.exe" -silent
uRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\windows\temp\E_SAB.tmp" /EF "HKCU"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\trend micro\trendprotect\msie\WRS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\ax4s3wah.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=10181&jr=true
FF - component: c:\program files\avanquest\systemsuite\firefox\components\SearchShield.dll
FF - component: c:\program files\avanquest\systemsuite\firefox3dv\components\VaultComponent.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: XUL Cache: {3007344C-C272-4273-B8DC-841B465B2D74} - c:\documents and settings\owner.your-43a4e962dc\local settings\application data\{3007344C-C272-4273-B8DC-841B465B2D74}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-20 64160]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-6-17 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-6-17 202928]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-10-17 353672]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-2-3 464264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2008-10-28 886056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-6-17 69168]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-11-20 60272]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-9-22 20225]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
=============== Created Last 30 ================
2009-06-20 11:12 <DIR> --d----- c:\windows\pss
2009-06-20 01:51 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-20 01:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 12:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-19 12:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-19 12:15 <DIR> --d----- c:\program files\Trend Micro
2009-06-19 11:50 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-17 22:28 69,168 a------- c:\windows\system32\drivers\sbapifs.sys
2009-06-17 22:28 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-06-17 22:28 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-06-17 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-06-17 22:24 <DIR> --d-h--- C:\_Backup
2009-06-17 22:24 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Avanquest
2009-06-17 22:24 <DIR> --d----- c:\program files\Avanquest update
2009-06-17 22:24 <DIR> --d----- c:\program files\common files\AntiVirus
2009-06-17 22:24 <DIR> --d----- c:\program files\Avanquest
2009-06-17 21:15 <DIR> --d----- c:\documents and settings\owner.your-43a4e962dc\.housecall6.6
2009-06-17 21:12 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-17 20:00 704,288 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-17 20:00 45,856 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-17 20:00 10,508 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-17 20:00 5,300 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 19:59 0 a------- C:\rollback.ini
2009-06-17 18:22 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-06-17 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS
2009-06-17 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-06-17 14:47 35,328 a------- c:\windows\system32\drivers\smss.exe
2009-06-14 18:14 <DIR> --dsh--- c:\documents and settings\owner.your-43a4e962dc\PrivacIE
2009-06-14 15:07 0 a------- c:\windows\system32\AVR09.exe
2009-06-14 15:06 22,528 a------- c:\windows\system32\calc.ifo
2009-06-09 17:20 <DIR> --dsh--- c:\documents and settings\owner.your-43a4e962dc\IETldCache
2009-06-09 13:05 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 13:05 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 13:05 <DIR> --d----- c:\windows\ie8updates
2009-06-09 13:04 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-09 13:03 <DIR> -cd-h--- c:\windows\ie8
2009-06-01 13:58 <DIR> --d----- c:\program files\2K Games
==================== Find3M ====================
2009-06-20 01:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-14 14:08 41,694 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-28 23:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2005-09-20 11:05 456,768 a------- c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 19:58 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 19:58 26,112 a------- c:\windows\inf\wg311t\install.exe
2009-01-07 22:15 109 a--sh--- c:\windows\system32\1623327608.dat
============= FINISH: 11:58:02.15 ===============