I posted earlier but w/o the correct logs...sorry about that.
So I have some browser hijack/redirect malware...its happening in all browsers (ie, firefox, safari), redirects to another spamish site when I click on any search results. Does not happen when I directly enter a URL. Another thing to note.. I tried Combofix before learning about this forum, but that didn't fix it.
Below is the DDS.txt logfile - thanks for your help malware warriors!
DDS (Ver_09-12-01.01) - NTFSx86
Run by patron at 19:34:32.75 on Sat 02/06/2010
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.161 [GMT -5:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\patron\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
uRun: [BackgroundSwitcher] "c:\program files\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mPolicies-system: EnableLUA = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\patron\appdata\roaming\mozilla\firefox\profiles\68i1xrpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com/
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\patron\appdata\roaming\mozilla\firefox\profiles\68i1xrpg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-28 904192]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664]
=============== Created Last 30 ================
2010-02-07 00:08:11 0 d-----w- c:\windows\system32\log
2010-02-07 00:00:53 0 d-----w- c:\program files\TrendMicro
2010-02-06 23:41:06 0 d-s---w- C:\ComboFix
2010-02-06 23:09:23 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-06 22:56:09 98816 ----a-w- c:\windows\sed.exe
2010-02-06 22:56:09 77312 ----a-w- c:\windows\MBR.exe
2010-02-06 22:56:09 261632 ----a-w- c:\windows\PEV.exe
2010-02-06 22:56:09 161792 ----a-w- c:\windows\SWREG.exe
2010-02-06 22:20:50 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-06 22:20:50 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 22:01:05 65536 --sha-w- c:\users\patron\ntuser.dat{b2b3eda0-1366-11df-a5fa-0016d48eddae}.TM.blf
2010-02-06 22:01:05 524288 --sha-w- c:\users\patron\ntuser.dat{b2b3eda0-1366-11df-a5fa-0016d48eddae}.TMContainer00000000000000000002.regtrans-ms
2010-02-06 22:01:05 524288 --sha-w- c:\users\patron\ntuser.dat{b2b3eda0-1366-11df-a5fa-0016d48eddae}.TMContainer00000000000000000001.regtrans-ms
2010-02-05 03:52:21 0 d-----w- c:\program files\Dl_cats
2010-02-05 03:48:43 0 d-----w- c:\program files\Dell Photo AIO Printer 924
2010-02-05 03:48:25 538096 ----a-w- c:\windows\system32\dlcccoms.exe
2010-02-05 01:46:56 0 d-----w- C:\dell
2010-01-22 19:13:03 67119 ----a-w- C:\logo_princeton_292x80[1].psd
2010-01-10 01:19:25 0 d-----w- c:\program files\Western Digital Technologies
2010-01-10 01:19:21 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
==================== Find3M ====================
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 01:20:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-10 01:20:51 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-10 01:20:51 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 07:27:18 100556 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-27 17:59:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-27 17:57:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 19:35:44.98 ===============