Search ReDirects

A friend of mine was having trouble with his internet searches and asked me to take a look. Sadly I failed miserably as no program I've come across has been able to fix the problem. Run a search on google and click a result but end up some place I don't want to be. As I've said I've tried many programs trying to get it fixed but none worked so this is my last option.

Any and all help will be much appreciated.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ebony at 0:58:37.93 on Mon 03/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3838.3255 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ebony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248119787125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 78.159.110.43 www.google.com
Hosts: 78.159.110.43 www.google.de
Hosts: 78.159.110.43 www.google.fr
Hosts: 78.159.110.43 www.google.co.uk

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-6 28552]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100306.004\naveng.sys [2010-3-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100306.004\navex15.sys [2010-3-6 1324720]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1ca0992933a753c;Google Update Service (gupdate1ca0992933a753c);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ebony\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\ebony\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]

=============== Created Last 30 ================

2010-03-08 08:51:44 0 ----a-w- c:\documents and settings\ebony\defogger_reenable
2010-03-08 01:54:23 0 d-----w- c:\program files\ESET
2010-03-07 20:29:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 20:29:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-07 07:57:18 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-07 07:57:06 0 d-----w- c:\program files\Panda Security
2010-03-07 05:20:45 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-07 05:18:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-07 05:18:48 0 d-----w- c:\docume~1\ebony\applic~1\SUPERAntiSpyware.com
2010-03-07 05:16:21 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-07 01:18:31 0 d-----w- c:\docume~1\ebony\applic~1\Malwarebytes
2010-03-07 01:18:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 01:18:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 01:18:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-07 01:18:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 04:05:47 868 ----a-w- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-28 09:05:31 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-11-28 09:05:31 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-11-28 09:05:31 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:59:12.01 ===============

Still struggling with redirects to mfeed and searchweb8, and no idea as to how to fix it.

Sleep now but would appreciate any assistance later.

Thank You

Anyone?

Off to bed again, will look around again tomorrow but chances are I'll have to wipe it out and start from scratch.

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I was able to get it fixed, thank you for responding though.

Ok. Thanks for letting me know . Shall close the topic then.