Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Search Engine Virus

  • Please log in to reply
2 replies to this topic

#1 td189


  • Members
  • 2 posts
  • Local time:08:49 PM

Posted 21 February 2009 - 11:29 AM

I hope someone on here can help me as I have a virus where whenever I type something into google/yahoo etc then click on the link it redirects me to a random link that seems to vary. I have followed the instructions and below is DDS information:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom at 16:23:52.80 on 21/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2037.902 [GMT 0:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Flashget] c:\program files\flashget\FlashGet.exe /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Salling Media Sync] "c:\program files\salling software ab\salling media sync\Salling Media Sync.exe" -atboottime
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NodLogin] c:\program files\eset\eset nod32 antivirus\nodlogin.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: NameServer =,
TCP: {A9624717-81CA-4F22-96EE-FA158C02EF92} =,
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\x4wllmhs.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\x4wllmhs.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\x4wllmhs.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-9-8 807424]
S3 TVService;TVService;c:\program files\team mediaportal\mediaportal tv server\TvService.exe [2008-7-17 184320]

=============== Created Last 30 ================

2009-02-21 15:17 58,792 a------- c:\windows\system32\wbload.dll
2009-02-21 15:17 42,672 a------- c:\windows\system32\wbsys.dll
2009-02-21 15:17 <DIR> --d----- c:\program files\Stardock
2009-02-21 12:30 394 ---shr-- C:\autorun.inf
2009-02-21 12:00 <DIR> --d----- c:\program files\common files\Stardock
2009-02-18 20:01 <DIR> --d----- c:\windows\system32\Adobe
2009-02-16 17:29 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-16 17:19 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-02-16 17:17 <DIR> --d----- c:\programdata\Microsoft Help
2009-02-14 20:30 <DIR> --d----- c:\users\tom\corsa alloys
2009-02-05 13:48 <DIR> --d----- C:\Programs
2009-02-05 11:10 <DIR> --d----- c:\program files\Symbian-Toys
2009-02-05 10:41 <DIR> --d----- c:\users\tom\.eclipse
2009-02-05 10:36 <DIR> --d----- c:\programdata\InstallShield
2009-01-29 21:59 <DIR> --d----- c:\program files\Bridge Building Game
2009-01-28 20:16 <DIR> --d----- c:\program files\Microsoft Xbox 360 Accessories
2009-01-28 20:16 68,888 a------- c:\windows\system32\xinput1_3.dll
2009-01-28 20:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-01-24 20:55 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-24 20:52 <DIR> --d----- c:\program files\Salling Software AB
2009-01-24 20:21 <DIR> --dsh--- c:\users\tom\Phone Browser
2009-01-24 20:19 <DIR> --d----- C:\Mass-Storage-Synchronizer

==================== Find3M ====================

2009-02-14 20:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-14 20:27 51,200 a------- c:\windows\inf\infpub.dat
2009-01-28 20:17 86,016 a------- c:\windows\inf\infstor.dat
2009-01-19 18:28 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-09-13 15:13 87,608 a------- c:\users\tom\appdata\roaming\inst.exe
2008-09-13 15:13 47,360 a------- c:\users\tom\appdata\roaming\pcouffin.sys
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:25:08.93 ===============

Thanks for your help


BC AdBot (Login to Remove)


#2 td189

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:49 PM

Posted 21 February 2009 - 12:12 PM


#3 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 01 March 2009 - 08:37 AM


Log is several days old. If you still need help:
Do you use a router?
We will get a download to use:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:


* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

How Can I Reduce My Risk to Malware?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users