Jump to content

Google Search Blocker

Recommended Posts

The only obvious sign of the virus is that I am blocked from accessing Google web search - the Google Maps works, but I just get a 'no server found' type page when using the browser bar or enter www.google.com in the browser. Other than that, everything runs sluggishly.

I have a current, reasently updated version of MB that detects nothing. Tried to run dds, but it wouldn't finish, here's the dds log:


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by ADMIN at 8:11:35 on 2012-04-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.400 [GMT -4:00]



============== Running Processes ===============


C:\WINDOWS\system32\svchost.exe -k DcomLaunch


C:\WINDOWS\System32\svchost.exe -k netsvcs






C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe





C:\Program Files\SFT\GuardedID\gidd.exe


C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe


C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe


============== Pseudo HJT Report ===============


uStart Page = hxxp://my.juno.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} -

c:\program files\constant guard protection suite\NativeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program


BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program


uRun: [bitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader


mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java


mRun: [Conime] %windir%\system32\conime.exe

mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application


mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device


mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [KodakHomeCenter] "c:\program


StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program

files\constant guard protection suite\IDVault.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program

files\mcafee security scan\2.0.181\SSScheduler.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} -


DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -


DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -


DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -






DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -



DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -


TCP: DhcpNameServer =

TCP: Interfaces\{3DE65939-53B1-4088-9BC9-D07015FC1117} : DhcpNameServer =

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program


Notify: GIDLogonXP - GIDLogonXP.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -


mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program

files\sft\guardedid\gidi.exe /v


============= SERVICES / DRIVERS ===============


R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-3-13 25232]

R2 ArcGIS License Manager;ArcGIS License

Manager;c:\progra~1\esri\license\arcgis9x\lmgrd.exe [2012-1-2 467968]

R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection

suite\IDVaultSvc.exe [2012-3-30 65608]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program

files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]

R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys

[2010-12-26 91216]

S0 cerc6;cerc6; [x]

S2 5757;5757;\??\c:\windows\temp\5757.sys --> c:\windows\temp\5757.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-11-24 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program

files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S4 Winip2kmc;Winip2kmc;c:\windows\system32\mscdexnt.exe [2008-4-14 817]


=============== Created Last 30 ================


2012-04-11 12:20:17 -------- d-sh--w- C:\found.001

2012-04-08 12:15:21 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-04-08 12:15:21 -------- d-----w- c:\windows\system32\wbem\Repository

2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet



==================== Find3M ====================


2012-02-28 13:13:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-02 13:08:39 59854808 ----a-w- c:\program files\setup_av_free_cnet.exe

2003-04-22 15:46:52 2719744 ----a-w- c:\program files\aiodrv.msi

2003-04-22 15:42:04 2588672 ----a-w- c:\program files\aiosw.msi

2003-03-10 02:30:44 184320 ----a-w- c:\program files\hpzscr07.dll

2003-03-10 02:30:42 274432 ----a-w- c:\program files\hpzglu07.exe

2003-03-10 02:30:42 237568 ----a-w- c:\program files\hpzc3212.dll

2002-09-09 23:47:52 254005 ----a-w- c:\program files\msvcrt.dll

2002-09-09 23:47:44 70656 ----a-w- c:\program files\msvcirt.dll

2002-09-09 23:47:00 212992 ----a-w- c:\program files\hpzpnp07.dll

2002-09-09 23:46:50 49212 ----a-w- c:\program files\hpzjvp01.dll

2002-09-09 23:46:42 249913 ----a-w- c:\program files\hpzjut01.dll

2002-09-09 23:46:32 417849 ----a-w- c:\program files\hpzjpp01.dll

2002-09-09 23:46:24 28722 ----a-w- c:\program files\hpzjlog.dll

2002-09-06 15:54:56 995383 ----a-w- c:\program files\MFC42.DLL


=================== ROOTKIT ====================


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600


CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it

is being used by another process.

device: opened successfully

user: error reading MBR


Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86C3549F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86c3c738]; MOV

EAX, [0x86c3c8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI;

JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86D8CAB8]

3 CLASSPNP[0xF7532FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86D4E5B0]

\Driver\atapi[0x86D560A0] -> IRP_MJ_CREATE -> 0x86C3549F

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00;

MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX,

0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86C352C6

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.


============= FINISH: 8:12:59.67 ===============

Link to post
Share on other sites

Hello Beesneeze! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

You have missed Attach.txt , so please generate a new fresh logs. Try in Normal mode, not in Safe mode.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.