enhance my search problem

Re: "enhance my search" virus

Your problem may be the same but we will almost always only work on one users problem in a thread. It's less confusion that way. I''m moving you to your own thread.

 

Re: "enhance my search" virus

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Both SpyKiller and BestPopUpKiller are garbage that you need to uninstall via Add/Remove programs. If that does not work the line will still be in your HijackThis log and I have steps there to remove them. Look at some info on these in the below two links:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://computercops.biz/startuplist-5311.html

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\ptragq.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: SDWin32 Class - {04EE85AF-102E-4FF1-8676-A44C9F4D1413} - C:\WINDOWS\System32\zmveb.dll (file missing)
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: SDWin32 Class - {62812764-4E6B-4B8A-9549-2E7F08478340} - C:\WINDOWS\System32\uusch.dll (file missing)
O2 - BHO: SDWin32 Class - {A40BEB97-DE81-418A-9433-5FDFA14B50C5} - C:\WINDOWS\System32\khpue.dll (file missing)
O2 - BHO: SDWin32 Class - {DC10C1B4-A465-4354-8DCA-28579D285ADD} - C:\WINDOWS\System32\iuwwi.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\secure.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [o73U33g] igmemsp.exe
O4 - HKLM\..\Run: [cqonulyxdjfcy] C:\WINDOWS\System32\ptragq.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [Zws8RTM2V] imaloc.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/014466ba27bdddd83818/netzip/RdxIE601.cab
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\MySearch <--- the whole folder
C:\Program Files\CSBB <--- the whole folder
C:\Program Files\SpyKiller <--- the whole folder
C:\Program Files\BestPopUpKiller <--- the whole folder
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\ptragq.exe
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\Helper101.dll
C:\WINDOWS\DOWNLO~1\search3.dll
C:\WINDOWS\System32\secure.exe
C:\WINDOWS\System32\igmemsp.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\imaloc.exe
C:\WINDOWS\web\related.htm

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay! Your log is clean now. But your Windows OS and IE are severely out of date and represent a major security risk. You need to get Updated. This is covered in the below thread along with other steps you should take to help protect you from future problems.

How to Protect yourself from malware!