Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network printer problem ram registry router security slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Somethings wrong with my google, please help! (In Progress)

Page 2 of 2 1 2
Reply  
Thread Tools
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
26-Oct-2009, 06:24 PM #16
If SUPERAntiSpyware detected and removed only "adware tracking cookies", that's fine. I don't need to see a scan log then.

----------------------------------------------------------------

Let's deal with the Windows Defender problem, then we'll go on from there.

Go back into Start - Run - MSCONFIG - OK - Startup(tab) and uncheck MSAScui, then click Apply - OK - Exit Without Restart.

Go into Start - Run - SERVICES.MSC - OK. Expand the wiwndow so you can see the list more clearly. Right-click Windows Defender, then click Properties. Change "Startup Type" to Disabled, then click Apply- OK.

Close the window, then restart your computer.

When the small SCU window appears during restart, ignore the message. Put a checkmark in it, then click OK.

Go into the C:\Program Files folder, then delete the entire Windows Defender folder.

Restart your computer again.

Start HijackThis and run a scan, then post that new log here.

-----------------------------------------------------------------
Register for free to hide this ad!
sandhulol's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Oct 2009
Experience: Intermediate
26-Oct-2009, 10:21 PM #17
ok so i did what you told me to by turning it off from startup, and then i tryed to disable it with the next step but it was already disabled on that. then i went to program files and tryed deleting the folder but it says "error deleting file or folder".
sandhulol's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Oct 2009
Experience: Intermediate
27-Oct-2009, 02:53 AM #18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:43 PM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\BRMFRSMG.EXE
D:\WINDOWS\ALCXMNTR.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10181&jr=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237680186562
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
--
End of file - 9856 bytes
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
27-Oct-2009, 12:03 PM #19
Go back into Start - Run - MSCONFIG - OK - Startup(tab) and uncheck the entries that I've highlighted in bold type.

ALCXMNTR

igxtray

hkcmd

MSAScui

Qttask

jusched

reader_sl

adobearm

mbam

ctfmon

After you're done, click Apply - OK and then restart. When the small SCU window appears, check it and then click OK.

Next, go back into the C:\Program Files folder and try again to delete the entire Windows Defender folder. If it still refuses to delete, open it and then delete its contents one-by-one until the folder is empty. You should then be able to delete it.

Next, start HijackThis and run a scan. Return here, then copy-and-paste that new log here.

-------------------------------------------------------------
sandhulol's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Oct 2009
Experience: Intermediate
28-Oct-2009, 05:10 PM #20
iv removed everything in that windows defender folder except for this one dll called "mpshHook.dll." it just wont delete.

here the hijack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:49 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\BRMFRSMG.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10181&jr=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237680186562
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
--
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
28-Oct-2009, 05:20 PM #21
Go here and click the green icon to download Unlocker 1.8.8 and install it.

Read the information in the "Description" tab on what it does and how to use it.

You should then be able to get rid of that last DLL file and the folder.

-------------------------------------------------------------
sandhulol's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Oct 2009
Experience: Intermediate
28-Oct-2009, 07:33 PM #22
i downloaded it and i tryed deleting it but it doesn't work.
i dont think we need to worry much about that though, its just a file or folder.. it doesnt bother me unless it has something to do with the actual problem im concerned about (google).

i really would like to get that google problem fixed up in the description.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
29-Oct-2009, 10:57 AM #23
Did you download and save HostsXpert 4.3, as I previously requested? A malware expert is likely going to have need of it. I've reported your thread to the "Malware Removal & HijackThis Logs" section for assistance. Be patient.

---------------------------------------------------------------

Start HijackThis and run a scan, then put a checkmark in

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

then click Fix Checked - Yes.

Do another scan, then post that log here.

---------------------------------------------------------------
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 10:36 AM #24
I don't see any anti-virus software running.
Look in the TSG Library of Knowledge for suggestions. Some are purchased and some are free. Pick one and get your system protected.



Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click on the Make Writable? button.
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
30-Oct-2009, 11:34 AM #25
Cybertech:

Since I've never used it, I decided to do a test start with HostsXpert 4.3 and follow your directions.

Either I need more coffee or I'm having trouble finding the "Make Writeable" button.

Here is a screenshot of what I got when I started it. I can't see it in this section, but hopefully you can.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
30-Oct-2009, 02:37 PM #26
By default the program is ready to use with "Make ReadOnly?"
If it is set at "Make Writeable" you have to click on that to make it "Make ReadOnly?"

Not intuative at all IMO.

Guess I should change my canned on that one to make things clear.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
30-Oct-2009, 07:03 PM #27
cybertech:

Thanks for the clarification. Sorry for the interruption.

sandhulol:

If you decide on a free anti-virus program, select one of the top 3 in the list at the link that cybertech gave you - AVG, Avira AntiVir, Alwil Avast.

-----------------------------------------------------------------
sandhulol's Avatar
Computer Specs
Junior Member with 14 posts.
  
Join Date: Oct 2009
Experience: Intermediate
09-Dec-2009, 07:09 PM #28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:28 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\BRMFRSMG.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/disp...b_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=10181&jr=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237680186562
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9651 bytes



Flavalee: sorry, i've been very busy this last month and i finally got a chance to go through and check my emails.
heres the logfile you wanted, thanks again for helping me out.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,849 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
09-Dec-2009, 07:32 PM #29
I was wondering where you've been for the last 6 weeks or so.

You're in cybertech's hands for now.

---------------------------------------------------------------
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
10-Dec-2009, 04:37 PM #30
Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Close all applications and browser windows before you click "fix checked".



Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Please run ESET Online Scanner

Note: You can use IE or FireFox for this scan. You need to disable your current installed Anti-Virus. If you need help with that look here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go ESET Online Scanner and click on the ESET Online Scanner button
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2

Tags
google, internet

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 05:22 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.