1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Redirect Virus on Google

Discussion in 'Virus & Other Malware Removal' started by TechGeekNet, Jan 25, 2011.

Thread Status:
Not open for further replies.
  1. TechGeekNet

    TechGeekNet Thread Starter

    Joined:
    Oct 9, 2010
    Messages:
    9
    PC run standard scans MBAM, etc. Still redirects. Hit it with everything I can find still no luck. Have a 2nd computer doing a similar thing. Thinking wipe and reinstall but figured I'd give this a crack. Also when it seems fixed it's slow on Google initial search.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:27:28 PM, on 1/25/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Documents and Settings\Vito & Gail\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 66.232.114.203 www.google.com
    O1 - Hosts: 66.232.114.203 google.com
    O1 - Hosts: 66.232.114.203 google.com.au
    O1 - Hosts: 66.232.114.203 www.google.com.au
    O1 - Hosts: 66.232.114.203 google.be
    O1 - Hosts: 66.232.114.203 www.google.be
    O1 - Hosts: 66.232.114.203 google.com.br
    O1 - Hosts: 66.232.114.203 www.google.com.br
    O1 - Hosts: 66.232.114.203 google.ca
    O1 - Hosts: 66.232.114.203 www.google.ca
    O1 - Hosts: 66.232.114.203 google.ch
    O1 - Hosts: 66.232.114.203 www.google.ch
    O1 - Hosts: 66.232.114.203 google.de
    O1 - Hosts: 66.232.114.203 www.google.de
    O1 - Hosts: 66.232.114.203 google.dk
    O1 - Hosts: 66.232.114.203 www.google.dk
    O1 - Hosts: 66.232.114.203 google.fr
    O1 - Hosts: 66.232.114.203 www.google.fr
    O1 - Hosts: 66.232.114.203 google.ie
    O1 - Hosts: 66.232.114.203 www.google.ie
    O1 - Hosts: 66.232.114.203 google.it
    O1 - Hosts: 66.232.114.203 www.google.it
    O1 - Hosts: 66.232.114.203 google.co.jp
    O1 - Hosts: 66.232.114.203 www.google.co.jp
    O1 - Hosts: 66.232.114.203 google.nl
    O1 - Hosts: 66.232.114.203 www.google.nl
    O1 - Hosts: 66.232.114.203 google.no
    O1 - Hosts: 66.232.114.203 www.google.no
    O1 - Hosts: 66.232.114.203 google.co.nz
    O1 - Hosts: 66.232.114.203 www.google.co.nz
    O1 - Hosts: 66.232.114.203 google.pl
    O1 - Hosts: 66.232.114.203 www.google.pl
    O1 - Hosts: 66.232.114.203 google.se
    O1 - Hosts: 66.232.114.203 www.google.se
    O1 - Hosts: 66.232.114.203 google.co.uk
    O1 - Hosts: 66.232.114.203 www.google.co.uk
    O1 - Hosts: 66.232.114.203 google.co.za
    O1 - Hosts: 66.232.114.203 www.google.co.za
    O1 - Hosts: 66.232.114.203 www.google-analytics.com
    O1 - Hosts: 66.232.114.203 www.bing.com
    O1 - Hosts: 66.232.114.203 search.yahoo.com
    O1 - Hosts: 66.232.114.203 www.search.yahoo.com
    O1 - Hosts: 66.232.114.203 uk.search.yahoo.com
    O1 - Hosts: 66.232.114.203 ca.search.yahoo.com
    O1 - Hosts: 66.232.114.203 de.search.yahoo.com
    O1 - Hosts: 66.232.114.203 fr.search.yahoo.com
    O1 - Hosts: 66.232.114.203 au.search.yahoo.com
    O1 - Hosts: 66.232.114.203 www.youtube.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [{7BE8263F-EE50-4D6A-DAEB-B33C6C446F89}] "C:\Documents and Settings\Vito & Gail\Application Data\Imboni\otetc.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - .DEFAULT User Startup: unir.exe (User 'Default user')
    O4 - Startup: ryem.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254099162218
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - Unknown owner - \\freenas\disk_ad0_part_s2\9. Ron's Shortcut to useful files\Clean up or removal tools\Rootkit removers\HitmanPro35.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10124 bytes




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Vito & Gail at 18:33:16.43 on Tue 01/25/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1349 [GMT -6:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Internet Security Suite *Enabled/Updated* {1D098FA6-5E3B-45DA-A84E-067794413383}
    FW: Internet Security Suite *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Documents and Settings\Vito & Gail\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Vito & Gail\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uStart Page = hxxp://my.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [{7BE8263F-EE50-4D6A-DAEB-B33C6C446F89}] "c:\documents and settings\vito & gail\application data\imboni\otetc.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\documents and settings\vito & gail\start menu\programs\startup\ryem.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254099162218
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    IFEO: image file execution options - svchost.exe
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-27 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-27 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-27 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-9-27 6016]
    R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-9-27 31616]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-9-27 992256]
    S0 cerc6;cerc6; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-27 133104]
    S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);\\freenas\disk_ad0_part_s2\9. Ron's Shortcut to useful files\Clean up or removal tools\Rootkit removers\HitmanPro35.exe [2010-12-28 6347584]
    S2 KillTheHooker;KillTheHooker;\??\c:\documents and settings\vito & gail\desktop\tdl3 razor\tizerbruteforceex.sys --> c:\documents and settings\vito & gail\desktop\tdl3 razor\TizerBruteForceEx.sys [?]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-17 16968]
    S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\drivers\OA002Afx.sys [2009-9-27 148056]
    S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\drivers\OA002Ufd.sys [2009-9-27 144672]
    S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\drivers\OA002Vid.sys [2009-9-27 268672]

    =============== Created Last 30 ================

    2011-01-25 22:49:13 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Tyefy
    2011-01-25 22:49:13 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Kusiak
    2011-01-25 22:25:50 -------- d-----w- c:\docume~1\vito&g~1\applic~1\SUPERAntiSpyware.com
    2011-01-25 22:25:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-01-25 22:25:42 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-25 22:04:48 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Oqaf
    2011-01-25 22:04:48 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Geyc
    2011-01-25 21:56:45 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Ondaxu
    2011-01-25 21:56:45 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Odimo
    2011-01-25 21:48:14 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-01-25 21:40:53 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Kiada
    2011-01-25 21:40:53 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Imboni
    2011-01-25 20:59:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\mJaLbEp06504
    2011-01-25 20:59:39 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Zoliqy
    2011-01-25 20:59:39 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Igeka
    2011-01-25 20:59:09 -------- d-----w- C:\Adobe
    2011-01-25 18:15:38 -------- d-----w- c:\program files\CleanUp!
    2011-01-25 18:05:48 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-01-23 23:35:29 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Loepin
    2011-01-23 23:35:29 -------- d-----w- c:\docume~1\vito&g~1\applic~1\Kooz
    2011-01-17 18:22:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-01-17 18:22:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

    ==================== Find3M ====================


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/27/2009 11:57:03 AM
    System Uptime: 1/25/2011 5:02:57 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0F896N
    Processor: AMD Athlon(tm) 7750 Dual-Core Processor | AM2 | 2707/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 282.259 GiB free.
    D: is CDROM ()
    E: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_02E21028&REV_3A\3&267A616A&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_02E21028&REV_3A\3&267A616A&0&A0
    Service:

    ==== System Restore Points ===================

    RP6: 1/25/2011 5:04:41 PM - System Checkpoint

    ==== Hosts File Hijack ======================

    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.getantivirusplusnow.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 www.getavplusnow.com
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 66.232.114.203 www.google.com
    Hosts: 66.232.114.203 google.com
    Hosts: 66.232.114.203 google.com.au
    Hosts: 66.232.114.203 www.google.com.au
    Hosts: 66.232.114.203 google.be
    Hosts: 66.232.114.203 www.google.be
    Hosts: 66.232.114.203 google.com.br
    Hosts: 66.232.114.203 www.google.com.br
    Hosts: 66.232.114.203 google.ca
    Hosts: 66.232.114.203 www.google.ca
    Hosts: 66.232.114.203 google.ch
    Hosts: 66.232.114.203 www.google.ch
    Hosts: 66.232.114.203 google.de
    Hosts: 66.232.114.203 www.google.de
    Hosts: 66.232.114.203 google.dk
    Hosts: 66.232.114.203 www.google.dk
    Hosts: 66.232.114.203 google.fr
    Hosts: 66.232.114.203 www.google.fr
    Hosts: 66.232.114.203 google.ie
    Hosts: 66.232.114.203 www.google.ie
    Hosts: 66.232.114.203 google.it
    Hosts: 66.232.114.203 www.google.it
    Hosts: 66.232.114.203 google.co.jp
    Hosts: 66.232.114.203 www.google.co.jp
    Hosts: 66.232.114.203 google.nl
    Hosts: 66.232.114.203 www.google.nl
    Hosts: 66.232.114.203 google.no
    Hosts: 66.232.114.203 www.google.no
    Hosts: 66.232.114.203 google.co.nz
    Hosts: 66.232.114.203 www.google.co.nz
    Hosts: 66.232.114.203 google.pl
    Hosts: 66.232.114.203 www.google.pl
    Hosts: 66.232.114.203 google.se
    Hosts: 66.232.114.203 www.google.se
    Hosts: 66.232.114.203 google.co.uk
    Hosts: 66.232.114.203 www.google.co.uk
    Hosts: 66.232.114.203 google.co.za
    Hosts: 66.232.114.203 www.google.co.za
    Hosts: 66.232.114.203 www.google-analytics.com
    Hosts: 66.232.114.203 www.bing.com
    Hosts: 66.232.114.203 search.yahoo.com
    Hosts: 66.232.114.203 www.search.yahoo.com
    Hosts: 66.232.114.203 uk.search.yahoo.com
    Hosts: 66.232.114.203 ca.search.yahoo.com
    Hosts: 66.232.114.203 de.search.yahoo.com
    Hosts: 66.232.114.203 fr.search.yahoo.com
    Hosts: 66.232.114.203 au.search.yahoo.com
    Hosts: 66.232.114.203 www.youtube.com

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.1
    Advanced Audio FX Engine
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG Free 9.0
    Battlefield Vietnam(TM)
    Brother MFL-Pro Suite
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CleanUp!
    Dell Webcam Central
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Java(TM) 6 Update 16
    Live! Cam Avatar Creator
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Monitor Webcam Driver (1.01.02.0804)
    OGA Notifier 2.0.0048.0
    PaperPort
    Platform
    PunkBuster for Battlefield Vietnam
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Sierra Bullets Infinity 5.1
    Skins
    SUPERAntiSpyware
    UltraVNC v1.0.2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    VIA Platform Device Manager
    W Photo Studio
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Search Protection

    ==== Event Viewer Messages From Past Week ========

    1/25/2011 3:08:45 PM, error: Service Control Manager [7000] - The Hitman Pro 3.5 Crusader (Boot) service failed to start due to the following error: The network path was not found.
    1/25/2011 12:21:19 PM, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
    1/25/2011 12:21:19 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    1/25/2011 12:21:16 PM, error: SRService [104] - The System Restore initialization process failed.
    1/25/2011 12:06:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips Processor
    1/25/2011 12:04:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/25/2011 12:04:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    ==== End Of File ===========================


    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

    ============= FINISH: 18:34:23.85 ===============
     

    Attached Files:

  2. TechGeekNet

    TechGeekNet Thread Starter

    Joined:
    Oct 9, 2010
    Messages:
    9
    I just did a backup, wipe, reinstall. That took care of it. Not the best way but its done.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976995

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice