Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Please help, avg disabled, google links r redirecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Please help, avg disabled, google links r redirecting

Unread postby jas24 » December 7th, 2009, 2:22 pm

I dont know what is wrong, i cant get any programs to update avg and malwarebytes are not working. Google links are being redirected to a different site and im also getting pop ups.

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\jas\Local Settings\Temporary Internet Files\Content.IE5\WTWED0YC\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://twitter.com/home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\xdzWWx5JO.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [yaduhihof] Rundll32.exe "c:\windows\system32\dutuhabe.dll",a
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/house ... hcImpl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/ ... MILive.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
TCP: {145CCE74-320A-43DF-AE18-878504DCAF8C} = 193.104.110.38,4.2.2.1
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 193.104.110.38,4.2.2.1,65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: guzuyavu.dll c:\windows\system32\rulufutu.dll c:\windows\system32\dutuhabe.dll c:\windows\system32\viriteda.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: zesivukip - {042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
SSODL: negejoyin - {0c48aa17-9a36-4628-a813-42eaf1390475} - c:\windows\system32\dutuhabe.dll
SSODL: fotuzatob - {4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
SSODL: jomemowav - {a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\dutuhabe.dll
STS: mujuzedij: {042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
STS: mujuzedij: {0c48aa17-9a36-4628-a813-42eaf1390475} - c:\windows\system32\dutuhabe.dll
STS: jugezatag: {4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
STS: jugezatag: {a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\dutuhabe.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli vagivoho.dll
Hosts: 209.44.111.62 antispy.microsoft.com
Hosts: 209.44.111.62 antiaware-pro.com
Hosts: 209.44.111.62 www.antiaware-pro.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-4 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-2 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-2 26824]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-4 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-4 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-4 1141712]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S1 2892o0P7;2892o0P7;c:\windows\system32\drivers\2892o0P7.sys [2009-12-1 80384]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-12-2 231704]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 wnamjovtnb;wnamjovtnb;\??\c:\windows\system32\drivers\jiccljefwd.sys --> c:\windows\system32\drivers\jiccljefwd.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-2 19160]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-2-8 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-2-8 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-2-8 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-2 77312]

=============== Created Last 30 ================

2009-12-05 04:55:04 120 ----a-w- c:\windows\system32\srcr.dat
2009-12-05 03:16:30 0 ----a-w- c:\documents and settings\jas\cd
2009-12-04 23:34:04 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-04 23:34:04 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-04 23:34:04 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-04 23:34:04 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-04 23:34:04 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-04 23:34:04 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-04 23:34:04 131 ----a-w- c:\windows\IDB.zip
2009-12-04 23:34:04 1152444 ----a-w- c:\windows\UDB.zip
2009-12-04 23:33:43 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-04 23:33:43 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-04 23:33:20 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-04 23:33:20 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-04 23:33:20 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-04 23:33:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-04 23:32:55 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-04 23:32:54 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-04 23:32:37 0 d-----w- c:\program files\Spyware Doctor
2009-12-04 23:32:37 0 d-----w- c:\program files\common files\PC Tools
2009-12-04 23:32:37 0 d-----w- c:\docume~1\jas\applic~1\PC Tools
2009-12-04 23:32:37 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-04 23:02:18 93184 ------w- c:\windows\system32\viriteda.dll
2009-12-02 23:40:18 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-02 23:40:18 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-12-02 22:42:45 10520 ------w- c:\windows\system32\avgrsstx.dll
2009-12-02 20:30:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 20:30:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:30:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-02 20:30:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 19:33:02 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 19:32:40 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-02 19:32:27 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 19:32:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-12-02 18:27:36 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-12-01 22:42:22 0 d-sh--w- c:\windows\system32\lowsec
2009-12-01 22:42:18 80384 ----a-w- c:\windows\system32\drivers\2892o0P7.sys
2009-11-28 14:58:00 0 d-----w- c:\program files\uTorrent
2009-11-28 14:57:03 0 d-----w- c:\docume~1\jas\applic~1\uTorrent
2009-11-13 00:32:47 0 d-----w- c:\program files\VSO

==================== Find3M ====================

2009-11-13 00:33:24 87608 ----a-w- c:\docume~1\jas\applic~1\inst.exe
2009-11-13 00:33:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-13 00:33:24 47360 ----a-w- c:\docume~1\jas\applic~1\pcouffin.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 13:04:35 6588 ----a-w- c:\docume~1\jas\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-08-20 20:09:48 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2009-09-02 18:10:21 53760 --sha-w- c:\windows\system32\begimepo.dll
2009-09-04 23:08:08 39424 --sha-w- c:\windows\system32\hinilezo.dll
2007-08-20 20:09:55 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 23:08:07 90112 --sha-w- c:\windows\system32\lavevumu.dll
2009-09-03 20:13:38 39424 --sha-w- c:\windows\system32\magagovi.dll
2009-09-02 18:09:46 39424 --sha-w- c:\windows\system32\namiviko.dll
2009-09-02 18:09:43 45568 --sha-w- c:\windows\system32\pehuraba.dll
2009-09-02 01:49:25 39424 --sha-w- c:\windows\system32\pipidesa.dll
2009-09-03 20:13:38 45568 --sha-w- c:\windows\system32\pohuzowo.dll
2009-09-02 01:49:25 1909 --sha-w- c:\windows\system32\puvutabo.exe
2009-09-03 20:13:36 92160 --sha-w- c:\windows\system32\rulufutu.dll
2009-09-02 18:10:21 53760 --sha-w- c:\windows\system32\vagivoho.dll
2008-08-27 18:15:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 0:57:53.39 ===============

if you need anymore info please let me know thank you.
jas24
Regular Member
 
Posts: 16
Joined: December 6th, 2009, 5:20 pm
Top
Advertisement
Register to Remove

Re: Please help, avg disabled, google links r redirecting

Unread postby NonSuch » December 8th, 2009, 8:58 pm

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 542 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index