superanti spy only found 2 cookies ran cookie cleaner
all seemed good ntil my google opens up and redirects to google.nl
so ran hijack this and it told me system denied access to host files.
Large amt of hijacked domains.maybe should consider deleting hosts file so I am now losst. here is hijack this.
could not attach so here it is longhand
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:49 PM, on 11/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ncr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 93.174.89.9 google.ae
O1 - Hosts: 93.174.89.9 google.as
O1 - Hosts: 93.174.89.9 google.at
O1 - Hosts: 93.174.89.9 google.az
O1 - Hosts: 93.174.89.9 google.ba
O1 - Hosts: 93.174.89.9 google.be
O1 - Hosts: 93.174.89.9 google.bg
O1 - Hosts: 93.174.89.9 google.bs
O1 - Hosts: 93.174.89.9 google.ca
O1 - Hosts: 93.174.89.9 google.cd
O1 - Hosts: 93.174.89.9 google.com.gh
O1 - Hosts: 93.174.89.9 google.com.hk
O1 - Hosts: 93.174.89.9 google.com.jm
O1 - Hosts: 93.174.89.9 google.com.mx
O1 - Hosts: 93.174.89.9 google.com.my
O1 - Hosts: 93.174.89.9 google.com.na
O1 - Hosts: 93.174.89.9 google.com.nf
O1 - Hosts: 93.174.89.9 google.com.ng
O1 - Hosts: 93.174.89.9 google.ch
O1 - Hosts: 93.174.89.9 google.com.np
O1 - Hosts: 93.174.89.9 google.com.pr
O1 - Hosts: 93.174.89.9 google.com.qa
O1 - Hosts: 93.174.89.9 google.com.sg
O1 - Hosts: 93.174.89.9 google.com.tj
O1 - Hosts: 93.174.89.9 google.com.tw
O1 - Hosts: 93.174.89.9 google.dj
O1 - Hosts: 93.174.89.9 google.de
O1 - Hosts: 93.174.89.9 google.dk
O1 - Hosts: 93.174.89.9 google.dm
O1 - Hosts: 93.174.89.9 google.ee
O1 - Hosts: 93.174.89.9 google.fi
O1 - Hosts: 93.174.89.9 google.fm
O1 - Hosts: 93.174.89.9 google.fr
O1 - Hosts: 93.174.89.9 google.ge
O1 - Hosts: 93.174.89.9 google.gg
O1 - Hosts: 93.174.89.9 google.gm
O1 - Hosts: 93.174.89.9 google.gr
O1 - Hosts: 93.174.89.9 google.ht
O1 - Hosts: 93.174.89.9 google.ie
O1 - Hosts: 93.174.89.9 google.im
O1 - Hosts: 93.174.89.9 google.in
O1 - Hosts: 93.174.89.9 google.it
O1 - Hosts: 93.174.89.9 google.ki
O1 - Hosts: 93.174.89.9 google.la
O1 - Hosts: 93.174.89.9 google.li
O1 - Hosts: 93.174.89.9 google.lv
O1 - Hosts: 93.174.89.9 google.ma
O1 - Hosts: 93.174.89.9 google.ms
O1 - Hosts: 93.174.89.9 google.mu
O1 - Hosts: 93.174.89.9 google.mw
O1 - Hosts: 93.174.89.9 google.nl
O1 - Hosts: 93.174.89.9 google.no
O1 - Hosts: 93.174.89.9 google.nr
O1 - Hosts: 93.174.89.9 google.nu
O1 - Hosts: 93.174.89.9 google.pl
O1 - Hosts: 93.174.89.9 google.pn
O1 - Hosts: 93.174.89.9 google.pt
O1 - Hosts: 93.174.89.9 google.ro
O1 - Hosts: 93.174.89.9 google.ru
O1 - Hosts: 93.174.89.9 google.rw
O1 - Hosts: 93.174.89.9 google.sc
O1 - Hosts: 93.174.89.9 google.se
O1 - Hosts: 93.174.89.9 google.sh
O1 - Hosts: 93.174.89.9 google.si
O1 - Hosts: 93.174.89.9 google.sm
O1 - Hosts: 93.174.89.9 google.sn
O1 - Hosts: 93.174.89.9 google.st
O1 - Hosts: 93.174.89.9 google.tl
O1 - Hosts: 93.174.89.9 google.tm
O1 - Hosts: 93.174.89.9 google.tt
O1 - Hosts: 93.174.89.9 google.us
O1 - Hosts: 93.174.89.9 google.vu
O1 - Hosts: 93.174.89.9 google.ws
O1 - Hosts: 93.174.89.9 google.co.ck
O1 - Hosts: 93.174.89.9 google.co.id
O1 - Hosts: 93.174.89.9 google.co.il
O1 - Hosts: 93.174.89.9 google.co.in
O1 - Hosts: 93.174.89.9 google.co.jp
O1 - Hosts: 93.174.89.9 google.co.kr
O1 - Hosts: 93.174.89.9 google.co.ls
O1 - Hosts: 93.174.89.9 google.co.ma
O1 - Hosts: 93.174.89.9 google.co.nz
O1 - Hosts: 93.174.89.9 google.co.tz
O1 - Hosts: 93.174.89.9 google.co.ug
O1 - Hosts: 93.174.89.9 google.co.uk
O1 - Hosts: 93.174.89.9 google.co.za
O1 - Hosts: 93.174.89.9 google.co.zm
O1 - Hosts: 93.174.89.9 google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FB8DE1A-E991-40E5-83CA-5172084B2073} (CISdownsampler Object) - http://service.eshar...downsampler.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2A7BB5-97D6-4731-8528-5281C42BD214}: NameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D2A7BB5-97D6-4731-8528-5281C42BD214}: NameServer = 69.78.96.14 66.174.95.44
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 9839 bytes
I hope you can help. It is beyond me realm.
Thanks in advance.
Leslie aka Madmaven