I would be grateful for any help with these issues: I tried to to the prelim steps, but my browser will not display sites like Kaspersky and the VundoFix sites (404 type messages.)I did run McAfee, Spyware Blaster, SPybit, Windows Defender, CCleaner, SDFix. 1) In IE, Google search results are redirected to weird URLs that are non-existant sites 2) Firefox will not start (even after a re-install) 3) McAfee will no longer update (can't access needed online files, subscription still on) My Hijack this log is attached. Thank you in advance for any help! ARW Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:50 AM, on 6/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Administrator\Desktop\SDFix\SDFix\Norman_Malware_Cleaner.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrator\Desktop\SDFix\SDFix\a2cmd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://exchange.syr.edu/exchange/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O2 - BHO: (no name) - {17E7EDFE-3298-41E7-9FDB-494649B59091} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {758A7917-328C-4E1B-B13B-1D94316BE9FE} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {77A3F107-8918-40F2-A55C-5AA94C03487C} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199485231692 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199485372052 O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.123/qboax10.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8801 bytes 4) IE browser will apparantly not display sites with URLs that include words like Vundo 4)
Hi awenner. Uh oh... sounds like vundo to me. Please note the following: 1. Vundo is one of the most severe infections out there, thus, 2. it is extremely hard to remove. 3. Many have given up fighting it and instead formatted to have a clean system against 4. the many hidden settings which vundo will make to your computer, which might never be discovered. The choice is yours. However, if you wish to fight... Rename HijackThis to something like scanner.exe and run it again. Post the new hijackthis log here. Download both vundofix and virtumundobegone on another computer, and transfer it onto this computer. Boot into safe mode, and then run both of those programs (rename these programs as well, to something like vkill). Navigate to C:\Windows\system32\drivers\etc and open the hosts file in notepad. Post the contents here. Also, download Autoruns from Sysinternals, and take a screenshot of everything under the tabs Explorer and Winlogon. Go to C:\Windows\system32, and list all the files by date. Make sure that both hidden files and folders and hidden system protected files are able to be viewed by adjusting the folder options. Scroll to the latest files, and list the random-named dll or exe files. Best Regards PS: Your java needs updating
Thank you so much!! I have to break this response into 2 posts, since my replies seem to be hanging when I submit... 1)HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:49 PM, on 6/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://exchange.syr.edu/exchange/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O2 - BHO: (no name) - {17E7EDFE-3298-41E7-9FDB-494649B59091} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {758A7917-328C-4E1B-B13B-1D94316BE9FE} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {77A3F107-8918-40F2-A55C-5AA94C03487C} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe" /background O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199485231692 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199485372052 O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.123/qboax10.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8527 bytes ------------------------------- 2) VundoFix & VBG both run in SAFE MODE; Vundofix found no infected file; the VBG log is: [06/12/2008, 10:00:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\SDFix\VGone.exe.exe" ) [06/12/2008, 10:01:08] - Detected System Information: [06/12/2008, 10:01:08] - Windows Version: 5.1.2600, Service Pack 2 [06/12/2008, 10:01:08] - Current Username: Administrator (Admin) [06/12/2008, 10:01:08] - Windows is in SAFE mode. [06/12/2008, 10:01:08] - Searching for Browser Helper Objects: [06/12/2008, 10:01:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 3: {17E7EDFE-3298-41E7-9FDB-494649B59091} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [06/12/2008, 10:01:08] - BHO 5: {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) [06/12/2008, 10:01:08] - BHO 7: {758A7917-328C-4E1B-B13B-1D94316BE9FE} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/12/2008, 10:01:08] - BHO 9: {77A3F107-8918-40F2-A55C-5AA94C03487C} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - BHO 10: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy) [06/12/2008, 10:01:08] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} () [06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:08] - No filename found. Continuing. [06/12/2008, 10:01:08] - Finished Searching Browser Helper Objects [06/12/2008, 10:01:08] - Finishing up... [06/12/2008, 10:01:08] - Nothing found! Exiting... [06/12/2008, 10:01:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\SDFix\VGone.exe.exe" ) [06/12/2008, 10:01:52] - Detected System Information: [06/12/2008, 10:01:52] - Windows Version: 5.1.2600, Service Pack 2 [06/12/2008, 10:01:52] - Current Username: Administrator (Admin) [06/12/2008, 10:01:52] - Windows is in SAFE mode. [06/12/2008, 10:01:52] - Searching for Browser Helper Objects: [06/12/2008, 10:01:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 3: {17E7EDFE-3298-41E7-9FDB-494649B59091} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [06/12/2008, 10:01:52] - BHO 5: {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) [06/12/2008, 10:01:52] - BHO 7: {758A7917-328C-4E1B-B13B-1D94316BE9FE} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/12/2008, 10:01:52] - BHO 9: {77A3F107-8918-40F2-A55C-5AA94C03487C} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - BHO 10: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy) [06/12/2008, 10:01:52] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} () [06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/12/2008, 10:01:52] - No filename found. Continuing. [06/12/2008, 10:01:52] - Finished Searching Browser Helper Objects [06/12/2008, 10:01:52] - Finishing up... [06/12/2008, 10:01:52] - Nothing found! Exiting... More in next post... ARW
3) Hosts (it's too big to send..here's the top part) # This MVPS HOSTS file is a free download from: # # http://www.mvps.org/winhelp2002/ # # # # Notes: the browser does not read this "#" symbol # # You can create your own notes, after the # symbol # # This *must* be the first line: 127.0.0.1 localhost # # *********************************************************# # ----------------- Updated: June-05-2008 ------------------# # *********************************************************# # # # Entries with comments are all searchable via Google. # # # # Disclaimer: this file is free to use for personal use # # only. Furthermore it is NOT permitted to copy any of the # # contents or host on any other site without permission or # # meeting the full criteria of the below license terms. # # # # This work is licensed under the Creative Commons # # Attribution-NonCommercial-ShareAlike License. # # http://creativecommons.org/licenses/by-nc-sa/3.0/ # 127.0.0.1 localhost #start of lines added by WinHelp2002 # [Misc A - Z] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.a8.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 asy.a8ww.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.abx4.com #[Adware.ABXToolbar] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 phpadsnew.abac.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 a.abnad.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 b.abnad.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 d.abnad.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 e.abnad.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 t.abnad.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 banners.absolpublisher.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 tracking.absolstats.com 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 www2.a-counter.kiev.ua # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 accuserveadsystem.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.accuserveadsystem.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 gtb5.acecounter.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 gtcc1.acecounter.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 acestats.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.acestats.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 achmedia.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.active.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 am1.activemeter.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 web.acumenpi.com #[AdvertPro] 127.0.0.1 ad.ad24.ru 127.0.0.1 at.ad2click.nl 127.0.0.1 cms.ad2click.nl # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.ad2games.com 127.0.0.1 banner.ad.nu # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad-up.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.ad-up.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 cl21.v4.adaction.se # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adagencypro.com 127.0.0.1 ads.adap.tv # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 vad.adbasket.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.pop1.adbn.ru # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adserv.adbonus.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adbonus.com 127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie] 127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adc2.adcentriconline.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adcp.adcentriconline.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 bell.adcentriconline.com #[Wildcard DNS] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 content.adcentriconline.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 media.adcentriconline.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 publicis.adcentriconline.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad-clix.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.ad-clix.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adcomplete.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adcomplete.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol] 127.0.0.1 www.add-hhh.info #[TR/Dialer.22352.B] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 e13.media.addynamix.com 127.0.0.1 www.adeos.eu # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adcode.adengage.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 stats2.adengage.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adengage.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 pt.server1.adexit.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adexit.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.ad4ever.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 track.adform.net 127.0.0.1 ads.adfox.ru 127.0.0.1 gazeta.adfox.ru 127.0.0.1 adfun.ru 127.0.0.1 ad1.adfun.ru 127.0.0.1 ad2.adfun.ru 127.0.0.1 ad3.adfun.ru 127.0.0.1 ad4.adfun.ru # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest6.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest7.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest8.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest11.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest12.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest13.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest163.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 harvest176.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 seeds.adgardener.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adgroups.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code] 127.0.0.1 host1.adhese.be #[Adhese Datamine Tag] 127.0.0.1 host2.adhese.be 127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] 127.0.0.1 host4.adhese.be # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.adhsm.adhese.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 pool.adhsm.adhese.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ssl3.adhost.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www2.adhost.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 zone10.adicate.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adfarm1.adition.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 imagesrv.adition.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.adition.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 hosting.adjug.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 tracking.adjug.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adsearch.adkontekst.pl # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 pk.adlandpro.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 te.adlandpro.com #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 trafficex.adlandpro.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking.Cookie] 127.0.0.1 engine.adland.ru #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 publicidad.adlead.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adlimg03.com 127.0.0.1 classic.adlink.de 127.0.0.1 regio.adlink.de 127.0.0.1 west.adlink.de # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 rc.de.adlink.net #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 tr.de.adlink.net 127.0.0.1 ads3.adman.gr #[eTrust.Tracking.Cookie] 127.0.0.1 r2d2.adman.gr # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 apps.admission.net #[Spotlight Ads] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 appcache.admission.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 view.admission.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 rms.admeta.com #[admeta.basefarm.net][eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ads.admodus.com #[eTrust.Tracking.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.adnet.biz #[eTrust.Tracking.Cookie] 127.0.0.1 engine.adnet.ru 127.0.0.1 ad.adnetwork.com.br 127.0.0.1 agoraua.adocean.pl 127.0.0.1 s1.ad.adocean.pl #[Ewido.Tracking.Cookie] 127.0.0.1 s1.advicepl.adocean.pl 127.0.0.1 s1.centrumcz.adocean.pl #[eTrust.Tracking.Cookie] 127.0.0.1 s1.cz.adocean.pl 127.0.0.1 s1.czgde.adocean.pl 127.0.0.1 s1.myao.adocean.pl 127.0.0.1 s1.pracuj.adocean.pl 127.0.0.1 s1.skgde.adocean.pl 127.0.0.1 s2.ad.adocean.pl # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad01.adonspot.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad02.adonspot.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adplz.com 127.0.0.1 ab.adpro.com.ua 127.0.0.1 system.adquick.nl 127.0.0.1 www.adquest.nl 127.0.0.1 adx.adrenaline.cz # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adroll.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 c.adroll.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adsforindians.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.adrefer.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 cntr.adrime.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 images.adrime.com 127.0.0.1 ad.adriver.ru # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adrotate.net # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 ad.ads8.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 vip.ads8.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.ads183.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 antevenio.flux.ads-click.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 acnetwork.flux.acsyndication.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 img.ads-click.com 127.0.0.1 ad.ads.dk 127.0.0.1 tdkads.ads.dk # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adservtech.com 127.0.0.1 adservicedomain.info # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adsfac.net #[Facilitate Tracking Code] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 images.adshuffle.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 this.content.served.by.adshuffle.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan] # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www.adsaway.com #[Google.Warning] 127.0.0.1 adsfac.eu 127.0.0.1 www.adshot.de # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 network.adsmarket.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 allchix.adsmax.com # Potentially malicious hosts entry modified by Norman Virus Control # 127.0.0.1 www2.adsmax.com
I'm sorry -- the site is hanging when I try to post any more logs...maybe I can try again later... the sys 32 fle has some weird things like MRT.exe, quartz.dll, mshtml.dll, wininit.dll, webcheck.dll, urlmon.dll, url.dll, iertutil.dll, iernonce.dll, ieframe.dll,ieudinit.exe, ie4uinit.dll Thank you!! ARW
hi awenner. Follow Ltangel's instructions on downloading and running Combofix in this thread: http://forums.afterdawn.com/thread_view.cfm/639221 Post the log here. Best Regards
