Virus Trouble???


  1. merkat106
    Posts : 474
    Windows 7 Enterprise x64 SP1
       New #1

    Virus Trouble???


    I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

    Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

    This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. I am at a loss as what to do and I'd rather not reinstall 7.

    I will perform a hijackthis scan momentarily...
      My Computer
    Quote Quote

  3. merkat106
    Posts : 474
    Windows 7 Enterprise x64 SP1
    Thread Starter
       New #2

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 13:31:15, on 24-Jan-10
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
    e:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\MCUI32.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 194.109.207.126 www.bitdefender.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 64.4.11.252 technet.microsoft.com
    O1 - Hosts: 64.29.204.16 www.bmwusa.com
    O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
    O1 - Hosts: 72.47.237.70 sojoe.info
    O1 - Hosts: 66.238.93.164 support.asus.com
    O1 - Hosts: 64.4.11.252 technet.microsoft.com
    O1 - Hosts: 74.86.200.236 www.vistax64.com
    O1 - Hosts: 207.46.19.254 www.microsoft.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
    O1 - Hosts: 67.19.16.68 unattended.msfn.org
    O1 - Hosts: 67.19.16.68 unattended.msfn.org
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 207.46.19.254 www.microsoft.com
    O1 - Hosts: 74.86.229.157 www.sevenforums.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 69.65.60.129 blog.taragana.com
    O1 - Hosts: 74.86.200.236 www.vistax64.com
    O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
    O1 - Hosts: 74.86.229.157 www.sevenforums.com
    O1 - Hosts: 208.113.167.139 www.speedyvista.com
    O1 - Hosts: 208.113.167.139 www.speedyvista.com
    O1 - Hosts: 71.139.244.137 www.blackviper.com
    O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
    O1 - Hosts: 82.165.180.64 freewarehome.com
    O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
    O1 - Hosts: 193.168.50.120 www.cgsecurity.org
    O1 - Hosts: 193.168.50.120 www.cgsecurity.org
    O1 - Hosts: 63.97.94.59 www.amd.com
    O1 - Hosts: 195.182.196.33 195.182.196.33
    O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
    O1 - Hosts: 63.111.69.121 www.weather.com
    O1 - Hosts: 69.17.117.156 www.speakeasy.net
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 69.25.140.140 www.popcap.com
    O1 - Hosts: 67.195.148.134 games.yahoo.com
    O1 - Hosts: 206.124.29.118 www.deadmalls.com
    O1 - Hosts: 69.25.140.140 www.popcap.com
    O1 - Hosts: 69.147.91.32 movies.yahoo.com
    O1 - Hosts: 8.5.0.181 www.flowgo.com
    O1 - Hosts: 216.34.181.72 www.thinkgeek.com
    O1 - Hosts: 63.97.94.56 www.tvguide.com
    O1 - Hosts: 207.46.166.10 zone.msn.com
    O1 - Hosts: 67.195.148.134 games.yahoo.com
    O1 - Hosts: 74.208.154.147 www.beaucoup.com
    O1 - Hosts: 69.63.181.16 www.facebook.com
    O1 - Hosts: 63.135.80.46 www.myspace.com
    O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
    O1 - Hosts: 72.163.4.161 www.cisco.com
    O1 - Hosts: 128.235.210.18 www.njedge.net
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
    O1 - Hosts: 195.12.48.132 koffeeklub.net
    O1 - Hosts: 216.92.213.201 seema.org
    O1 - Hosts: 195.12.48.132 koffeeklub.net
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 205.188.100.58 members.aol.com
    O1 - Hosts: 98.137.46.72 www.geocities.com
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 195.12.48.132 www.koffeeklub.net
    O1 - Hosts: 205.188.100.58 members.aol.com
    O1 - Hosts: 209.202.252.41 www.angelfire.com
    O1 - Hosts: 131.204.2.251 www.auburn.edu
    O1 - Hosts: 209.202.252.41 www.angelfire.com
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
    O1 - Hosts: 195.12.48.132 koffeeklub.net
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
    O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1261174478445
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    --
    End of file - 13236 bytes
      My Computer
    Quote Quote

  4. TheIgster
    Posts : 408
    Windows 7 Home Premium 64-bit
       New #3

    Try Hitman Pro: Home - SurfRight
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #4

    Your Hosts file is infected .....
    Rescan with HJT, check all of these items:
    O1 - Hosts: 194.109.207.126 www.bitdefender.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 64.4.11.252 technet.microsoft.com
    O1 - Hosts: 64.29.204.16 www.bmwusa.com
    O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
    O1 - Hosts: 72.47.237.70 sojoe.info
    O1 - Hosts: 66.238.93.164 support.asus.com
    O1 - Hosts: 64.4.11.252 technet.microsoft.com
    O1 - Hosts: 74.86.200.236 www.vistax64.com
    O1 - Hosts: 207.46.19.254 www.microsoft.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
    O1 - Hosts: 67.19.16.68 unattended.msfn.org
    O1 - Hosts: 67.19.16.68 unattended.msfn.org
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 207.46.19.254 www.microsoft.com
    O1 - Hosts: 74.86.229.157 www.sevenforums.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 69.65.60.129 blog.taragana.com
    O1 - Hosts: 74.86.200.236 www.vistax64.com
    O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
    O1 - Hosts: 74.86.229.157 www.sevenforums.com
    O1 - Hosts: 208.113.167.139 www.speedyvista.com
    O1 - Hosts: 208.113.167.139 www.speedyvista.com
    O1 - Hosts: 71.139.244.137 www.blackviper.com
    O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
    O1 - Hosts: 82.165.180.64 freewarehome.com
    O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
    O1 - Hosts: 193.168.50.120 www.cgsecurity.org
    O1 - Hosts: 193.168.50.120 www.cgsecurity.org
    O1 - Hosts: 63.97.94.59 www.amd.com
    O1 - Hosts: 195.182.196.33 195.182.196.33
    O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
    O1 - Hosts: 63.111.69.121 www.weather.com
    O1 - Hosts: 69.17.117.156 www.speakeasy.net
    O1 - Hosts: fe80::cc1:b1eb:613:f254%11
    O1 - Hosts: 69.25.140.140 www.popcap.com
    O1 - Hosts: 67.195.148.134 games.yahoo.com
    O1 - Hosts: 206.124.29.118 www.deadmalls.com
    O1 - Hosts: 69.25.140.140 www.popcap.com
    O1 - Hosts: 69.147.91.32 movies.yahoo.com
    O1 - Hosts: 8.5.0.181 www.flowgo.com
    O1 - Hosts: 216.34.181.72 www.thinkgeek.com
    O1 - Hosts: 63.97.94.56 www.tvguide.com
    O1 - Hosts: 207.46.166.10 zone.msn.com
    O1 - Hosts: 67.195.148.134 games.yahoo.com
    O1 - Hosts: 74.208.154.147 www.beaucoup.com
    O1 - Hosts: 69.63.181.16 www.facebook.com
    O1 - Hosts: 63.135.80.46 www.myspace.com
    O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
    O1 - Hosts: 72.163.4.161 www.cisco.com
    O1 - Hosts: 128.235.210.18 www.njedge.net
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
    O1 - Hosts: 195.12.48.132 koffeeklub.net
    O1 - Hosts: 216.92.213.201 seema.org
    O1 - Hosts: 195.12.48.132 koffeeklub.net
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 205.188.100.58 members.aol.com
    O1 - Hosts: 98.137.46.72 www.geocities.com
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 195.12.48.132 www.koffeeklub.net
    O1 - Hosts: 205.188.100.58 members.aol.com
    O1 - Hosts: 209.202.252.41 www.angelfire.com
    O1 - Hosts: 131.204.2.251 www.auburn.edu
    O1 - Hosts: 209.202.252.41 www.angelfire.com
    O1 - Hosts: 67.228.94.72 mirrordance.net
    O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
    O1 - Hosts: 195.12.48.132 koffeeklub.net

    O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
    ***Do you know what this is? I don't find any information on it. If you don't know, check it along with the O1's.


    Close all Windows except HJT, then click 'fix checked'. Exit HJT and don't restart your computer just yet.





    Download the HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
    Clear your DNS cache:
    Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe (You will need to run as Administrator)
    copy/paste ipconfig /flushdns press 'enter'

    Now Reboot/Restart your computer
      My Computer
    Quote Quote

  7. IggyAZ
    Posts : 846
    Windows 10 Pro
       New #5

    merkat106 said:
    I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

    Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

    This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. I am at a loss as what to do and I'd rather not reinstall 7.

    I will perform a hijackthis scan momentarily...

    Did you get to remove the virus?
    What did you use?
    Hope you are still here.
      My Computer
    Quote Quote

 

  Related Discussions
Noticed the PC not running normal , so i ran my paid version of Malwarebytes and it had shown me 3 pups. optional Arcadefrontier folders and 1 file of the same. those were selected , then fixed. Nothing detected running MS essentials . I downloaded latest Ccleaner and it found thousands of...
Does anyone know how to install virus total scanner in windows 7x64.It is a zip file and it is password protected and I don't have the password.How do I get the password?Any help appreciated.. TonyTiger
I tried looking this up, tried searching multiple ways and I am not getting an answer, so here I am. Last night I cut 34.8 GB from one drive, pasted it to another. It said 50 minutes, I went to sleep. 8 hours later, it says 50 minutes remaining, so I hit cancel. It has now been canceling for...
Hello, Recently, while I was browsing the web awhile ago, my computer had randomly begun to shutdown. I hadn't done anything to trigger this, so I simply rebooted my computer, and headed to Symantec to run a quick scan on my system. Without a doubt, multiple Trojans were detected. I removed...
My computer recently became infected with the security shield virus. To get rid of the virus I followed steps provided online. restarting my computer in safe mode with networking using lan settings downloaded rkill, iexplorer.exe, malwarebytes anti malware. I successfully got rid of the virus...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 10:44.
Find Us