Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Trouble???

24 Jan 2010   #1
merkat106

Windows 7 Enterprise x64 SP1
 
 
Virus Trouble???

I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. I am at a loss as what to do and I'd rather not reinstall 7.

I will perform a hijackthis scan momentarily...


My System SpecsSystem Spec
.
24 Jan 2010   #2
merkat106

Windows 7 Enterprise x64 SP1
 
 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:31:15, on 24-Jan-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
e:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\MCUI32.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 194.109.207.126 www.bitdefender.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 64.29.204.16 www.bmwusa.com
O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
O1 - Hosts: 72.47.237.70 sojoe.info
O1 - Hosts: 66.238.93.164 support.asus.com
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.65.60.129 blog.taragana.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 71.139.244.137 www.blackviper.com
O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
O1 - Hosts: 82.165.180.64 freewarehome.com
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 63.97.94.59 www.amd.com
O1 - Hosts: 195.182.196.33 195.182.196.33
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: 63.111.69.121 www.weather.com
O1 - Hosts: 69.17.117.156 www.speakeasy.net
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 206.124.29.118 www.deadmalls.com
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 69.147.91.32 movies.yahoo.com
O1 - Hosts: 8.5.0.181 www.flowgo.com
O1 - Hosts: 216.34.181.72 www.thinkgeek.com
O1 - Hosts: 63.97.94.56 www.tvguide.com
O1 - Hosts: 207.46.166.10 zone.msn.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 74.208.154.147 www.beaucoup.com
O1 - Hosts: 69.63.181.16 www.facebook.com
O1 - Hosts: 63.135.80.46 www.myspace.com
O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
O1 - Hosts: 72.163.4.161 www.cisco.com
O1 - Hosts: 128.235.210.18 www.njedge.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 216.92.213.201 seema.org
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 98.137.46.72 www.geocities.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 195.12.48.132 www.koffeeklub.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 131.204.2.251 www.auburn.edu
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1261174478445
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 13236 bytes
My System SpecsSystem Spec
24 Jan 2010   #3
TheIgster

Windows 7 Home Premium 64-bit
 
 

Try Hitman Pro: Home - SurfRight
My System SpecsSystem Spec
.

24 Jan 2010   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Your Hosts file is infected .....
Rescan with HJT, check all of these items:
O1 - Hosts: 194.109.207.126 www.bitdefender.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 64.29.204.16 www.bmwusa.com
O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
O1 - Hosts: 72.47.237.70 sojoe.info
O1 - Hosts: 66.238.93.164 support.asus.com
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.65.60.129 blog.taragana.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 71.139.244.137 www.blackviper.com
O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
O1 - Hosts: 82.165.180.64 freewarehome.com
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 63.97.94.59 www.amd.com
O1 - Hosts: 195.182.196.33 195.182.196.33
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: 63.111.69.121 www.weather.com
O1 - Hosts: 69.17.117.156 www.speakeasy.net
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 206.124.29.118 www.deadmalls.com
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 69.147.91.32 movies.yahoo.com
O1 - Hosts: 8.5.0.181 www.flowgo.com
O1 - Hosts: 216.34.181.72 www.thinkgeek.com
O1 - Hosts: 63.97.94.56 www.tvguide.com
O1 - Hosts: 207.46.166.10 zone.msn.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 74.208.154.147 www.beaucoup.com
O1 - Hosts: 69.63.181.16 www.facebook.com
O1 - Hosts: 63.135.80.46 www.myspace.com
O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
O1 - Hosts: 72.163.4.161 www.cisco.com
O1 - Hosts: 128.235.210.18 www.njedge.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 216.92.213.201 seema.org
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 98.137.46.72 www.geocities.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 195.12.48.132 www.koffeeklub.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 131.204.2.251 www.auburn.edu
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net

O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
***Do you know what this is? I don't find any information on it. If you don't know, check it along with the O1's.


Close all Windows except HJT, then click 'fix checked'. Exit HJT and don't restart your computer just yet.





Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Clear your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe (You will need to run as Administrator)
copy/paste ipconfig /flushdns press 'enter'

Now Reboot/Restart your computer
My System SpecsSystem Spec
19 Feb 2010   #5
IggyAZ

Windows 7 Ultimate (64 bit)
 
 

Quote   Quote: Originally Posted by merkat106 View Post
I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. I am at a loss as what to do and I'd rather not reinstall 7.

I will perform a hijackthis scan momentarily...

Did you get to remove the virus?
What did you use?
Hope you are still here.
My System SpecsSystem Spec
Reply

 Virus Trouble???




Thread Tools




Similar help and support threads
Thread Forum
Trouble pasting, trouble canceling paste
I tried looking this up, tried searching multiple ways and I am not getting an answer, so here I am. Last night I cut 34.8 GB from one drive, pasted it to another. It said 50 minutes, I went to sleep. 8 hours later, it says 50 minutes remaining, so I hit cancel. It has now been canceling for...
General Discussion
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
BSOD happening after virus, having trouble booting into safe mode.
Hello, Recently, while I was browsing the web awhile ago, my computer had randomly begun to shutdown. I hadn't done anything to trigger this, so I simply rebooted my computer, and headed to Symantec to run a quick scan on my system. Without a doubt, multiple Trojans were detected. I removed...
BSOD Help and Support
Windows 7 trouble after deleting Security Shield virus
My computer recently became infected with the security shield virus. To get rid of the virus I followed steps provided online. restarting my computer in safe mode with networking using lan settings downloaded rkill, iexplorer.exe, malwarebytes anti malware. I successfully got rid of the virus...
System Security
Mouse Pointer trouble and startup trouble
I have trouble whenever start windows the start button appears as a white box and nothing appears on the desktop just the (just the background, no icons nor the gadgets) then I tried starting it on safe mode and did system restore however when it does start the mouse pointer keeps on appearing as...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:45.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App