Virus Trouble???

merkat106

merkat106

Network Engineer
Guru
Local time
6:55 AM
Messages
462
Location
Phoenix, Arizona
I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. :confused: I am at a loss as what to do and I'd rather not reinstall 7.

I will perform a hijackthis scan momentarily...
 

My Computer My Computer

At a glance

Windows 7 Enterprise x64 SP1Intel Core i3-2100 @ 3.10GHz10 GB DDR3Asus EAH5450 series (Radeon)
Computer Manufacturer/Model Number
ATX Custom Build 2012
OS
Windows 7 Enterprise x64 SP1
CPU
Intel Core i3-2100 @ 3.10GHz
Motherboard
Intel DH67CL desktop ATX
Memory
10 GB DDR3
Graphics Card(s)
Asus EAH5450 series (Radeon)
Monitor(s) Displays
Samsung SyncMaster 226BW, Samsung Syncmaster P2450H
Screen Resolution
226BW: 1680 x 1050 & P2450H: 1920 x 1080
Hard Drives
Western Digital 320 GB sata (boot), Samsung 640 GB sata, Seagate 2 TB sata (data)
PSU
Cooler Master Extreme Power Plus 500W
Case
Thermaltake V3 Black Edition
Cooling
stock cooling with added intake fan
Keyboard
HP Wireless Elite Keyboard Wireless Keyboard
Mouse
Microsoft Touch
Internet Speed
Comcast Cable business class <=18Mb {averages 12Mb}
Other Info
Optical drives: LG SuperMulti Blue, HP DVD 1260T
Other: Kensington Bluetooth Receiver
Network: Buffalo Wireless N USB, DLink N router/DLink Ethernet Switch/DLink Xtreme N wireless bridge
Printer: HP Photosmart Plus, HP Officejet Pro 8600 Plus
PCs: HP dv6-3040us (7 x64 SP1), HP DM4-2165dx (7 x64 SP1), HP Pavilion zv6130us (7 x86), Apple Macbook Air (Lion)
************
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:31:15, on 24-Jan-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
e:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\MCUI32.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 194.109.207.126 www.bitdefender.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 64.29.204.16 www.bmwusa.com
O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
O1 - Hosts: 72.47.237.70 sojoe.info
O1 - Hosts: 66.238.93.164 support.asus.com
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.65.60.129 blog.taragana.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 71.139.244.137 www.blackviper.com
O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
O1 - Hosts: 82.165.180.64 freewarehome.com
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 63.97.94.59 www.amd.com
O1 - Hosts: 195.182.196.33 195.182.196.33
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: 63.111.69.121 www.weather.com
O1 - Hosts: 69.17.117.156 www.speakeasy.net
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 206.124.29.118 www.deadmalls.com
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 69.147.91.32 movies.yahoo.com
O1 - Hosts: 8.5.0.181 www.flowgo.com
O1 - Hosts: 216.34.181.72 www.thinkgeek.com
O1 - Hosts: 63.97.94.56 www.tvguide.com
O1 - Hosts: 207.46.166.10 zone.msn.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 74.208.154.147 www.beaucoup.com
O1 - Hosts: 69.63.181.16 www.facebook.com
O1 - Hosts: 63.135.80.46 www.myspace.com
O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
O1 - Hosts: 72.163.4.161 www.cisco.com
O1 - Hosts: 128.235.210.18 www.njedge.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 216.92.213.201 seema.org
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 98.137.46.72 www.geocities.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 195.12.48.132 www.koffeeklub.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 131.204.2.251 www.auburn.edu
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1261174478445
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 13236 bytes
 

My Computer My Computer

At a glance

Windows 7 Enterprise x64 SP1Intel Core i3-2100 @ 3.10GHz10 GB DDR3Asus EAH5450 series (Radeon)
Computer Manufacturer/Model Number
ATX Custom Build 2012
OS
Windows 7 Enterprise x64 SP1
CPU
Intel Core i3-2100 @ 3.10GHz
Motherboard
Intel DH67CL desktop ATX
Memory
10 GB DDR3
Graphics Card(s)
Asus EAH5450 series (Radeon)
Monitor(s) Displays
Samsung SyncMaster 226BW, Samsung Syncmaster P2450H
Screen Resolution
226BW: 1680 x 1050 & P2450H: 1920 x 1080
Hard Drives
Western Digital 320 GB sata (boot), Samsung 640 GB sata, Seagate 2 TB sata (data)
PSU
Cooler Master Extreme Power Plus 500W
Case
Thermaltake V3 Black Edition
Cooling
stock cooling with added intake fan
Keyboard
HP Wireless Elite Keyboard Wireless Keyboard
Mouse
Microsoft Touch
Internet Speed
Comcast Cable business class <=18Mb {averages 12Mb}
Other Info
Optical drives: LG SuperMulti Blue, HP DVD 1260T
Other: Kensington Bluetooth Receiver
Network: Buffalo Wireless N USB, DLink N router/DLink Ethernet Switch/DLink Xtreme N wireless bridge
Printer: HP Photosmart Plus, HP Officejet Pro 8600 Plus
PCs: HP dv6-3040us (7 x64 SP1), HP DM4-2165dx (7 x64 SP1), HP Pavilion zv6130us (7 x86), Apple Macbook Air (Lion)
************

My Computer My Computer

At a glance

Windows 7 Home Premium 64-bitIntel Core2 Quad Q6600 @ 2.40 Ghz8GB RAMATI Radeon HD 4600
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64-bit
CPU
Intel Core2 Quad Q6600 @ 2.40 Ghz
Memory
8GB RAM
Graphics Card(s)
ATI Radeon HD 4600
Monitor(s) Displays
HP w2007
Screen Resolution
1680 x 1050
Hard Drives
700 GB
Your Hosts file is infected .....
Rescan with HJT, check all of these items:
O1 - Hosts: 194.109.207.126 www.bitdefender.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 64.29.204.16 www.bmwusa.com
O1 - Hosts: 71.123.233.60 www.ftworthgunshow.com
O1 - Hosts: 72.47.237.70 sojoe.info
O1 - Hosts: 66.238.93.164 support.asus.com
O1 - Hosts: 64.4.11.252 technet.microsoft.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: 67.19.16.68 unattended.msfn.org
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 207.46.19.254 www.microsoft.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.65.60.129 blog.taragana.com
O1 - Hosts: 74.86.200.236 www.vistax64.com
O1 - Hosts: 15.216.13.217 h20000.www2.hp.com
O1 - Hosts: 74.86.229.157 www.sevenforums.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 208.113.167.139 www.speedyvista.com
O1 - Hosts: 71.139.244.137 www.blackviper.com
O1 - Hosts: 86.110.226.2 www.bestfreewaredownload.com
O1 - Hosts: 82.165.180.64 freewarehome.com
O1 - Hosts: 65.55.193.125 catalog.update.microsoft.com
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 193.168.50.120 www.cgsecurity.org
O1 - Hosts: 63.97.94.59 www.amd.com
O1 - Hosts: 195.182.196.33 195.182.196.33
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 15.193.8.32 h10025.www1.hp.com
O1 - Hosts: 63.111.69.121 www.weather.com
O1 - Hosts: 69.17.117.156 www.speakeasy.net
O1 - Hosts: fe80::cc1:b1eb:613:f254%11
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 206.124.29.118 www.deadmalls.com
O1 - Hosts: 69.25.140.140 www.popcap.com
O1 - Hosts: 69.147.91.32 movies.yahoo.com
O1 - Hosts: 8.5.0.181 www.flowgo.com
O1 - Hosts: 216.34.181.72 www.thinkgeek.com
O1 - Hosts: 63.97.94.56 www.tvguide.com
O1 - Hosts: 207.46.166.10 zone.msn.com
O1 - Hosts: 67.195.148.134 games.yahoo.com
O1 - Hosts: 74.208.154.147 www.beaucoup.com
O1 - Hosts: 69.63.181.16 www.facebook.com
O1 - Hosts: 63.135.80.46 www.myspace.com
O1 - Hosts: 204.64.245.167 www.twc.state.tx.us
O1 - Hosts: 72.163.4.161 www.cisco.com
O1 - Hosts: 128.235.210.18 www.njedge.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadisloft.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 216.92.213.201 seema.org
O1 - Hosts: 195.12.48.132 koffeeklub.net
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 98.137.46.72 www.geocities.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 195.12.48.132 www.koffeeklub.net
O1 - Hosts: 205.188.100.58 members.aol.com
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 131.204.2.251 www.auburn.edu
O1 - Hosts: 209.202.252.41 www.angelfire.com
O1 - Hosts: 67.228.94.72 mirrordance.net
O1 - Hosts: 209.202.252.50 kadithsweyr.tripod.com
O1 - Hosts: 195.12.48.132 koffeeklub.net

O4 - HKCU\..\Run: [perfodbc50] rundll32.exe "C:\Users\Mer Hathaway\AppData\Local\perfodbc50\perfodbc50.dll", DllInit
***Do you know what this is? I don't find any information on it. If you don't know, check it along with the O1's.


Close all Windows except HJT, then click 'fix checked'. Exit HJT and don't restart your computer just yet.





Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Clear your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe (You will need to run as Administrator)
copy/paste ipconfig /flushdns press 'enter'

Now Reboot/Restart your computer
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
merkat106 said:
I'm not sure where to start. First, my Firefox seems to have been hijacked as I am redirected to other suspicious sites constantly. Most of the time when this happens, Firefox crashes due to Norton blocking an intrusion attempt. IE seems to be fine although I think something similar happens to it, but infrequently.

Norton is logging all of this from the IP addresses 193.169.234.19 & 193.104.110.50 with the urls security-pc2010.org & freevirustestsite.com. However, what concerns me is that Norton recorded an intrusion attempt with my computer as the attacking pc and the url as google.com.analytics.wjbsrmtwcun.com... with the destination address as 72.51.47.21.

This makes me think that I have a virus, but I scanned my computer throughly with Norton IS 2010, MalwareBytes Anti-Malware & SUPERAntiSpyware and none of them found anything. I also visually inspected both the system folder and registry for anything suspicious, but again nothing. :confused: I am at a loss as what to do and I'd rather not reinstall 7.

I will perform a hijackthis scan momentarily...
Click to expand...


Did you get to remove the virus?
What did you use?
Hope you are still here.
 

My Computer My Computer

At a glance

Windows 10 ProIntel i5I'm old and lost a few chipsYup
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Built
OS
Windows 10 Pro
CPU
Intel i5
Motherboard
I have a fatherboard
Memory
I'm old and lost a few chips
Graphics Card(s)
Yup
Sound Card
Yup
Monitor(s) Displays
Samsung 32" UHD
Screen Resolution
3840 x 2160
Hard Drives
Samsung 860 EVO drives
PSU
450 Watt and some fans that blow
Case
Small tower
Cooling
Yes I am cool. lol
Keyboard
Who needs a keyboard?
Mouse
Logitech Laser G7 wireless
Internet Speed
Zippy fast UP and DOWN
Antivirus
I got a shot
Browser
The new Improved EDGE 2020
You must log in or register to reply here.

Similar threads

Real time anti-virus that works on r3dfox?
Replies
1
Views
1K
michael diemer
M
Solved DVD writer trouble?
Replies
1
Views
2K
Dimitris B
Dimitris B
I'm having trouble accessing online TV guides
Replies
5
Views
2K
A Guy
A Guy
Solved FYI - Just detected by Norton. I had to disable another Anti Virus.
Replies
2
Views
6K
Mike Lynch
Mike Lynch
Is my Hard Drive Dead? Virus or Hardware Failure? Data Recoverable?
Replies
5
Views
4K
GoWest
G
Back
Top