|
|
|
Please help with browser hijacking
|
|
|
awenner
Newbie
|
12. June 2008 @ 08:09 |
Link to this message
|
I would be grateful for any help with these issues: I tried to to the prelim steps, but my browser will not display sites like Kaspersky and the VundoFix sites (404 type messages.)I did run McAfee, Spyware Blaster, SPybit, Windows Defender, CCleaner, SDFix.
1) In IE, Google search results are redirected to weird URLs that are non-existant sites
2) Firefox will not start (even after a re-install)
3) McAfee will no longer update (can't access needed online files, subscription still on)
My Hijack this log is attached. Thank you in advance for any help!
ARW
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:50 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\SDFix\SDFix\Norman_Malware_Cleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\SDFix\SDFix\a2cmd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://exchange.syr.edu/exchange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: (no name) - {17E7EDFE-3298-41E7-9FDB-494649B59091} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {758A7917-328C-4E1B-B13B-1D94316BE9FE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77A3F107-8918-40F2-A55C-5AA94C03487C} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1199485231692
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199485372052
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.123/qboax10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8801 bytes
4) IE browser will apparantly not display sites with URLs that include words like Vundo
4)
|
|
Advertisement
|
 |
|
|
Senior Member
|
12. June 2008 @ 08:46 |
Link to this message
|
Hi awenner.
Uh oh... sounds like vundo to me. Please note the following:
1. Vundo is one of the most severe infections out there, thus,
2. it is extremely hard to remove.
3. Many have given up fighting it and instead formatted to have a clean system against
4. the many hidden settings which vundo will make to your computer, which might never be discovered.
The choice is yours. However, if you wish to fight...
Rename HijackThis to something like scanner.exe and run it again. Post the new hijackthis log here. Download both vundofix and virtumundobegone on another computer, and transfer it onto this computer. Boot into safe mode, and then run both of those programs (rename these programs as well, to something like vkill).
Navigate to C:\Windows\system32\drivers\etc and open the hosts file in notepad. Post the contents here. Also, download Autoruns from Sysinternals, and take a screenshot of everything under the tabs Explorer and Winlogon.
Go to C:\Windows\system32, and list all the files by date. Make sure that both hidden files and folders and hidden system protected files are able to be viewed by adjusting the folder options. Scroll to the latest files, and list the random-named dll or exe files.
Best Regards :D
PS: Your java needs updating :)
|
|
awenner
Newbie
|
12. June 2008 @ 20:27 |
Link to this message
|
Thank you so much!! I have to break this response into 2 posts, since my replies seem to be hanging when I submit...
1)HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:49 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://exchange.syr.edu/exchange/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: (no name) - {17E7EDFE-3298-41E7-9FDB-494649B59091} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {758A7917-328C-4E1B-B13B-1D94316BE9FE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77A3F107-8918-40F2-A55C-5AA94C03487C} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1199485231692
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1199485372052
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.123/qboax10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8527 bytes
-------------------------------
2) VundoFix & VBG both run in SAFE MODE; Vundofix found no infected file; the VBG log is:
[06/12/2008, 10:00:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\SDFix\VGone.exe.exe" )
[06/12/2008, 10:01:08] - Detected System Information:
[06/12/2008, 10:01:08] - Windows Version: 5.1.2600, Service Pack 2
[06/12/2008, 10:01:08] - Current Username: Administrator (Admin)
[06/12/2008, 10:01:08] - Windows is in SAFE mode.
[06/12/2008, 10:01:08] - Searching for Browser Helper Objects:
[06/12/2008, 10:01:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 3: {17E7EDFE-3298-41E7-9FDB-494649B59091} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/12/2008, 10:01:08] - BHO 5: {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[06/12/2008, 10:01:08] - BHO 7: {758A7917-328C-4E1B-B13B-1D94316BE9FE} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/12/2008, 10:01:08] - BHO 9: {77A3F107-8918-40F2-A55C-5AA94C03487C} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - BHO 10: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[06/12/2008, 10:01:08] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} ()
[06/12/2008, 10:01:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:08] - No filename found. Continuing.
[06/12/2008, 10:01:08] - Finished Searching Browser Helper Objects
[06/12/2008, 10:01:08] - Finishing up...
[06/12/2008, 10:01:08] - Nothing found! Exiting...
[06/12/2008, 10:01:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\SDFix\VGone.exe.exe" )
[06/12/2008, 10:01:52] - Detected System Information:
[06/12/2008, 10:01:52] - Windows Version: 5.1.2600, Service Pack 2
[06/12/2008, 10:01:52] - Current Username: Administrator (Admin)
[06/12/2008, 10:01:52] - Windows is in SAFE mode.
[06/12/2008, 10:01:52] - Searching for Browser Helper Objects:
[06/12/2008, 10:01:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 3: {17E7EDFE-3298-41E7-9FDB-494649B59091} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/12/2008, 10:01:52] - BHO 5: {5f37fc69-3a05-4fb6-a05b-476d1b0cfd51} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[06/12/2008, 10:01:52] - BHO 7: {758A7917-328C-4E1B-B13B-1D94316BE9FE} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/12/2008, 10:01:52] - BHO 9: {77A3F107-8918-40F2-A55C-5AA94C03487C} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - BHO 10: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[06/12/2008, 10:01:52] - BHO 11: {E9383002-FC55-4330-B9C9-67E03BC5C840} ()
[06/12/2008, 10:01:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 10:01:52] - No filename found. Continuing.
[06/12/2008, 10:01:52] - Finished Searching Browser Helper Objects
[06/12/2008, 10:01:52] - Finishing up...
[06/12/2008, 10:01:52] - Nothing found! Exiting...
More in next post...
ARW
|
|
awenner
Newbie
|
12. June 2008 @ 20:46 |
Link to this message
|
3) Hosts (it's too big to send..here's the top part)
# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# *********************************************************#
# ----------------- Updated: June-05-2008 ------------------#
# *********************************************************#
# #
# Entries with comments are all searchable via Google. #
# #
# Disclaimer: this file is free to use for personal use #
# only. Furthermore it is NOT permitted to copy any of the #
# contents or host on any other site without permission or #
# meeting the full criteria of the below license terms. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommons.org/licenses/by-nc-sa/3.0/ #
127.0.0.1 localhost
#start of lines added by WinHelp2002
# [Misc A - Z]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.a8.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 asy.a8ww.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 phpadsnew.abac.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 a.abnad.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 b.abnad.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 d.abnad.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 e.abnad.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 t.abnad.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 banners.absolpublisher.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 accuserveadsystem.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.accuserveadsystem.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 gtb5.acecounter.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 gtcc1.acecounter.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 acestats.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.acestats.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 achmedia.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.active.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 am1.activemeter.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 web.acumenpi.com #[AdvertPro]
127.0.0.1 ad.ad24.ru
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.ad2games.com
127.0.0.1 banner.ad.nu
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad-up.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.ad-up.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 cl21.v4.adaction.se
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adagencypro.com
127.0.0.1 ads.adap.tv
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 vad.adbasket.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.pop1.adbn.ru
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adserv.adbonus.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adc2.adcentriconline.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adcp.adcentriconline.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 content.adcentriconline.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 media.adcentriconline.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 publicis.adcentriconline.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad-clix.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.ad-clix.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adcomplete.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adcomplete.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 www.add-hhh.info #[TR/Dialer.22352.B]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adcode.adengage.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 stats2.adengage.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adengage.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 pt.server1.adexit.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adexit.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.ad4ever.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 track.adform.net
127.0.0.1 ads.adfox.ru
127.0.0.1 gazeta.adfox.ru
127.0.0.1 adfun.ru
127.0.0.1 ad1.adfun.ru
127.0.0.1 ad2.adfun.ru
127.0.0.1 ad3.adfun.ru
127.0.0.1 ad4.adfun.ru
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest6.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest7.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest8.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest11.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest12.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest13.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest163.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 harvest176.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 seeds.adgardener.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adgroups.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
127.0.0.1 host2.adhese.be
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
127.0.0.1 host4.adhese.be
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.adhsm.adhese.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 pool.adhsm.adhese.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ssl3.adhost.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www2.adhost.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 zone10.adicate.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adfarm1.adition.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 imagesrv.adition.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.adition.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 hosting.adjug.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 tracking.adjug.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adsearch.adkontekst.pl
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 pk.adlandpro.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 te.adlandpro.com #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 trafficex.adlandpro.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 engine.adland.ru #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 publicidad.adlead.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adlimg03.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 rc.de.adlink.net #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 tr.de.adlink.net
127.0.0.1 ads3.adman.gr #[eTrust.Tracking.Cookie]
127.0.0.1 r2d2.adman.gr
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 apps.admission.net #[Spotlight Ads]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 appcache.admission.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 view.admission.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 rms.admeta.com #[admeta.basefarm.net][eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ads.admodus.com #[eTrust.Tracking.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.adnet.biz #[eTrust.Tracking.Cookie]
127.0.0.1 engine.adnet.ru
127.0.0.1 ad.adnetwork.com.br
127.0.0.1 agoraua.adocean.pl
127.0.0.1 s1.ad.adocean.pl #[Ewido.Tracking.Cookie]
127.0.0.1 s1.advicepl.adocean.pl
127.0.0.1 s1.centrumcz.adocean.pl #[eTrust.Tracking.Cookie]
127.0.0.1 s1.cz.adocean.pl
127.0.0.1 s1.czgde.adocean.pl
127.0.0.1 s1.myao.adocean.pl
127.0.0.1 s1.pracuj.adocean.pl
127.0.0.1 s1.skgde.adocean.pl
127.0.0.1 s2.ad.adocean.pl
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad01.adonspot.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad02.adonspot.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adplz.com
127.0.0.1 ab.adpro.com.ua
127.0.0.1 system.adquick.nl
127.0.0.1 www.adquest.nl
127.0.0.1 adx.adrenaline.cz
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adroll.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 c.adroll.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adsforindians.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.adrefer.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 cntr.adrime.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 images.adrime.com
127.0.0.1 ad.adriver.ru
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adrotate.net
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 ad.ads8.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 vip.ads8.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.ads183.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 antevenio.flux.ads-click.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 acnetwork.flux.acsyndication.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 img.ads-click.com
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adservtech.com
127.0.0.1 adservicedomain.info
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adsfac.net #[Facilitate Tracking Code]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 images.adshuffle.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 this.content.served.by.adshuffle.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www.adsaway.com #[Google.Warning]
127.0.0.1 adsfac.eu
127.0.0.1 www.adshot.de
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 network.adsmarket.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 allchix.adsmax.com
# Potentially malicious hosts entry modified by Norman Virus Control
# 127.0.0.1 www2.adsmax.com
|
|
awenner
Newbie
|
12. June 2008 @ 21:21 |
Link to this message
|
I'm sorry -- the site is hanging when I try to post any more logs...maybe I can try again later...
the sys 32 fle has some weird things like MRT.exe, quartz.dll, mshtml.dll, wininit.dll, webcheck.dll, urlmon.dll, url.dll, iertutil.dll, iernonce.dll, ieframe.dll,ieudinit.exe, ie4uinit.dll
Thank you!!
ARW
|
|
Advertisement
|
|
|
Senior Member
|
14. June 2008 @ 09:38 |
Link to this message
|
|
|
|
