1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] Host redirect

Discussion in 'Virus & Other Malware Removal' started by bdbmog, Apr 23, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    I'm being beat up by a bug of some sort that ad-aware can't seem to fix. If I enter a word on my search engine, it will come up, but another window from out of nowhere comes up from another site with several pop-up windows.

    Ad-aware will delete all of the files but this: c:\winnt\system32\awsetupc.cpy.dll

    When I reboot the same files will come back and ad-aware will delete all but the same one again.

    I have included the scan details of the problem files. The first one is the one I can't get rid of.
    I am running windows 2000 professional

    Any help or direction to a similar post is greatly appreciated.

    thanks,
    bdbmog

    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : File
    Data : awsetupc.cpy.dll
    Category : Data Miner
    Comment :
    Object : C:\WINNT\system32\
    FileSize : 301 KB
    Created on : 4/23/2004 12:02:10 PM
    Last accessed : 4/23/2004 12:02:10 PM
    Last modified : 4/8/2004 2:36:08 PM




    Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Warning!
    Bad hosts file entry:207.36.196.189:ieautosearch


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 207.36.196.189
    Category : Misc
    Comment : Possible Hosts File Hijack
    Bad Hostfile entry : 207.36.196.189:ieautosearch

    Warning!
    Bad hosts file entry:207.36.196.189:auto.search.msn.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 207.36.196.189
    Category : Misc
    Comment : Possible Hosts File Hijack
    Bad Hostfile entry : 207.36.196.189:auto.search.msn.com

    Warning!
    Bad hosts file entry:207.36.196.189:search.netscape.com


    Redirected hostfile entry Object recognized!
    Type : Hosts file
    Data : 207.36.196.189
    Category : Misc
    Comment : Possible Hosts File Hijack
    Bad Hostfile entry : 207.36.196.189:search.netscape.com


    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    38 entries scanned.
    New objects :3
    Objects found so far: 4




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 5


    8:19:28 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:03:54:837
    Objects scanned :52384
    Objects identified :5
    Objects ignored :0
    New objects :5
     
  2. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
  3. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    Thanks dai, but it didn't work. It did cause ad-aware to detect the files every time I run the scan now. I don't have to reboot for it to detect them.
     
  4. dai

    dai

    Joined:
    Mar 6, 2003
    Messages:
    11,198
    post a hijack log
     
  5. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    I hope this helps

    Logfile of HijackThis v1.97.7
    Scan saved at 1:43:31 PM, on 4/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Bruce Bennett.MAIN\My Documents\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [WAPI] C:\WINNT\system32\wtssvit.exe
    O4 - Startup: Palm Desktop for CLIÉ.lnk = Sony Handheld\palm.exe
    O4 - Global Startup: Acrobat Assistant.lnk = Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Billminder.lnk = Quicken\billmind.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = Quicken\QWDLLS.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2565261e4b4bf45cc420/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.3716782407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Ye.you need to show us a HijackThis log.....there are things in there which need removing.
    ;)
     
  7. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    that was a Hijack this log - or am I submitting it wrong.
     
  8. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    Here is the most current scan:
    I hope this helps
    Thanks
    bdbmog

    Logfile of HijackThis v1.97.7
    Scan saved at 2:31:10 PM, on 4/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Bruce Bennett.MAIN\My Documents\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [WAPI] C:\WINNT\system32\wtssvit.exe
    O4 - Startup: Palm Desktop for CLIÉ.lnk = Sony Handheld\palm.exe
    O4 - Global Startup: Acrobat Assistant.lnk = Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Billminder.lnk = Quicken\billmind.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = Quicken\QWDLLS.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2565261e4b4bf45cc420/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.3716782407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windowsincluding this one and "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O4 - HKCU\..\Run: [WAPI] C:\WINNT\system32\wtssvit.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2565261e4b4bf4...ip/RdxIE601.cab


    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and remove:
    C:\WINNT\system32\wtssvit.exe

    See if that sorts it.

    ;)
     
  10. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    Hi $teve,
    It got rid of all but 2 files. I couldn't find "C:WINNT\system32\wtssvit.exe" to delete.

    Here are the 2 files that keep coming back after they are deleted (copied from Ad-Aware log). and another Hijack This log.

    Thanks for all your help.
    bdbmog


    Ad-aware file:
    -------------------------------

    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : File
    Data : awsetupc.cpy.dll
    Category : Data Miner
    Comment :
    Object : C:\WINNT\system32\
    FileSize : 301 KB
    Created on : 4/23/2004 8:29:04 PM
    Last accessed : 4/23/2004 9:00:08 PM
    Last modified : 4/8/2004 2:36:08 PM




    Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    999 entries scanned.
    New objects :0
    Objects found so far: 1




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 2


    Hijack This File:
    -------------------------

    Logfile of HijackThis v1.97.7
    Scan saved at 5:37:56 PM, on 4/23/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\system32\dla\tfswctrl.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Bruce Bennett.MAIN\My Documents\HIJACK THIS\HijackThis.exe

    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - Startup: Palm Desktop for CLIÉ.lnk = Sony Handheld\palm.exe
    O4 - Global Startup: Acrobat Assistant.lnk = Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Billminder.lnk = Quicken\billmind.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = Quicken\QWDLLS.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.3716782407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Clean log.....I would have HijackThis "fix" this one:
    O15 - Trusted Zone: http://*.windowsupdate.com

    Dont worry about the 2 files.....unless you block all cookies you will get the odd one sneaking through.

    Consider installing the following:

    SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

    IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm

    ;)
     
  12. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    Hi $teve,
    I'm sorry to be a pest, but I still have the same problem as when we first started. Nothing has changed. I deleted Item 15 from Hjt as you suggested, cleared all cookies, history, and files, run Ad-aware, rebooted, run Ad-aware again, to no avail.

    I'm still being redirected, same as before, but now there's only the two files ad-aware detects.

    I can delete them and re-scan and they will be right back there. Nothing I do seems to be able to delete them.

    These are the two files causing the problem:

    C:\WINNT\system32\awsetupc.cpy.dll
    and
    HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian

    I have enclosed the ad-aware log.
    Thanks again for all the help.
    bdbmog

    Ad-aware Log:


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Sunday, April 25, 2004 6:39:05 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R299 22.04.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R299 22.04.2004
    Internal build : 231
    File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
    Total size : 1070822 Bytes
    Signature data size : 1052604 Bytes
    Reference data size : 18154 Bytes
    Signatures total : 23634
    Target categories : 10
    Target families : 455

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium IV
    Memory available:52 %
    Total physical memory:392688 kb
    Available physical memory:202784 kb
    Total page file size:819496 kb
    Available on page file:642024 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2047184 kb
    OS:Windows 2000

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Automatically try to unregister objects prior to deletion
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Remember window positions
    Set : Snap windows to desktop border
    Set : Always back up reference file, before updating
    Set : Create and save WebUpdate logfile
    Set : Dump details about unhandled exceptions to disk


    4/25/2004 6:39:05 AM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 4/25/2004 9:41:26 AM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:32 AM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:33 AM
    BasePriority : Normal
    FileSize : 87 KB
    FileVersion : 5.00.2195.6700
    ProductVersion : 5.00.2195.6700
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 12/7/1999 12:00:00 PM
    Last accessed : 4/25/2004 9:41:33 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:4 [lsass.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:33 AM
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 5.00.2195.6902
    ProductVersion : 5.00.2195.6902
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : LSA Executable and Server DLL (Export Version)
    InternalName : lsasrv.dll and lsass.exe
    OriginalFilename : lsasrv.dll and lsass.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/22/2002 7:54:58 PM
    Last accessed : 4/25/2004 9:41:33 AM
    Last modified : 2/25/2004 11:59:07 PM

    #:5 [svchost.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:37 AM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 12/7/1999 12:00:00 PM
    Last accessed : 4/25/2004 9:41:37 AM
    Last modified : 12/7/1999 12:00:00 PM

    #:6 [spoolsv.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:38 AM
    BasePriority : Normal
    FileSize : 44 KB
    FileVersion : 5.00.2195.6659
    ProductVersion : 5.00.2195.6659
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolss.exe
    OriginalFilename : spoolss.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 4/24/2003 11:28:18 PM
    Last accessed : 4/25/2004 9:41:38 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:7 [svchost.exe]
    FilePath : C:\WINNT\System32\
    ThreadCreationTime : 4/25/2004 9:41:38 AM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 12/7/1999 12:00:00 PM
    Last accessed : 4/25/2004 9:41:37 AM
    Last modified : 12/7/1999 12:00:00 PM

    #:8 [hidserv.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:38 AM
    BasePriority : Normal
    FileSize : 19 KB
    FileVersion : 5.00.2195.6655
    ProductVersion : 5.00.2195.6655
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : HID Audio Service
    InternalName : hidserv
    OriginalFilename : HIDSERV.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/17/2003 12:03:55 PM
    Last accessed : 4/25/2004 9:41:38 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:9 [mdm.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
    ThreadCreationTime : 4/25/2004 9:41:38 AM
    BasePriority : Normal
    FileSize : 264 KB
    FileVersion : 7.00.9064.9150
    ProductVersion : 7.00.9064.9150
    Copyright : Copyright (C) Microsoft Corp. 1997-2000
    CompanyName : Microsoft Corporation
    FileDescription : Machine Debug Manager
    InternalName : mdm.exe
    OriginalFilename : mdm.exe
    ProductName : Microsoft Development Environment
    Created on : 2/23/2001 2:07:30 PM
    Last accessed : 4/25/2004 9:41:38 AM
    Last modified : 2/23/2001 2:07:30 PM

    #:10 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ThreadCreationTime : 4/25/2004 9:41:39 AM
    BasePriority : Normal
    FileSize : 113 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 4/25/2003 9:19:11 PM
    Last accessed : 4/25/2004 9:41:39 AM
    Last modified : 2/27/2002 3:29:26 PM

    #:11 [nvsvc32.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:40 AM
    BasePriority : Normal
    FileSize : 76 KB
    FileVersion : 6.14.10.4523
    ProductVersion : 6.14.10.4523
    Copyright : (C) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 45.23
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 45.23
    Created on : 7/28/2003 8:19:00 PM
    Last accessed : 4/25/2004 9:41:40 AM
    Last modified : 7/28/2003 8:19:00 PM

    #:12 [regsvc.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:40 AM
    BasePriority : Normal
    FileSize : 66 KB
    FileVersion : 5.00.2195.6701
    ProductVersion : 5.00.2195.6701
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Remote Registry Service
    InternalName : regsvc
    OriginalFilename : REGSVC.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/17/2003 12:05:08 PM
    Last accessed : 4/25/2004 9:41:40 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:13 [mstask.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:41 AM
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 4.71.2195.6704
    ProductVersion : 4.71.2195.6704
    Copyright : Copyright (C) Microsoft Corp. 1997
    CompanyName : Microsoft Corporation
    FileDescription : Task Scheduler Engine
    InternalName : TaskScheduler
    OriginalFilename : mstask.exe
    ProductName : Microsoft
    Created on : 7/17/2003 12:04:43 PM
    Last accessed : 4/25/2004 9:41:41 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:14 [stisvc.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:41 AM
    BasePriority : Normal
    FileSize : 60 KB
    FileVersion : 5.00.2195.6656
    ProductVersion : 5.00.2195.6656
    Copyright : Copyright (C) Microsoft Corp. 1996-1997
    CompanyName : Microsoft Corporation
    FileDescription : Still Image Devices Monitor
    InternalName : STIMON
    OriginalFilename : STIMON.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/17/2003 12:05:15 PM
    Last accessed : 4/25/2004 9:41:41 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:15 [winmgmt.exe]
    FilePath : C:\WINNT\System32\WBEM\
    ThreadCreationTime : 4/25/2004 9:41:43 AM
    BasePriority : Normal
    FileSize : 192 KB
    FileVersion : 1.50.1085.0100
    ProductVersion : 1.50.1085.0100
    Copyright : Copyright (C) Microsoft Corp. 1995-1999
    CompanyName : Microsoft Corporation
    FileDescription : Windows Management Instrumentation
    InternalName : WINMGMT
    ProductName : Windows Management Instrumentation
    Created on : 7/17/2003 12:05:29 PM
    Last accessed : 4/25/2004 9:41:43 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:16 [svchost.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:41:44 AM
    BasePriority : Normal
    FileSize : 7 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 12/7/1999 12:00:00 PM
    Last accessed : 4/25/2004 9:41:37 AM
    Last modified : 12/7/1999 12:00:00 PM

    #:17 [rundll32.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:51:03 AM
    BasePriority : Normal
    FileSize : 9 KB
    FileVersion : 5.00.2134.1
    ProductVersion : 5.00.2134.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Run a DLL as an App
    InternalName : rundll
    OriginalFilename : RUNDLL.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 12/7/1999 12:00:00 PM
    Last accessed : 4/25/2004 9:51:04 AM
    Last modified : 12/7/1999 12:00:00 PM

    #:18 [explorer.exe]
    FilePath : C:\WINNT\
    ThreadCreationTime : 4/25/2004 9:52:03 AM
    BasePriority : Normal
    FileSize : 237 KB
    FileVersion : 5.00.3700.6690
    ProductVersion : 5.00.3700.6690
    Copyright : Copyright (C) Microsoft Corp. 1981-1999
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows (R) 2000 Operating System
    Created on : 7/17/2003 12:03:49 PM
    Last accessed : 4/25/2004 10:32:55 AM
    Last modified : 6/19/2003 7:05:04 PM

    #:19 [navapw32.exe]
    FilePath : C:\PROGRA~1\NORTON~1\
    ThreadCreationTime : 4/25/2004 9:52:08 AM
    BasePriority : Normal
    FileSize : 73 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.EXE
    ProductName : Norton AntiVirus
    Created on : 4/25/2003 9:19:11 PM
    Last accessed : 4/25/2004 9:52:08 AM
    Last modified : 2/27/2002 3:27:58 PM

    #:20 [tfswctrl.exe]
    FilePath : C:\WINNT\system32\dla\
    ThreadCreationTime : 4/25/2004 9:52:08 AM
    BasePriority : Normal
    FileSize : 100 KB
    FileVersion : 1.02.93a
    Copyright : Copyright
    CompanyName : VERITAS Software, Inc.
    FileDescription : Direct Access Component
    Created on : 11/28/2003 7:24:30 PM
    Last accessed : 4/25/2004 9:52:08 AM
    Last modified : 11/30/2001 6:02:00 AM

    #:21 [iwctrl.exe]
    FilePath : C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\
    ThreadCreationTime : 4/25/2004 9:52:09 AM
    BasePriority : Normal
    FileSize : 816 KB
    FileVersion : 4.0.2.3
    ProductVersion : 4.0.0.0
    Copyright : Copyright
    CompanyName : Pinnacle Systems, Inc.
    FileDescription : InstantWrite Control Center
    InternalName : iwctrl
    ProductName : InstantWrite
    Created on : 2/21/2003 3:27:14 PM
    Last accessed : 4/25/2004 9:52:09 AM
    Last modified : 2/21/2003 3:27:14 PM

    #:22 [hpcmpmgr.exe]
    FilePath : C:\Program Files\HP\hpcoretech\
    ThreadCreationTime : 4/25/2004 9:52:12 AM
    BasePriority : Normal
    FileSize : 208 KB
    FileVersion : 1.76.0
    ProductVersion : 1.76.0
    Copyright : Copyright (C) Hewlett-Packard. 2002-2003
    CompanyName : Hewlett-Packard Company
    FileDescription : HP Framework Component Manager Service
    InternalName : HPComponentManagerService module
    OriginalFilename : HPCmpMgr.exe
    ProductName : hp coretech (COmponent REuse TECHnology)
    Created on : 6/26/2003 10:50:24 PM
    Last accessed : 4/25/2004 9:52:12 AM
    Last modified : 6/26/2003 10:50:24 PM

    #:23 [hpwuschd2.exe]
    FilePath : C:\Program Files\HP\HP Software Update\
    ThreadCreationTime : 4/25/2004 9:52:12 AM
    BasePriority : Normal
    FileSize : 48 KB
    FileVersion : 3, 0, 38, 1
    ProductVersion : 3, 0, 38, 1
    Copyright : Copyright
    CompanyName : Hewlett-Packard Company
    FileDescription : hpwuSchd
    InternalName : hpwuSchd
    OriginalFilename : hpwuSchd.exe
    ProductName : HP Software Update Application
    Created on : 2/18/2004 8:55:28 PM
    Last accessed : 4/25/2004 9:52:12 AM
    Last modified : 2/18/2004 8:55:28 PM

    #:24 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 4/25/2004 9:52:14 AM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 4/22/2004 11:37:56 AM
    Last accessed : 4/25/2004 9:52:14 AM
    Last modified : 7/13/2003 2:00:20 AM

    #:25 [ctfmon.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:52:17 AM
    BasePriority : Normal
    FileSize : 8 KB
    FileVersion : 1.00.2409.7 built by: Lab06_N
    ProductVersion : 1.00.2409.7
    Copyright : Copyright (C) Microsoft Corporation. 1981-2001
    CompanyName : Microsoft Corporation
    FileDescription : Cicero Loader
    InternalName : CICLOAD
    OriginalFilename : CICLOAD.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 2/20/2001 5:09:54 PM
    Last accessed : 4/25/2004 9:52:17 AM
    Last modified : 2/20/2001 5:09:54 PM

    #:26 [psfree.exe]
    FilePath : C:\Program Files\Panicware\Pop-Up Stopper Free Edition\
    ThreadCreationTime : 4/25/2004 9:52:17 AM
    BasePriority : Normal
    FileSize : 512 KB
    FileVersion : 3, 1, 0, 1010
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2002-2003
    CompanyName : Panicware, Inc.
    FileDescription : Pop-Up Stopper Free Edition
    InternalName : Pop-Up Stopper Free Edition
    OriginalFilename : PSFree.exe
    ProductName : Pop-Up Stopper Free Edition
    Created on : 10/16/2003 6:40:27 PM
    Last accessed : 4/25/2004 9:52:17 AM
    Last modified : 4/29/2003 2:40:10 PM

    #:27 [acrotray.exe]
    FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
    ThreadCreationTime : 4/25/2004 9:52:19 AM
    BasePriority : Normal
    FileSize : 48 KB
    FileVersion : 5, 0, 0, 0
    ProductVersion : 5, 0, 0, 0
    Copyright : Copyright
    CompanyName : Adobe Systems Inc.
    FileDescription : AcroTray
    InternalName : AcroTray
    OriginalFilename : AcroTray.exe
    ProductName : AcroTray - Adobe Acrobat Distiller helper application.
    Created on : 4/8/2004 1:40:26 PM
    Last accessed : 4/25/2004 9:52:19 AM
    Last modified : 3/15/2001 9:18:18 AM

    #:28 [hpqtra08.exe]
    FilePath : C:\Program Files\HP\Digital Imaging\bin\
    ThreadCreationTime : 4/25/2004 9:52:21 AM
    BasePriority : Normal
    FileSize : 228 KB
    FileVersion : 5.31.0.147
    ProductVersion : 005.031.000.147
    Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
    CompanyName : Hewlett-Packard Co.
    FileDescription : HP Digital Imaging Monitor (CUE)
    InternalName : HPQTRA00
    OriginalFilename : HPQTRA00.EXE
    ProductName : hp digital imaging - hp all-in-one series
    Created on : 7/7/2003 5:20:40 AM
    Last accessed : 4/25/2004 9:52:21 AM
    Last modified : 7/7/2003 5:20:40 AM

    #:29 [wincinemamgr.exe]
    FilePath : C:\Program Files\InterVideo\Common\Bin\
    ThreadCreationTime : 4/25/2004 9:52:23 AM
    BasePriority : Normal
    FileSize : 164 KB
    FileVersion : 1.8.0
    ProductVersion : 1, 8, 0, 0
    Copyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
    CompanyName : InterVideo Inc.
    FileDescription : WinCinema Manager
    InternalName : WinCinema Manager
    OriginalFilename : WinCinemaMgr.EXE
    ProductName : WinCinema Manager for InterVideo WinCinema products
    Created on : 12/25/2003 1:32:24 AM
    Last accessed : 4/25/2004 9:52:23 AM
    Last modified : 10/3/2003 6:31:16 AM

    #:30 [hptskmgr.exe]
    FilePath : C:\Program Files\HP\hpcoretech\comp\
    ThreadCreationTime : 4/25/2004 9:52:34 AM
    BasePriority : Normal
    FileSize : 124 KB
    FileVersion : 1.76.0
    ProductVersion : 1.76.0
    Copyright : Copyright (C) Hewlett-Packard. 2002-2003
    CompanyName : Hewlett-Packard Company
    FileDescription : HP Task Management Component
    InternalName : HP Task Management Component
    OriginalFilename : HPTskMgr.exe
    ProductName : hp coretech (COmponent REuse TECHnology)
    Created on : 6/26/2003 10:50:24 PM
    Last accessed : 4/25/2004 9:52:34 AM
    Last modified : 6/26/2003 10:50:24 PM

    #:31 [hpzipm12.exe]
    FilePath : C:\WINNT\system32\
    ThreadCreationTime : 4/25/2004 9:52:58 AM
    BasePriority : Normal
    FileSize : 64 KB
    FileVersion : 7, 0, 0, 0
    ProductVersion : 7, 0, 0, 0
    Copyright : Copyright
    CompanyName : HP
    FileDescription : PML Driver
    InternalName : PmlDrv
    OriginalFilename : PmlDrv.exe
    ProductName : HP PML
    Created on : 4/12/2004 6:08:34 PM
    Last accessed : 4/25/2004 9:52:58 AM
    Last modified : 8/11/2003 8:07:38 AM

    #:32 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ThreadCreationTime : 4/25/2004 9:53:09 AM
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Microsoft
    Created on : 8/29/2002 11:14:40 AM
    Last accessed : 4/25/2004 10:32:43 AM
    Last modified : 8/29/2002 11:14:40 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : File
    Data : awsetupc.cpy.dll
    Category : Data Miner
    Comment :
    Object : C:\WINNT\system32\
    FileSize : 301 KB
    Created on : 4/25/2004 4:04:05 AM
    Last accessed : 4/25/2004 10:35:27 AM
    Last modified : 4/8/2004 2:36:08 PM




    Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Hosts file scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    999 entries scanned.
    New objects :0
    Objects found so far: 1




    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 2


    6:42:56 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:03:51:102
    Objects scanned :53341
    Objects identified :2
    Objects ignored :0
    New objects :2
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You have the Look2Me parasite.

    Start with these steps:
    Download:

    http://download.broadbandmedic.com/VbStuff/VX2Finder.exe

    Run VX2Finder.exe and click the FindVX2 button. It will display a list of what it found. Now click the Log button. The log should open in Notepad. Copy
    and post it's contents.
    (It is saved by default to your
    %User%\Local Settings\Temp directory)

    Next, go here:

    http://www10.brinkster.com/expl0iter/freeatlast/dumprights.htm

    Download the DumpRights.exe & Privilege.exe file and the ProcessFinder(tool)

    UnZip the files.


    First, DoubleClick on the tool.bat file found inside the ProcessFinder(tool).
    *It'll generate a report . Copy and post it here.

    Next, Run both 'Privilege.exe' and 'DumpRights.exe' tools.
    in: "privilege": Check for the location of this string:
    "SeDebugPrivilege->(Debug Programs)"
    It should appear in one of the columns:
    ->'privileges that you have...'
    or ->'privileges that you don't...'
    *Post that info as well.(which column)

    In 'DumpRights' Check for same string:
    'SeDebugPrivilege'; whether it contains "+" sign and
    can be expanded..
    --Or not!
    *Post that info as well.
     
  14. bdbmog

    bdbmog Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    55
    Hi flrman1,
    Here are the the items in order you wanted me to post.

    Thank-you for helping.
    bdbmog

    -----------------------------------------------------------

    Log for VX2.BetterInternet File Finder

    Files Found---
    C:\WINNT\system32\awsetupc.cpy.dll
    C:\WINNT\system32\awsetupc.dll

    Guardian Key---
    Asynchronous 000
    DllName C:\WINNT\system32\awsetupc.dll
    Impersonate 000
    Logon WinLogon
    Version 122
    ID {E73CFD2D-B492-45B7-9213-B918090B76C1}
    IDex N1

    User Agent String---
    {E73CFD2D-B492-45B7-9213-B918090B76C1}

    --------------------------------------------------------------------

    DiamondCS Commandline Retrieval Tool for Windows NT4/2K/XP
    Copyright (C) 2003, DiamondCS - http://www.diamondcs.com.au
    ---
    8 - Ÿ
    <Error> Unable to read memory from PID 8
    152 - \SystemRoot\System32\smss.exe
    <Error> Unable to read memory from PID 152
    200 - \??\C:\WINNT\system32\winlogon.exe
    winlogon.exe
    228 - C:\WINNT\system32\services.exe
    C:\WINNT\system32\services.exe
    240 - C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\lsass.exe
    456 - C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost -k rpcss
    480 - C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\spoolsv.exe
    512 - C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe -k netsvcs
    532 - C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\hidserv.exe
    568 - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
    596 - C:\Program Files\Norton AntiVirus\navapsvc.exe
    "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    648 - C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\nvsvc32.exe
    688 - C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\regsvc.exe
    712 - C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\MSTask.exe
    736 - C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\stisvc.exe
    844 - C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    892 - C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe -k wugroup
    760 - C:\WINNT\Explorer.EXE
    C:\WINNT\Explorer.EXE
    1228 - C:\PROGRA~1\NORTON~1\navapw32.exe
    "C:\PROGRA~1\NORTON~1\navapw32.exe"
    1252 - C:\WINNT\system32\dla\tfswctrl.exe
    "C:\WINNT\system32\dla\tfswctrl.exe"
    1256 - C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe"
    1276 - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    1208 - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    1340 - C:\WINNT\system32\ctfmon.exe
    "C:\WINNT\system32\ctfmon.exe"
    1368 - C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    1376 - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
    1428 - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
    1452 - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
    1704 - C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    "C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe" -Embedding
    1436 - C:\WINNT\system32\HPZipm12.exe
    C:\WINNT\system32\HPZipm12.exe
    1308 - c:\Program Files\PestPatrol\ppcontrol.exe
    "c:\Program Files\PestPatrol\ppcontrol.exe"
    288 - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    1220 - C:\Documents and Settings\Bruce Bennett.MAIN\Local Settings\Temporary Internet Files\Content.IE5\AJCBT2NA\VX2Finder[1].exe
    "C:\Documents and Settings\Bruce Bennett.MAIN\Local Settings\Temporary Internet Files\Content.IE5\AJCBT2NA\VX2Finder[1].exe"
    848 - C:\WINNT\system32\cmd.exe
    cmd /c ""C:\Documents and Settings\Bruce Bennett.MAIN\Desktop\ProcessFinder\tool.bat" "

    -----------------------------------------------------------------------

    SE Debug Privilege is in Privileges that you don't have

    --------------------------------------------------------------------

    In DumpRights, it does not have a + sign
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Ok here's what you need to do:

    You will need get KillBox ver.2.00.0179 from here http://download.broadbandmedic.com/VbStuff/KillBox.zip, so download that and keep it handy, we will need it to remove the Look2Me files.(unzip the files to your Desktop)

    1.) From Control Panel>>Administrative Tools>>Local Security Policy & Under Local Profiles>>User Rights Assignment...and on the right side look for Debug Programs>>Right Click>>Select Properties.

    2.)Click Add User or Group and when the next Window opens, click the Object Types button, and now put a Check in the box for Groups. click OK

    3.)That Window will close, and the one you are left with click Advanced and from the next Window Find Now
    *Look under Name(RDN) for Administrators and select it & Click OK.

    4.)Administrators should show up in the box beside "Check Names" just Click OK, then that Window will close..and the next Window under the only Tab "Local Security Setting" should have Administrators listed in it, if it does Click Apply then OK again.

    Here's a ScreenShot of what you should have.

    http://www.broadbandmedic.com/download/VbStuff/images/Pol.JPG

    Here's a screenshot of what an infected system looks like:

    http://www.broadbandmedic.com/download/VbStuff/images/NFG.JPG

    With a reboot that fixes that.
    *Make sure you reboot!


    After rebooting...
    Close all open Windows, open KillBox and under Fix L2M click Kill VX2.BetterInternet.
    Your Computer will Shut down..
    On rebooting, the 2 files will be deleted.

    *The Problem
    Because we accessed these .dll files, they will have corrupted the User Rights Assignment again , but no big deal.
    Repeat the Process of Adding the Administrators Group to the Debug Programs again, and since the offending files are gone, this time those settings will stay put.


    Things to do with Killbox after removing these files:
    1.)Click Find>>Find VX2.BetterInternet
    *Nothing Should show up in the next window, if it does you are infected still. But if Clean then...

    2.)Click Find>>User Agent String, click on the CLSID key, and under Action>>Delete User Agent String

    3.)Click Fix L2M>>Import L2M.reg to remove various registry keys set by the software.

    Run Ad-aware using an Updated reference file to remove anything else I missed.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Solved] Host redirect
  1. Mackoy
    Replies:
    0
    Views:
    511
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223143

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice