PDA

View Full Version : Hosts file and redirection


crazyshady
2011-03-09, 10:00
(note that i am repairing my friend's laptop)Hi, i recently have not been able to go on google. it brings up a page telling me that my host file is infected and that it's taking over my system32 and how i need to download these spyware fighters....i went ahead and looked into the hosts file, everything was fine. I ran spybot scans and it detected quite a few things. However, it is unable to fix a few errors because it says "access is denied". I ran the scan under admin and even activated vista's hidden admin account and the same problem went on. I then tried to manually replace the host file but it didn't let me. So i deleted the host file. I then tried to place a new host file in there (thinking that im being clever since i'm not overwriting anything lol) and it says file already exists move and replace etc etc and same problem exists. This made me realise that the host file that i could c was prbly a phony. There's another host file that i can't seem to see (i have view hidden files checked but apparently this goes beyond that lol). Also the delete on next reboot didn't work. So here i am humbly asking for ur help cuz i've been at this for about 5 hours to no avail. log file is posted underneath.

--- Search result list ---
Fraud.CleanUpAntivirus: [SBI $3E7BA079] Settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\URL

Fraud.CleanUpAntivirus: [SBI $5FCE740B] Settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\URL

Fraud.CleanUpAntivirus: [SBI $C57A4661] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\URL

Fraud.CleanUpAntivirus: [SBI $7C3FB000] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\URL

Fraud.CleanUpAntivirus: [SBI $5A6E39C5] Settings (Registry value, fixed)
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes\URL

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Win32.Delf.uv: [SBI $12FA0D13] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE\Debugger

Win32.Delf.uv: [SBI $38809C6B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE\Debugger

Win32.Delf.uv: [SBI $3E5A4CF7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE\Debugger

Win32.Delf.uv: [SBI $9F1BF249] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE\Debugger

Win32.Delf.uv: [SBI $F08450FC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE\Debugger

Win32.Delf.uv: [SBI $AEB50E08] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE\Debugger

Win32.Delf.uv: [SBI $14A47065] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE\Debugger

Win32.Delf.uv: [SBI $E73FD4D9] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE\Debugger

Win32.Delf.uv: [SBI $B89C0A2A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE\Debugger

Win32.Delf.uv: [SBI $3D6356BC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE\Debugger

Win32.Delf.uv: [SBI $0B730D22] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE\Debugger

Win32.Delf.uv: [SBI $D9214457] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE\Debugger

Win32.Delf.uv: [SBI $9554BC9A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE\Debugger

Win32.Delf.uv: [SBI $BF2E2DE2] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE\Debugger

Win32.Delf.uv: [SBI $BC3A58AC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE\Debugger

Win32.Delf.uv: [SBI $98481766] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE\Debugger

Win32.Delf.uv: [SBI $6A9737AB] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE\Debugger

Win32.Delf.uv: [SBI $26D8D340] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE\Debugger

Win32.Delf.uv: [SBI $FD1848F3] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE\Debugger

Win32.Delf.uv: [SBI $50DB3580] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE\Debugger

Win32.Delf.uv: [SBI $C8F89CDB] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE\Debugger

Win32.Delf.uv: [SBI $4D39EBEB] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE\Debugger

Win32.Delf.uv: [SBI $72B5A289] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE\Debugger

Win32.Delf.uv: [SBI $71C0DC4A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE\Debugger

Win32.Delf.uv: [SBI $0F5F97D0] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE\Debugger

Win32.Delf.uv: [SBI $3FAB4A59] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE\Debugger

Win32.Delf.uv: [SBI $BFF23910] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE\Debugger

Win32.Delf.uv: [SBI $8F954338] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE\Debugger

Win32.Delf.uv: [SBI $641C1698] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE\Debugger

Win32.Delf.uv: [SBI $37B4408C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE\Debugger

Win32.Delf.uv: [SBI $82C70629] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE\Debugger

Win32.Delf.uv: [SBI $2A60827B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE\Debugger

Win32.Delf.uv: [SBI $A2F101E4] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE\Debugger

Win32.Delf.uv: [SBI $E140A125] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE\Debugger

Win32.Delf.uv: [SBI $013394FB] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE\Debugger

Win32.Delf.uv: [SBI $25AC238F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE\Debugger

Win32.Delf.uv: [SBI $B5D63785] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE\Debugger

Win32.Delf.uv: [SBI $0D64ACA2] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE\Debugger

Win32.Delf.uv: [SBI $B093F616] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE\Debugger

Win32.Delf.uv: [SBI $38D3A381] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE\Debugger

Win32.Delf.uv: [SBI $5C97280E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE\Debugger

Win32.Delf.uv: [SBI $FC91172C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE\Debugger

Win32.Delf.uv: [SBI $66E2E334] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE\Debugger

Win32.Delf.uv: [SBI $757C4426] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE\Debugger

Win32.Delf.uv: [SBI $31D93FC3] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE\Debugger

Win32.Delf.uv: [SBI $B2917A4C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE\Debugger

Win32.Delf.uv: [SBI $DADBF360] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE\Debugger

Win32.Delf.uv: [SBI $94009F2F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE\Debugger

Win32.Delf.uv: [SBI $48059D4E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE\Debugger

Win32.Delf.uv: [SBI $7BBE2E83] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE\Debugger

Win32.Delf.uv: [SBI $14347142] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE\Debugger

Win32.Delf.uv: [SBI $C8317323] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE\Debugger

Win32.Delf.uv: [SBI $198E83EB] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE\Debugger

Win32.Delf.uv: [SBI $4BB15A07] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE\Debugger

Win32.Delf.uv: [SBI $4C2D9D6C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE\Debugger

Win32.Delf.uv: [SBI $02061F38] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE\Debugger

Win32.Delf.uv: [SBI $B09AF539] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE\Debugger

Win32.Delf.uv: [SBI $4C0BC294] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE\Debugger

Win32.Delf.uv: [SBI $2D003D31] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE\Debugger

Win32.Delf.uv: [SBI $6B299F39] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE\Debugger

Win32.Delf.uv: [SBI $84E5018B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE\Debugger

Win32.Delf.uv: [SBI $F963F0F7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\Debugger

Win32.Delf.uv: [SBI $83CDDB58] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.EXE\Debugger

Win32.Delf.uv: [SBI $D507D06A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE\Debugger

Win32.Delf.uv: [SBI $AB0D8EB4] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE\Debugger

Win32.Delf.uv: [SBI $ADCFE76A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE\Debugger

Win32.Delf.uv: [SBI $B075B380] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.EXE\Debugger

Win32.Delf.uv: [SBI $A9BA902C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE\Debugger

Win32.Delf.uv: [SBI $0FD554DC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE\Debugger

Win32.Delf.uv: [SBI $5B4237D3] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE\Debugger

Win32.Delf.uv: [SBI $31CC89E0] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE\Debugger

Win32.Delf.uv: [SBI $0B5A5E1B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE\Debugger

Win32.Delf.uv: [SBI $6F94CDE5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE\Debugger

Win32.Delf.uv: [SBI $F8BFD485] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE\Debugger

Win32.Delf.uv: [SBI $41EE7A7C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE\Debugger

Win32.Delf.uv: [SBI $9BFB3235] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE\Debugger

Win32.Delf.uv: [SBI $D6BFEC67] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE\Debugger

Win32.Delf.uv: [SBI $77D585C7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE\Debugger

Win32.Delf.uv: [SBI $2BAF4110] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE\Debugger

Win32.Delf.uv: [SBI $95619944] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE\Debugger

Win32.Delf.uv: [SBI $A7762080] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE\Debugger

Win32.Delf.uv: [SBI $3A1A71D0] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE\Debugger

Win32.Delf.uv: [SBI $5C9D2188] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE\Debugger

Win32.Delf.uv: [SBI $04C7E526] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE\Debugger

Win32.Delf.uv: [SBI $6DDCE75E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE\Debugger

Win32.Delf.uv: [SBI $6C13BC00] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE\Debugger

Win32.Delf.uv: [SBI $503E0703] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE\Debugger

Win32.Delf.uv: [SBI $4F5130E5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE\Debugger

Win32.Delf.uv: [SBI $EAF3EE5B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE\Debugger

Win32.Delf.uv: [SBI $780C0036] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE\Debugger

Win32.Delf.uv: [SBI $B6B7A145] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE\Debugger

Win32.Delf.uv: [SBI $23477AE7] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE\Debugger

Win32.Delf.uv: [SBI $5159CD7E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE\Debugger

Win32.Delf.uv: [SBI $AF5A3F20] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE\Debugger

Win32.Delf.uv: [SBI $D2F9875E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE\Debugger

Win32.Delf.uv: [SBI $E962910F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE\Debugger

Win32.Delf.uv: [SBI $C93E9E72] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE\Debugger

Win32.Delf.uv: [SBI $6E950E21] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE\Debugger

Win32.Delf.uv: [SBI $B84CE5C5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE\Debugger

Win32.Delf.uv: [SBI $AE0ED1C1] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger

User abort!: Scan was not completed successfully. (Status)


ps: i aborted cuz its 4 am and also cuz there's basically nothing after those. like i said i've been at this for a few hours and so i've done this scan quite a few times lol. ty for ur help
spybotsandra
2011-03-09, 11:26
Hello,

Please delete your old host file.
It should be stored here:
Windows 2000/XP/NT: C:\windows\system32\drivers\etc

Then download a new host file from this site (http://www.mvps.org/winhelp2002/hosts.txt).

This is how to do it:
Create a new txt file with notepad on your desktop.
Therefore right click your desktop, choose "New", then choose "Text Document".
Name it hosts. Then right click and choose rename.
Now remove the .txt so that you have a file without any extensions, just named hosts.
Then go to this site (http://www.mvps.org/winhelp2002/hosts.txt).
Mark the whole text. Then copy the whole text.
Open your new hosts file and insert the copied text here.
Save the file.
Now move the file by copy and paste to:
C:\windows\system32\drivers\etc

Best regards
Sandra
Team Spybot
crazyshady
2011-03-12, 00:18
Thanks for reply. Umm, that didn't work. The problem is still there. I myself managed to get it working but it only worked for one day. Now it just says page cannot be displayed (as opposed to the entire redirection window). any idea? (spybot still there are viruses in the host file and t hat it cannot delete them)
tashi
2011-03-12, 08:01
Hello crazyshady,

Someone can assist after taking a look at the system.

Please see this FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) It includes instructions in post #2 on how to provide a preliminary DDS log, which is used for analysis.

Then start a new topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer will advise when available.

If the infection prevents a log being produced please start a new topic there anyway and let them know.

Best regards.