This came from part of a HiJackThis log....
Hosts- 74.XXX.40.xxx paybillsnow.com (this is not the address, I will not give real link because it hyperlinks directly to infection)
(There are multiple addresses linking to these browser HiJacks, I'm only showing one)
This seem to be some sort of browser Hijack...but I can't figure out what in the registry was attacked. The infected PC had 784 pieces of malware and trojans, most of them as were .exe's. I believe this was 1 or 2 viruses that were executed which led to the PC to be bombed. Those were successfully removed. What you see above are the remnants of the bug, and nothing I've tried will kill these browser hijacks. These don't pop up in Autoruns, so I can't find the in the registry, CWShredder doesn't see them, HijackThis sees them but can't remove them, Spybot, or Lavasofts Adaware have been of no use either. I've also run a rootkit scan to no avail.
Any thoughts???