Hello,

Network Shield is reporting it has stopped access to a malware site but I can’t find the file or malware app that’s trying to go to these sites.

I have run the scanner in safe mode but it comes up clean. I have run a boot time scan as well and it too comes up clean.

All of this started on 1/15/09 after a co-worker opened a email (Halmarkcard@halmark.com or something like that) and it loaded up a trojan. Avast did not catch it until after she opened it. After many scans I thought I had got rid of it, however the Network Shield is saying something is trying to go to a malware site.

Here is the log from Network Shield.

22.01.2009 07:28:20 Network Shield: blocked access to malicious site 77.74.48.105/dl/dy1Juwk.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]
22.01.2009 07:28:24 Network Shield: blocked access to malicious site 77.74.48.105/dl/fgcaf1qr6.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]
23.01.2009 07:21:11 Network Shield: blocked access to malicious site 77.74.48.105/dl/c2Juz0.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\Explorer.EXE ]
23.01.2009 07:21:11 Network Shield: blocked access to malicious site 77.74.48.105/dl/3cp09f.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\Explorer.EXE ]
23.01.2009 07:21:11 Network Shield: blocked access to malicious site 77.74.48.105/dl/ude07m.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\Explorer.EXE ]
23.01.2009 07:21:11 Network Shield: blocked access to malicious site 77.74.48.105/dl/taf0ma.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\Explorer.EXE ]
23.01.2009 07:23:31 Network Shield: blocked access to malicious site 77.74.48.105/dl/3cp09f.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]
23.01.2009 07:24:14 Network Shield: blocked access to malicious site 77.74.48.105/dl/ude07m.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]
23.01.2009 07:24:18 Network Shield: blocked access to malicious site 77.74.48.105/dl/c2Juz0.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]
23.01.2009 07:24:24 Network Shield: blocked access to malicious site 77.74.48.105/dl/taf0ma.dll.html?cuid=abd79d593bcfc64a8c4e0f356a361cd4&suid=6c7e1d42e40111dd8e3500304890471a&affid=169170&tid=txd10419&morph_id=414&cver=414&os_ver=261 [ C:\WINDOWS\System32\svchost.exe ]

Any help would be great!
Thank you.

Well, if avast! is missing it, there are several free scans you can try. Maybe one of them will pick it up:

Try a scan with DrWeb CureIT!
Try a scan with Kaspersky Virus removal Tool

Try one or more of the usual free adware/spyware scanners.

Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free
Malwarebytes’ Anti-Malware

Try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner

OK thanks I will give some of these a try.

You could also post a HijackThis Log
http://www.filehippo.com/download_hijackthis/