Strange behaviour with IE after virus

[arch0nmyc0n]

I have two computers that I just removed the silly Sasser virus from using nortons removal and even AVGs multiple viral remover that includes sasser. Both machines have AVG installed. One has the free one and the other has a paid 7 version. however now for some reason neither machine can go to grisofts website with either the updater or IE... whenever I type it into the address bar it takes me to a goole search page for it (google toolbar is installed) and lists AVG as a result. I dclick on it and this page cannot be displayed... here is a hyjack log... any ideas?

Logfile of HijackThis v1.97.7
Scan saved at 2:28:54 PM, on 05/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgwa.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gary De Borger\Local Settings\Temporary Internet Files\Content.IE5\M34VQJQL\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/wea...s/CAON0245.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.craigcopy.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.craigcopy.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...112.4712615741

[NooNoo]

Check the hosts file?

[3FS]

Check the hosts file?

This virus is putting entries in the lmhosts file for antivirus websites that points back to 127.0.0.1 or some other silly nonsense entry.

Use notepad to edit the file (located under windows\system32\drivers\etc\).... Delete those entries, and you should be ready to rock n roll!

[arch0nmyc0n]

I checked the host file after posting but nothing in there. I started setting up a panda activescan... took forever... must be a lot of people using it...

Anyways it found 86 files of Gaobot. Once removed it works fine. That was the first computer... the second I finally got it to start scanning with panda and it has found some on there... maybe the same thing...

Both Norton and AVG installed on the machine missed these infections... yeah... I'm starting not to trust many virus scanners at all anymore.... I realize it's difficult for them to keep up, but it's just making it difficult now to effectively remove them all... I mean Gaobot is an older virus... grrrr... anyways I'll report what I find on the second machine...

[natcom]

I personallyl take off all entries with (no name) on hijackedthis and numbers 16 entries anyway I don't see his been part of your problem but I thought I mention that

[arch0nmyc0n]

2nd machine had gaobot on there also, two old magistr and an exploit... but it's still not getting to grisoft... if I can't get it to go to grisoft it can't update AVG... grrrr...

[NooNoo]

You can download the avg updates separately. see here You just dump the bin in your avg directory and there is a setting to get it to update locally.... I don't remember offhand where... but it is there.

[arch0nmyc0n]

Actually with version 7 you can just point it to any folder where the BIN file resides, which I have done. But if I can't get to grisoft the user won't be able to update so I gotta find out what's causing it to report that grisoft "cannot be displayed". I can't remember if I checked that system's host file but I will check it once I get in... Adaware pulled off around 950 objects and spybot then got around 20. I dunno, it's a fresh day, maybe I'll figure it out easily today....