Jump to content


Photo
- - - - -

Can't Connect to Google or Bing


  • This topic is locked This topic is locked
21 replies to this topic

#1 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 October 2009 - 04:06 PM

Hi -

Installed Malwarebytes to get rid of the TotalSecurity virus/malware/trojan that was infecting my computer. Program worked great and did the trick in getting rid of the problem. Unfortunately, now I can not connect to Google or Bing websites. Just get "Internet Explorer can not display the webpage". All other web pages display fine as far as I can tell. Not a router or server problem as I have tested numerous with the same results.

Any help would be appreciated!

Log is as follows...

Malwarebytes' Anti-Malware 1.41
Database version: 2992
Windows 5.1.2600 Service Pack 3

10/19/2009 10:04:37 PM
mbam-log-2009-10-19 (22-04-37).txt

Scan type: Quick Scan
Objects scanned: 119977
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 11

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\emi027\Desktop\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009 (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Csrss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12940154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12940154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\emi027\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\12940154\12940154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12940154\12940154.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12940154\pc12940154ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\emi027\Local Settings\Temporary Internet Files\Content.IE5\DN83LR9K\setup[1].exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\emi027\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\emi027\Desktop\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\emi027\Local Settings\Temp\csrss2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrss2.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\emi027\Desktop\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#2 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 27 October 2009 - 06:46 AM

Hi,

It may have been because there's a proxy set by the malware.
To fix this...
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

Also, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a HijackThis log, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In case you don't have HijackThis,

* Download Trend Micro Hijack This™
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 27 October 2009 - 09:06 AM

Hi -

Thanks so much for responding! I did check the Explorer settings and my proxy settings were set correctly. Here are my updated logs for Malwarebytes scan and HijackThis.

Malwarebytes' Anti-Malware 1.41
Database version: 3039
Windows 5.1.2600 Service Pack 3

10/27/2009 8:59:39 AM
mbam-log-2009-10-27 (08-59-39).txt

Scan type: Quick Scan
Objects scanned: 117256
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:02 AM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wickedlocal.com/norton
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1178558148484
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe

--
End of file - 6514 bytes



Hi,

It may have been because there's a proxy set by the malware.
To fix this...
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

Also, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a HijackThis log, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In case you don't have HijackThis,

* Download Trend Micro Hijack This™
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.



#4 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 27 October 2009 - 09:14 AM

Hi,

* Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 28 October 2009 - 04:18 PM

Hi,

* Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.





Hi - Thanks for helping! I did perfrom Avira scan but it did not fix the problem. I have enclosed the log below for you to review.

It is very strange. I can access all websites with the exception of google.com, bing.com and ask.com. I can access yahoo.com.

Do you think it might be something that Malwarebytes quarantined that is causing this problem?



Avira AntiVir Personal
Report file date: Wednesday, October 28, 2009 16:18

Scanning for 1562564 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : P027

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 03:08:01
ANTIVIR3.VDF : 7.1.5.19 139776 Bytes 7/23/2009 12:36:13
Engineversion : 8.2.0.228
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/23/2009 14:59:39
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/23/2009 14:59:39
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 14:59:39
AEGEN.DLL : 8.1.1.50 352629 Bytes 7/23/2009 14:59:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, October 28, 2009 16:18

Starting search for hidden objects.
'49455' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned
Scan process 'BtMon2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TgbStarter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dc3d5e1c0c70bb9a1b890316e8665042\BIT1.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0000._p
[WARNING] The file could not be written!
--> _sfx_0008._p
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed


End of the scan: Wednesday, October 28, 2009 17:08
Used time: 49:28 Minute(s)

The scan has been done completely.

9591 Scanned directories
301320 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
301319 Files not concerned
1285 Archives were scanned
4 Warnings
1 Notes
49455 Objects were scanned with rootkit scan
0 Hidden objects were found

#6 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 28 October 2009 - 04:21 PM

Hi,

This has nothing to do with malwarebytes deleting something though.

I wonder if this is an IE issue only, or if you have the same in Firefox.
Do you have Firefox installed? If not, install it and let me know if you're having the same with it.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 07:23 AM

Yes - Firefox has the same problem.


Hi,

This has nothing to do with malwarebytes deleting something though.

I wonder if this is an IE issue only, or if you have the same in Firefox.
Do you have Firefox installed? If not, install it and let me know if you're having the same with it.



#8 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 07:29 AM

Ok, do the following please...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 07:29 AM

Saw a thread posted by ocaenbell a few lines down. Seemed to be the same problem.

Yes - Firefox has the same problem.



#10 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 07:32 AM

See my above post, because we posted at the same time :)
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 09:50 AM

See my above post, because we posted at the same time :)


Hi - Thanks again for the attention! Here's my Combo report.

ComboFix 09-10-27.08 - emi027 10/28/2009 15:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.285 [GMT -4:00]
Running from: c:\documents and settings\emi027\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 17:16 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-27 14:00 . 2009-10-27 14:00 -------- d-----w- c:\program files\Trend Micro
2009-10-26 16:02 . 2009-10-26 16:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-26 16:02 . 2009-10-26 16:02 -------- d-sh--w- c:\documents and settings\emi027\IECompatCache
2009-10-26 16:01 . 2009-10-26 16:01 -------- d-sh--w- c:\documents and settings\emi027\PrivacIE
2009-10-26 15:58 . 2009-10-26 15:58 -------- d-sh--w- c:\documents and settings\emi027\IETldCache
2009-10-26 15:29 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 15:29 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 15:29 . 2009-10-28 12:24 -------- d-----w- c:\windows\ie8updates
2009-10-26 15:28 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 15:25 . 2009-10-26 15:28 -------- dc-h--w- c:\windows\ie8
2009-10-24 21:38 . 2009-10-24 21:38 -------- d-----w- c:\program files\Enigma Software Group
2009-10-24 15:56 . 2009-10-24 15:56 -------- d-----w- c:\program files\Alwil Software
2009-10-21 23:58 . 2009-10-21 23:58 -------- d-----w- c:\program files\AVG
2009-10-20 01:37 . 2009-10-20 01:37 -------- d-----w- c:\documents and settings\emi027\Application Data\Malwarebytes
2009-10-20 01:36 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-20 01:36 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-20 01:36 . 2009-10-20 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-20 01:36 . 2009-10-20 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 23:45 . 2007-05-08 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2009-10-07 01:19 . 2007-05-14 14:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 23:06 . 2007-05-07 16:02 59936 ----a-w- c:\documents and settings\emi027\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2007-05-07 15:52 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-05-07 15:52 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-05-07 15:52 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-05-07 15:52 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-05-07 15:52 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-05-08 12:47 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-05-07 15:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2006-02-28 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-11 113664]
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2007-5-10 65536]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost

R1 TgbVPN;TheGreenBow VPN Client;c:\windows\system32\drivers\TgbVpn.sys [9/20/2007 9:32 AM 108032]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 TgbIKE Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [9/20/2007 9:32 AM 124800]
S4 Avixei;Avixei; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2007-10-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4183852131.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2009-10-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wickedlocal.com/norton
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-hpbdfawep - c:\program files\HP\Dfawep\bin\hpbdfawep.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 15:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-28 15:45
ComboFix-quarantined-files.txt 2009-10-28 19:45

Pre-Run: 57,202,196,480 bytes free
Post-Run: 58,062,499,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 563976B699E931FFEA3A331C3AA2FC3F

#12 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 09:57 AM

Hi,

Can you test Google / Bing / whatever searchengine now? Let me know if it's still the same.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 10:47 AM

Hi,

Can you test Google / Bing / whatever searchengine now? Let me know if it's still the same.



Still the same.

#14 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 10:51 AM

Hi,

Download CCleaner
1. During the install uncheck to install the Yahoo Toolbar
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.


In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Then reboot.... Important!

Let me know if still the same after reboot.

If so, please post the contents of your C:\Windows\system32\drivers\hosts file (open this file with notepad).
If it's too large, attach it to your post instead.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 10:56 AM

Oh, also flush your dns cache..

To do this, go to start > run and copy and paste: ipconfig /flushdns
Hit enter.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 12:46 PM

Oh, also flush your dns cache..

To do this, go to start > run and copy and paste: ipconfig /flushdns
Hit enter.


Hi -

I did everything and still no luck. I also do not have a host file in C:\WINDOWS\system32\drivers. Is there another name?

#17 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 12:53 PM

I also do not have a host file in C:\WINDOWS\system32\drivers. Is there another name?

My fault, I meant C:\WINDOWS\system32\drivers\etc folder (etc is a subfolder of the drivers folder). In there you'll find the file hosts
Rightclick and open with notepad and copy and paste the contents here.
If too large, just attach the hosts file to this thread.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 01:12 PM

My fault, I meant C:\WINDOWS\system32\drivers\etc folder (etc is a subfolder of the drivers folder). In there you'll find the file hosts
Rightclick and open with notepad and copy and paste the contents here.
If too large, just attach the hosts file to this thread.


Here you go...

127.0.0.1 go.mail.ru
127.0.0.1 nova.rambler.ru
127.0.0.1 google.ad
127.0.0.1 www.google.ad
127.0.0.1 google.ae
127.0.0.1 www.google.ae
127.0.0.1 google.am
127.0.0.1 www.google.am
127.0.0.1 google.com.ar
127.0.0.1 www.google.com.ar
127.0.0.1 google.as
127.0.0.1 www.google.as
127.0.0.1 google.at
127.0.0.1 www.google.at
127.0.0.1 google.com.au
127.0.0.1 www.google.com.au
127.0.0.1 google.az
127.0.0.1 www.google.az
127.0.0.1 google.ba
127.0.0.1 www.google.ba
127.0.0.1 google.be
127.0.0.1 www.google.be
127.0.0.1 google.bg
127.0.0.1 www.google.bg
127.0.0.1 google.bs
127.0.0.1 www.google.bs
127.0.0.1 google.com.by
127.0.0.1 www.google.com.by
127.0.0.1 google.ca
127.0.0.1 www.google.ca
127.0.0.1 google.ch
127.0.0.1 www.google.ch
127.0.0.1 google.cn
127.0.0.1 www.google.cn
127.0.0.1 google.cz
127.0.0.1 www.google.cz
127.0.0.1 google.de
127.0.0.1 www.google.de
127.0.0.1 google.dk
127.0.0.1 www.google.dk
127.0.0.1 google.ee
127.0.0.1 www.google.ee
127.0.0.1 google.es
127.0.0.1 www.google.es
127.0.0.1 google.fi
127.0.0.1 www.google.fi
127.0.0.1 google.fr
127.0.0.1 www.google.fr
127.0.0.1 google.gr
127.0.0.1 www.google.gr
127.0.0.1 google.com.hk
127.0.0.1 www.google.com.hk
127.0.0.1 google.hr
127.0.0.1 www.google.hr
127.0.0.1 google.hu
127.0.0.1 www.google.hu
127.0.0.1 google.ie
127.0.0.1 www.google.ie
127.0.0.1 google.co.il
127.0.0.1 www.google.co.il
127.0.0.1 google.co.in
127.0.0.1 www.google.co.in
127.0.0.1 google.is
127.0.0.1 www.google.is
127.0.0.1 google.it
127.0.0.1 www.google.it
127.0.0.1 google.co.jp
127.0.0.1 www.google.co.jp
127.0.0.1 google.kg
127.0.0.1 www.google.kg
127.0.0.1 google.co.kr
127.0.0.1 www.google.co.kr
127.0.0.1 google.li
127.0.0.1 www.google.li
127.0.0.1 google.lt
127.0.0.1 www.google.lt
127.0.0.1 google.lu
127.0.0.1 www.google.lu
127.0.0.1 google.lv
127.0.0.1 www.google.lv
127.0.0.1 google.md
127.0.0.1 www.google.md
127.0.0.1 google.com.mx
127.0.0.1 www.google.com.mx
127.0.0.1 google.nl
127.0.0.1 www.google.nl
127.0.0.1 google.no
127.0.0.1 www.google.no
127.0.0.1 google.co.nz
127.0.0.1 www.google.co.nz
127.0.0.1 google.com.pe
127.0.0.1 www.google.com.pe
127.0.0.1 google.com.ph
127.0.0.1 www.google.com.ph
127.0.0.1 google.pl
127.0.0.1 www.google.pl
127.0.0.1 google.pt
127.0.0.1 www.google.pt
127.0.0.1 google.ro
127.0.0.1 www.google.ro
127.0.0.1 google.ru
127.0.0.1 www.google.ru
127.0.0.1 google.com.ru
127.0.0.1 www.google.com.ru
127.0.0.1 google.com.sa
127.0.0.1 www.google.com.sa
127.0.0.1 google.se
127.0.0.1 www.google.se
127.0.0.1 google.com.sg
127.0.0.1 www.google.com.sg
127.0.0.1 google.si
127.0.0.1 www.google.si
127.0.0.1 google.sk
127.0.0.1 www.google.sk
127.0.0.1 google.co.th
127.0.0.1 www.google.co.th
127.0.0.1 google.com.tj
127.0.0.1 www.google.com.tj
127.0.0.1 google.tm
127.0.0.1 www.google.tm
127.0.0.1 google.com.tr
127.0.0.1 www.google.com.tr
127.0.0.1 google.com.tw
127.0.0.1 www.google.com.tw
127.0.0.1 google.com.ua
127.0.0.1 www.google.com.ua
127.0.0.1 google.co.uk
127.0.0.1 www.google.co.uk
127.0.0.1 google.co.vi
127.0.0.1 www.google.co.vi
127.0.0.1 google.com
127.0.0.1 www.google.com
127.0.0.1 google.us
127.0.0.1 www.google.us
127.0.0.1 google.com.pl
127.0.0.1 www.google.com.pl
127.0.0.1 google.co.hu
127.0.0.1 www.google.co.hu
127.0.0.1 google.ge
127.0.0.1 www.google.ge
127.0.0.1 google.kz
127.0.0.1 www.google.kz
127.0.0.1 google.co.uz
127.0.0.1 www.google.co.uz
127.0.0.1 bing.com
127.0.0.1 www.bing.com
127.0.0.1 search.yahoo.com
127.0.0.1 ca.search.yahoo.com
127.0.0.1 ar.search.yahoo.com
127.0.0.1 cl.search.yahoo.com
127.0.0.1 co.search.yahoo.com
127.0.0.1 mx.search.yahoo.com
127.0.0.1 espanol.search.yahoo.com
127.0.0.1 qc.search.yahoo.com
127.0.0.1 ve.search.yahoo.com
127.0.0.1 pe.search.yahoo.com
127.0.0.1 at.search.yahoo.com
127.0.0.1 ct.search.yahoo.com
127.0.0.1 dk.search.yahoo.com
127.0.0.1 fi.search.yahoo.com
127.0.0.1 fr.search.yahoo.com
127.0.0.1 de.search.yahoo.com
127.0.0.1 it.search.yahoo.com
127.0.0.1 nl.search.yahoo.com
127.0.0.1 no.search.yahoo.com
127.0.0.1 ru.search.yahoo.com
127.0.0.1 es.search.yahoo.com
127.0.0.1 se.search.yahoo.com
127.0.0.1 ch.search.yahoo.com
127.0.0.1 uk.search.yahoo.com
127.0.0.1 asia.search.yahoo.com
127.0.0.1 au.search.yahoo.com
127.0.0.1 one.cn.yahoo.com
127.0.0.1 hk.search.yahoo.com
127.0.0.1 in.search.yahoo.com
127.0.0.1 id.search.yahoo.com
127.0.0.1 search.yahoo.co.jp
127.0.0.1 kr.search.yahoo.com
127.0.0.1 malaysia.search.yahoo.com
127.0.0.1 nz.search.yahoo.com
127.0.0.1 ph.search.yahoo.com
127.0.0.1 sg.search.yahoo.com
127.0.0.1 tw.search.yahoo.com
127.0.0.1 th.search.yahoo.com
127.0.0.1 vn.search.yahoo.com
127.0.0.1 images.google.com
127.0.0.1 images.google.ca
127.0.0.1 images.google.co.uk
127.0.0.1 news.google.com
127.0.0.1 news.google.ca
127.0.0.1 news.google.co.uk
127.0.0.1 video.google.com
127.0.0.1 video.google.ca
127.0.0.1 video.google.co.uk
127.0.0.1 blogsearch.google.com
127.0.0.1 blogsearch.google.ca
127.0.0.1 blogsearch.google.co.uk
127.0.0.1 searchservice.myspace.com
127.0.0.1 ask.com
127.0.0.1 www.ask.com
127.0.0.1 search.aol.com
127.0.0.1 search.netscape.com
127.0.0.1 yandex.ru
127.0.0.1 www.yandex.ru
127.0.0.1 yandex.ua
127.0.0.1 www.yandex.ua
127.0.0.1 search.about.com
127.0.0.1 www.verizon.net
127.0.0.1 verizon.net

#19 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,677 posts
  • Gender:Female
  • Location:Belgium

Posted 29 October 2009 - 01:23 PM

Hi,

Well that explains it...

Please edit out all contents of that hosts file and only have this line in it:

127.0.0.1 localhost

This is the content of the default hosts file.
Save the contents. Then reopen again and make sure only above line is in it.

In case you can't edit it, rightclick hosts file and look if it's set to "read only", if it is right click on it and change the permissions to write.

Or you can replace your hosts file with the MVPs hosts file which will block a lot of unwanted sites via it:

http://www.mvps.org/...p2002/hosts.htm
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 foamer27

foamer27

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 October 2009 - 01:39 PM

Hi,

Well that explains it...

Please edit out all contents of that hosts file and only have this line in it:

127.0.0.1 localhost

This is the content of the default hosts file.
Save the contents. Then reopen again and make sure only above line is in it.

In case you can't edit it, rightclick hosts file and look if it's set to "read only", if it is right click on it and change the permissions to write.

Or you can replace your hosts file with the MVPs hosts file which will block a lot of unwanted sites via it:

http://www.mvps.org/...p2002/hosts.htm



YES! SUCCESS! THANKS SO MUCH FOR YOUR HELP MIEKIEMOES!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users