Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google and yahoo misdirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: google and yahoo misdirects

Unread postby b2thej1 » March 21st, 2009, 1:16 pm

dan here's the root repeal log...

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/03/21 12:00
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF23E1000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BB8000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF2C1000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\EraserUtilDrv10910.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x843b25d0
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm
Advertisement
Register to Remove

Re: google and yahoo misdirects

Unread postby dan12 » March 21st, 2009, 1:37 pm

We will flush this out :)

Go to Start>Run and highlight the contents of the box below then use CTRL+C to copy them and CTRL+V to paste them into the run dialogue box.

Code: Select all
cmd /c copy C:\WINDOWS\system32\drivers\etc\hosts "%userprofile%\desktop\hosts.txt"


Click OK, notepad will then open with your host file. Copy and paste the whole Hosts file in your next reply.

--------------------------

Rooter.exe

Download Rooter.exe to your desktop.
  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.

post me the logs
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby dan12 » March 21st, 2009, 1:58 pm

Once you have posted last post results I want you to use system look again which you have used already.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKLM\software\microsoft\windows nt\currentversion\drivers32


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

post me the text
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby b2thej1 » March 22nd, 2009, 1:21 am

dan:here's the rooter log

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:57137 Mo/Free:217 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 03/22/2009| 0:10

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\rpcnet.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\SpyNoMore\SNM.exe
---------- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\internet explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ABCSTU~1\Local Settings\Temporary Internet Files\Content.IE5\H58NJ3GU\Q109_KMCCrackers_728x90[1].swf


1 - "C:\Rooter$\Rooter_1.txt" - Sun 03/22/2009| 0:10

----------------------\\ Scan completed at 0:10

here's the hosts log

89.149.227.223 google.ae
89.149.227.223 google.as
89.149.227.223 google.at
89.149.227.223 google.az
89.149.227.223 google.ba
89.149.227.223 google.be
89.149.227.223 google.bg
89.149.227.223 google.bs
89.149.227.223 google.ca
89.149.227.223 google.cd
89.149.227.223 google.com.gh
89.149.227.223 google.com.gi
89.149.227.223 google.com.hk
89.149.227.223 google.com.jm
89.149.227.223 google.com.ly
89.149.227.223 google.com.mx
89.149.227.223 google.com.my
89.149.227.223 google.com.na
89.149.227.223 google.com.nf
89.149.227.223 google.com.ng
89.149.227.223 google.ch
89.149.227.223 google.com.np
89.149.227.223 google.com.om
89.149.227.223 google.com.pa
89.149.227.223 google.com.pr
89.149.227.223 google.com.qa
89.149.227.223 google.com.sg
89.149.227.223 google.com.tj
89.149.227.223 google.com.tr
89.149.227.223 google.com.tw
89.149.227.223 google.com.ua
89.149.227.223 google.dj
89.149.227.223 google.com.vc
89.149.227.223 google.it.ao
89.149.227.223 google.de
89.149.227.223 google.dk
89.149.227.223 google.dm
89.149.227.223 google.dz
89.149.227.223 google.ee
89.149.227.223 google.fi
89.149.227.223 google.fm
89.149.227.223 google.fr
89.149.227.223 google.ge
89.149.227.223 google.gg
89.149.227.223 google.gm
89.149.227.223 google.gr
89.149.227.223 google.gy
89.149.227.223 google.ht
89.149.227.223 google.ie
89.149.227.223 google.im
89.149.227.223 google.in
89.149.227.223 google.it
89.149.227.223 google.ki
89.149.227.223 google.kz
89.149.227.223 google.la
89.149.227.223 google.li
89.149.227.223 google.lk
89.149.227.223 google.lv
89.149.227.223 google.ma
89.149.227.223 google.md
89.149.227.223 google.ms
89.149.227.223 google.mu
89.149.227.223 google.mv
89.149.227.223 google.mw
89.149.227.223 google.nl
89.149.227.223 google.no
89.149.227.223 google.nr
89.149.227.223 google.nu
89.149.227.223 google.pl
89.149.227.223 google.pn
89.149.227.223 google.pt
89.149.227.223 google.ro
89.149.227.223 google.ru
89.149.227.223 google.rw
89.149.227.223 google.sc
89.149.227.223 google.se
89.149.227.223 google.sh
89.149.227.223 google.si
89.149.227.223 google.sm
89.149.227.223 google.sn
89.149.227.223 google.st
89.149.227.223 google.tl
89.149.227.223 google.tm
89.149.227.223 google.tt
89.149.227.223 google.us
89.149.227.223 google.vg
89.149.227.223 google.vu
89.149.227.223 google.ws
89.149.227.223 google.co.bw
89.149.227.223 google.co.ck
89.149.227.223 google.co.id
89.149.227.223 google.co.il
89.149.227.223 google.co.in
89.149.227.223 google.co.jp
89.149.227.223 google.co.ke
89.149.227.223 google.co.kr
89.149.227.223 google.co.ls
89.149.227.223 google.co.ma
89.149.227.223 google.co.mz
89.149.227.223 google.co.nz
89.149.227.223 google.co.th
89.149.227.223 google.co.tz
89.149.227.223 google.co.ug
89.149.227.223 google.co.uk
89.149.227.223 google.co.za
89.149.227.223 google.co.zm
89.149.227.223 google.co.zw
89.149.227.223 google.com
89.149.227.223 google.com.af
89.149.227.223 google.com.ag
89.149.227.223 google.com.ai
89.149.227.223 google.com.ar
89.149.227.223 google.com.au
89.149.227.223 google.com.bn
89.149.227.223 google.com.br
89.149.227.223 google.com.by
89.149.227.223 google.com.bz
89.149.227.223 google.com.co
89.149.227.223 google.com.cu
89.149.227.223 google.com.ec
89.149.227.223 google.com.et
89.149.227.223 google.com.fj
89.149.227.223 www.google.ae
89.149.227.223 www.google.as
89.149.227.223 www.google.at
89.149.227.223 www.google.az
89.149.227.223 www.google.ba
89.149.227.223 www.google.be
89.149.227.223 www.google.bg
89.149.227.223 www.google.bs
89.149.227.223 www.google.ca
89.149.227.223 www.google.cd
89.149.227.223 www.google.com.gh
89.149.227.223 www.google.com.gi
89.149.227.223 www.google.com.hk
89.149.227.223 www.google.com.jm
89.149.227.223 www.google.com.ly
89.149.227.223 www.google.com.mx
89.149.227.223 www.google.com.my
89.149.227.223 www.google.com.na
89.149.227.223 www.google.com.nf
89.149.227.223 www.google.com.ng
89.149.227.223 www.google.ch
89.149.227.223 www.google.com.np
89.149.227.223 www.google.com.om
89.149.227.223 www.google.com.pa
89.149.227.223 www.google.com.pr
89.149.227.223 www.google.com.qa
89.149.227.223 www.google.com.sg
89.149.227.223 www.google.com.tj
89.149.227.223 www.google.com.tr
89.149.227.223 www.google.com.tw
89.149.227.223 www.google.com.ua
89.149.227.223 www.google.dj
89.149.227.223 www.google.com.vc
89.149.227.223 www.google.it.ao
89.149.227.223 www.google.de
89.149.227.223 www.google.dk
89.149.227.223 www.google.dm
89.149.227.223 www.google.dz
89.149.227.223 www.google.ee
89.149.227.223 www.google.fi
89.149.227.223 www.google.fm
89.149.227.223 www.google.fr
89.149.227.223 www.google.ge
89.149.227.223 www.google.gg
89.149.227.223 www.google.gm
89.149.227.223 www.google.gr
89.149.227.223 www.google.gy
89.149.227.223 www.google.ht
89.149.227.223 www.google.ie
89.149.227.223 www.google.im
89.149.227.223 www.google.in
89.149.227.223 www.google.it
89.149.227.223 www.google.ki
89.149.227.223 www.google.kz
89.149.227.223 www.google.la
89.149.227.223 www.google.li
89.149.227.223 www.google.lk
89.149.227.223 www.google.lv
89.149.227.223 www.google.ma
89.149.227.223 www.google.md
89.149.227.223 www.google.ms
89.149.227.223 www.google.mu
89.149.227.223 www.google.mv
89.149.227.223 www.google.mw
89.149.227.223 www.google.nl
89.149.227.223 www.google.no
89.149.227.223 www.google.nr
89.149.227.223 www.google.nu
89.149.227.223 www.google.pl
89.149.227.223 www.google.pn
89.149.227.223 www.google.pt
89.149.227.223 www.google.ro
89.149.227.223 www.google.ru
89.149.227.223 www.google.rw
89.149.227.223 www.google.sc
89.149.227.223 www.google.se
89.149.227.223 www.google.sh
89.149.227.223 www.google.si
89.149.227.223 www.google.sm
89.149.227.223 www.google.sn
89.149.227.223 www.google.st
89.149.227.223 www.google.tl
89.149.227.223 www.google.tm
89.149.227.223 www.google.tt
89.149.227.223 www.google.us
89.149.227.223 www.google.vg
89.149.227.223 www.google.vu
89.149.227.223 www.google.ws
89.149.227.223 www.google.co.bw
89.149.227.223 www.google.co.ck
89.149.227.223 www.google.co.id
89.149.227.223 www.google.co.il
89.149.227.223 www.google.co.in
89.149.227.223 www.google.co.jp
89.149.227.223 www.google.co.ke
89.149.227.223 www.google.co.kr
89.149.227.223 www.google.co.ls
89.149.227.223 www.google.co.ma
89.149.227.223 www.google.co.mz
89.149.227.223 www.google.co.nz
89.149.227.223 www.google.co.th
89.149.227.223 www.google.co.tz
89.149.227.223 www.google.co.ug
89.149.227.223 www.google.co.uk
89.149.227.223 www.google.co.za
89.149.227.223 www.google.co.zm
89.149.227.223 www.google.co.zw
89.149.227.223 www.google.com
89.149.227.223 www.google.com.af
89.149.227.223 www.google.com.ag
89.149.227.223 www.google.com.ai
89.149.227.223 www.google.com.ar
89.149.227.223 www.google.com.au
89.149.227.223 www.google.com.bn
89.149.227.223 www.google.com.br
89.149.227.223 www.google.com.by
89.149.227.223 www.google.com.bz
89.149.227.223 www.google.com.co
89.149.227.223 www.google.com.cu
89.149.227.223 www.google.com.ec
89.149.227.223 www.google.com.et
89.149.227.223 www.google.com.fj
89.149.227.223 search.yahoo.com
89.149.227.223 www.search.yahoo.com
89.149.227.223 search.live.com
89.149.227.223 search.msn.com
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

here's the system look log:

SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 00:21 on 22/03/2009 by ABC STUDENT (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wave"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]


-=End Of File=-
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby dan12 » March 22nd, 2009, 4:11 am

Please enter this into command prompt,hit enter and post the notepad txt that appears

Code: Select all
dir /a /s "C:\DOCUME~1\ABCSTU~1\Local Settings\Temporary Internet Files\Content.IE5\H58NJ3GU" >> log.txt
notepad log.txt
del log.txt
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby b2thej1 » March 22nd, 2009, 2:11 pm

sorry dan notnsure how to run a command prompt...don't want to do anything wrong. :(
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby b2thej1 » March 22nd, 2009, 4:06 pm

dan, i think i figured it out...is this the notepad log you need?

Volume in drive C has no label.
Volume Serial Number is BC6A-650B

Directory of C:\DOCUME~1\ABCSTU~1\Local Settings\Temporary Internet Files\Content.IE5\H58NJ3GU

03/22/2009 03:03 PM <DIR> .
03/22/2009 03:03 PM <DIR> ..
03/22/2009 01:35 PM 205,895 00014503-172199[1].swf
03/22/2009 03:01 PM 715 032009fwy_cash_thumb[1].jpg
03/22/2009 01:45 PM 9,483 10087a[1].jpg
03/22/2009 01:45 PM 14,898 12169a[1].jpg
03/22/2009 02:56 PM 3,300 130,http%3A%2F%2Fd.yimg.com%2Fa%2Fp%2Fap%2F20090321%2Fcapt.2cecfa5290614b1cb6979b24beb75f75.bank_rescue_wx101[1].jpg
03/22/2009 01:39 PM 3,645 130,http%3A%2F%2Fd.yimg.com%2Fa%2Fp%2Frids%2F20090322%2Fi%2Fr1882757514[1].jpg
03/22/2009 01:44 PM 8,571 154088p1[1].jpg
03/22/2009 01:44 PM 3,410 161346p1[1].jpg
03/22/2009 02:56 PM 13,178 200801024_hpmods_club-O_Fre[1].jpg
03/22/2009 02:56 PM 19,394 20081217_smsicon[1].jpg
03/22/2009 02:56 PM 2,059 20090313_hpicons_08[1].gif
03/22/2009 02:56 PM 4,166 20090313_hpicons_sash_v2_22[1].gif
03/22/2009 02:56 PM 2,795 20090313_hpicons_sash_v3_32[1].gif
03/22/2009 01:45 PM 6,671 26919a[1].jpg
03/22/2009 01:46 PM 6,378 29911a[1].jpg
03/22/2009 03:02 PM 28,786 300x250_sedan[1].swf
03/22/2009 01:45 PM 8,108 30468a[1].jpg
03/22/2009 01:45 PM 9,910 30855a[1].jpg
03/22/2009 01:39 PM 2,988 4005092_smartad[1].gif
03/22/2009 03:02 PM 11,789 4646176_rnd085d6b94_18[1].jpg
03/22/2009 01:39 PM 4,289 5541270_pod[1].gif
03/22/2009 01:39 PM 3,476 5810253_pod[1].gif
03/22/2009 01:39 PM 13,481 5832713_homepage[1].jpg
03/22/2009 01:39 PM 3,808 5861303_pod[1].gif
03/22/2009 03:01 PM 1,880 82215183[1].jpg
03/22/2009 03:02 PM 19,694 82305347[1].jpg
03/22/2009 01:39 PM 22,702 8338ba20dbb93cf4b1929b422ee2bfa5[1].jpg
03/22/2009 03:02 PM 325 =5;m=2;l=331;cxt=;kw=;ts=556294;smuid=QyYv2VQewc610JkHTH3E1-uu8Oooemtt2SABVUxM;p=ui%3DQyYv2VQewc610JkHTH3E1-uu8Oooemtt2SABVUxM%3Btr%3DDXXAaJqR0NX%3Btm%3D0-0[1]
03/22/2009 01:42 PM 73,665 a11_c.r37663[1].js
03/22/2009 03:01 PM 10,034 abc_gma_sawyer_090318_yb[1].jpg
03/22/2009 02:55 PM 43 activity;src=1631967;dcnet=4856;boom=7702;sz=1x1;ord=1234567[2].gif
03/22/2009 02:55 PM 43 activity;src=1631967;type=askco040;cat=ask_q970;ord=1234567[1].gif
03/22/2009 02:56 PM 43 activity;src=1787227;type=homep458;cat=overs427;ord=1;num=4798266725905[1].gif
03/22/2009 01:58 PM 944 ads[1]
03/22/2009 03:01 PM 3,664 ads[1].htm
03/22/2009 01:34 PM 194 ad_label_300x10[1].gif
03/22/2009 01:42 PM 501 aj-cat[1].png
03/22/2009 01:43 PM 501 aj-cat[2].png
03/22/2009 01:44 PM 501 aj-cat[3].png
03/22/2009 02:55 PM 501 aj-cat[4].png
03/22/2009 01:42 PM 9,809 alice[1].js
03/22/2009 01:36 PM 0 al[1].htm
03/22/2009 01:43 PM 2,224 answerbar_sprite_01c[1].png
03/22/2009 01:39 PM 324 appliances_static[1].gif
03/22/2009 01:39 PM 79 aro_eb[1].gif
03/22/2009 01:34 PM 67 arrow[1].gif
03/22/2009 01:39 PM 826 arrow_left[1].gif
03/22/2009 01:39 PM 223 arrrow[1].gif
03/22/2009 01:44 PM 633 askane_ResultsCT7DayVT1Day_4[1].htm
03/22/2009 01:44 PM 633 askane_ResultsCT7DayVT1Day_4[2].htm
03/22/2009 02:49 PM 633 askane_ResultsCT7DayVT1Day_4[3].htm
03/22/2009 01:44 PM 1 askane_ResultsCT90DayVT90Day_1[1].htm
03/22/2009 01:44 PM 1 askane_ResultsCT90DayVT90Day_1[2].htm
03/22/2009 02:49 PM 1 askane_ResultsCT90DayVT90Day_1[3].htm
03/22/2009 01:42 PM 483 askeraser_ie.r30356[1].css
03/22/2009 01:39 PM 1,016 att_16x16_1[1].gif
03/22/2009 01:39 PM 354 b2b_static[1].gif
03/22/2009 01:36 PM 1,637 banner_bg[1].gif
03/22/2009 01:36 PM 1,914 Before-and-after-findword_120x26[1].png
03/22/2009 01:36 PM 7,946 begin_200903191820[1].js
03/22/2009 01:34 PM 61 beta_icon[1].gif
03/22/2009 01:43 PM 715 bgBlueFade[1].jpg
03/22/2009 01:43 PM 247 bgContentHeading[1].png
03/22/2009 01:43 PM 9,181 bgTopNav[1].gif
03/22/2009 02:49 PM 5,511 binocl_get[1].jpg
03/22/2009 01:39 PM 3,333 blue_tile_bg[1].jpg
03/22/2009 03:00 PM 861 botharrow[1].gif
03/22/2009 01:45 PM 175 browse_blank[1].gif
03/22/2009 01:34 PM 458 btn_find[1].gif
03/22/2009 01:34 PM 1,092 btn_orderstatus[1].gif
03/22/2009 03:02 PM 122 bt_s_dd_2[1].gif
03/22/2009 01:44 PM 1,328 button_searchLg[1].gif
03/22/2009 03:03 PM 1,234 button_topic_reply[1].gif
03/22/2009 03:01 PM 43 b[10].gif
03/22/2009 01:35 PM 43 b[1].gif
03/22/2009 01:36 PM 43 b[2].gif
03/22/2009 01:40 PM 43 b[3].gif
03/22/2009 01:58 PM 43 b[4].gif
03/22/2009 01:59 PM 43 b[5].gif
03/22/2009 02:37 PM 43 b[6].gif
03/22/2009 02:37 PM 43 b[7].gif
03/22/2009 02:56 PM 43 b[8].gif
03/22/2009 03:01 PM 43 b[9].gif
03/22/2009 01:39 PM 380 cameras_over[1].gif
03/22/2009 03:02 PM 257 cellpic3[1].gif
03/22/2009 01:36 PM 6 chunks[1].jsp
03/22/2009 01:36 PM 6 chunks[2].jsp
03/22/2009 01:43 PM 979 closelabel[1].gif
03/22/2009 01:34 PM 14,349 connection-min[1].js
03/22/2009 01:34 PM 204 corners_CCC_E9E9E9[1].gif
03/22/2009 01:44 PM 131 corner_sprite_def[1].gif
03/22/2009 03:01 PM 145 cosmosCacheAPI[1].xml
03/22/2009 03:01 PM 410 cosmosCacheAPI[2].xml
03/22/2009 01:36 PM 207 crossdomain[1].xml
03/22/2009 01:55 PM 145 crossdomain[2].xml
03/22/2009 03:02 PM 408 crossdomain[3].xml
03/22/2009 02:58 PM 9,570 CXmRZMU2otE[1].js
03/22/2009 01:36 PM 249 c_br[1].gif
03/22/2009 01:36 PM 861 data[1].xml
03/22/2009 01:35 PM 39,212 data_movie_728x90_40_0_v06d[1].swf
03/22/2009 01:44 PM 2,212 datepicker[1].css
03/22/2009 01:44 PM 26,497 datepicker[1].js
03/22/2009 01:34 PM 1,090 DDM_s2sx[1].gif
03/22/2009 01:34 PM 67 desktop.ini
03/22/2009 01:41 PM 50 DocumentDotWrite[1].js
03/22/2009 01:34 PM 1,453 dont_miss_rb_314x18[1].gif
03/22/2009 01:36 PM 813 download-frontdoor[1].css
03/22/2009 01:44 PM 689 droparrow_on[1].gif
03/22/2009 01:35 PM 12,559 dw[1].js
03/22/2009 01:36 PM 41,987 expansion_embed[1].js
03/22/2009 03:02 PM 1,150 favicon[1].ico
03/22/2009 01:36 PM 875 fl_antiavir9-720-50005527-20090318_145452-53x40[1].jpg
03/22/2009 01:36 PM 971 fl_pageonce-720-50005459-20090311_135017-53x40[1].jpg
03/22/2009 01:44 PM 586 from_ticketmaster[1].gif
03/22/2009 01:39 PM 4,958 fryscombolist[1].js
03/22/2009 01:36 PM 282 f_pinned[1].gif
03/22/2009 01:36 PM 982 f_poll_no[1].gif
03/22/2009 01:39 PM 683 games_over[1].gif
03/22/2009 01:44 PM 802 genremenu[1]
03/22/2009 03:01 PM 10,464 getPlaylistFOP[1].xml
03/22/2009 03:00 PM 4,124 Global-bn20090225[1].css
03/22/2009 01:44 PM 29,520 global[1].js
03/22/2009 01:36 PM 1,214 Go[1].gif
03/22/2009 01:39 PM 469 go[2].gif
03/22/2009 01:44 PM 7,112 gray75_polling[1].gif
03/22/2009 01:36 PM 4,038 gw[1].js
03/22/2009 03:02 PM 1,336 hands1[1].jpg
03/22/2009 01:34 PM 1,701 HP_Spotlight_TV[1].jpg
03/22/2009 01:34 PM 34,838 HP_Wk_7_POV_1_v2[1].jpg
03/22/2009 01:36 PM 672 icon5[1].gif
03/22/2009 03:03 PM 659 icon_contact_email[1].gif
03/22/2009 01:35 PM 313 icon_download[1].gif
03/22/2009 03:02 PM 219 icon_mini_faq[1].gif
03/22/2009 03:03 PM 238 icon_mini_profile[1].gif
03/22/2009 03:02 PM 238 icon_mini_search[1].gif
03/22/2009 03:03 PM 666 icon_post_quote[1].gif
03/22/2009 03:03 PM 171 icon_sad[1].gif
03/22/2009 03:03 PM 520 icon_user_online[1].gif
03/22/2009 01:36 PM 59 iframe[1].htm
03/22/2009 01:37 PM 12,400 img_4a28158a[1].jpg
03/22/2009 01:40 PM 974 imp[1]
03/22/2009 02:47 PM 965 imp[2]
03/22/2009 01:39 PM 527 info[1].gif
03/22/2009 01:36 PM 39,668 Intro[1].swf
03/22/2009 01:36 PM 5,715 ipb_global_xmlenhanced[1].js
03/22/2009 01:36 PM 6,250 ips_menu[1].js
03/22/2009 01:37 PM 6,586 key[1].png
03/22/2009 01:44 PM 9,589 LD_300x100_v1[1].jpg
03/22/2009 01:45 PM 20,227 LD_Lykke_160x600[1].jpg
03/22/2009 03:00 PM 4,982 LibC[1].gif
03/22/2009 01:44 PM 169 lid_sm_right[1].png
03/22/2009 01:43 PM 2,066 lightbox[1].css
03/22/2009 01:44 PM 2,963 lightbox[2].css
03/22/2009 01:36 PM 2,800 loading_anim[1].gif
03/22/2009 01:39 PM 789 mactab_static[1].gif
03/22/2009 01:42 PM 24,108 main3[1].gif
03/22/2009 02:56 PM 6,151 main[1].css
03/22/2009 02:04 PM 1,160 marchmad[1].js
03/22/2009 02:14 PM 1,162 marchmad[2].js
03/22/2009 02:34 PM 1,147 marchmad[3].js
03/22/2009 01:39 PM 344 mp3_static[1].gif
03/22/2009 01:39 PM 673 music_static[1].gif
03/22/2009 01:44 PM 135 navlid_div[1].gif
03/22/2009 01:45 PM 4,048 nav_over[1].gif
03/22/2009 01:36 PM 69 neoPipe[1].gif
03/22/2009 01:35 PM 2,091 neoSearchBoxSprite[1].gif
03/22/2009 01:39 PM 749 networkingtab_over[1].gif
03/22/2009 02:56 PM 127 NH_101808_Default_bag[1].gif
03/22/2009 02:56 PM 317 NH_101808_Default_bubble[1].gif
03/22/2009 02:56 PM 2,362 NH_101808_Default_logo[1].gif
03/22/2009 01:39 PM 816 notebookstablets_over[1].gif
03/22/2009 01:34 PM 6,748 onload_1.4.2[1].css
03/22/2009 01:44 PM 2,330 onsalesoon_off[1].gif
03/22/2009 02:56 PM 1,794 OtextFootIcon09[1].gif
03/22/2009 02:56 PM 2,906 otextForms[1].css
03/22/2009 01:34 PM 43 pa-preview-shadow[1].gif
03/22/2009 01:44 PM 329 Params.richmedia=yes&Params[1].htm
03/22/2009 01:44 PM 597 Params.richmedia=yes&Params[2].htm
03/22/2009 01:37 PM 482 pa_module[1].php
03/22/2009 01:55 PM 1,525 pa_module[2].php
03/22/2009 01:55 PM 2,380 pa_module[3].php
03/22/2009 01:39 PM 405 phonescommunications_static[1].gif
03/22/2009 01:37 PM 6,633 police-main[1].jpg
03/22/2009 01:35 PM 2,151 print[1].css
03/22/2009 01:44 PM 2,073 promo_national_us[1].xml
03/22/2009 01:43 PM 47,603 prototype[1].js
03/22/2009 01:35 PM 19,594 puffs_300x250_031009[1].jpg
03/22/2009 01:42 PM 128 p[1].png
03/22/2009 01:44 PM 128 p[2].png
03/22/2009 01:44 PM 128 p[3].png
03/22/2009 02:47 PM 128 p[4].png
03/22/2009 02:51 PM 128 p[5].png
03/22/2009 01:36 PM 2,950 quant[1].js
03/22/2009 01:36 PM 7,198 rbLogo[1].png
03/22/2009 02:56 PM 5,503 Re-Do-Simplexity-btm-rgh-09[1].gif
03/22/2009 01:36 PM 94 render_ads[1].js
03/22/2009 01:43 PM 1,065 reset[1].css
03/22/2009 02:56 PM 360 RSSIconSML[1].gif
03/22/2009 01:39 PM 742 sciencetoys_over[1].gif
03/22/2009 01:45 PM 283 search_bg[1].gif
03/22/2009 03:02 PM 94,807 showMessage[1].htm
03/22/2009 01:39 PM 551 shp_free[1].gif
03/22/2009 01:42 PM 585 signin_ie.r31388[1].css
03/22/2009 01:37 PM 1,402 signupbt[1].gif
03/22/2009 03:00 PM 7,543 Silverlight-bn20090225[1].js
03/22/2009 01:36 PM 424 site4catNav[1].png
03/22/2009 01:45 PM 20 site=tm&pagepos=559&adsize=1x1&page=browse&majorcatid=10001&minorcatid=60&dmaid=99999&bgcolor=ffffff&rdc_select=n31&lang=en-us[1].htm
03/22/2009 03:00 PM 9,471 SiteRecruit_PageConfiguration_TN-p15808382-p26386365_74-TIER1[1].js
03/22/2009 01:39 PM 43 spacer[1].gif
03/22/2009 01:34 PM 49 spacer_clear[1].gif
03/22/2009 01:36 PM 25,328 SpeedTest_DD_03182009_120x179[1].png
03/22/2009 01:36 PM 219 spon-warrow[1].gif
03/22/2009 01:34 PM 22,592 subs_ff[1].swf
03/22/2009 02:56 PM 964 swa.25x25.plane[1].jpg
03/22/2009 01:44 PM 12,322 swfobject[1].js
03/22/2009 02:56 PM 32,741 s_code[1].js
03/22/2009 02:56 PM 5,138 T11910191[1].jpg
03/22/2009 03:00 PM 2,150 technet.logo[1].jpg
03/22/2009 01:41 PM 2,902 ticker-ani[1].gif
03/22/2009 01:44 PM 190 tl-corner[1].png
03/22/2009 01:44 PM 4,018 tmLogo[1].png
03/22/2009 01:45 PM 127 TM_arrow_bullet[1].gif
03/22/2009 01:43 PM 6,844 tour[1].htm
03/22/2009 01:37 PM 43 trace[1].gif
03/22/2009 01:42 PM 3,351 ts[1].jpg
03/22/2009 02:47 PM 1,154 ts[2].jpg
03/22/2009 03:01 PM 10,914 tv4imagesubhead_3609[1].jpg
03/22/2009 03:02 PM 11,948 upload_300_100_feature[1].gif
03/22/2009 01:39 PM 9,581 upo9409_180_v1[1].gif
03/22/2009 01:36 PM 540 userlinks_con[1].gif
03/22/2009 03:01 PM 108,365 video.yahoo[1].htm
03/22/2009 03:02 PM 1 view[1].htm
03/22/2009 03:02 PM 1 view[2].htm
03/22/2009 03:02 PM 851 website[1].png
03/22/2009 01:43 PM 164,046 web[1].htm
03/22/2009 02:55 PM 160,925 web[2].htm
03/22/2009 01:39 PM 64,033 welcome[1].htm
03/22/2009 01:44 PM 199 wrap_bot[1].png
03/22/2009 01:55 PM 18,255 WWA_Dec08_MNTM_cookies_180x150[1].swf
03/22/2009 01:43 PM 31,913 wz_tooltip[1].js
03/22/2009 01:36 PM 92 w_r[1].gif
03/22/2009 01:36 PM 92 w_t[1].gif
03/22/2009 01:34 PM 31,100 yahoo-dom-event[1].js
03/22/2009 01:55 PM 144,404 yahoo[1].htm
03/22/2009 01:37 PM 4,774 ylib_dom[1].js
03/22/2009 01:37 PM 7,214 yregbase_sec_200808110948_01[1].css
03/22/2009 03:02 PM 241,276 ysc_csc_ymailm_3.1.5[1].js
03/22/2009 03:01 PM 79,089 yv_global[1].css
03/22/2009 03:02 PM 68,812 yv_global[1].js
03/22/2009 03:01 PM 150 yv_write[1].js
03/22/2009 01:34 PM 4,481 _;ord=1237746791312114[1].htm
251 File(s) 2,521,367 bytes

Total Files Listed:
251 File(s) 2,521,367 bytes
2 Dir(s) 51,846,729,728 bytes free
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby dan12 » March 22nd, 2009, 7:38 pm

Please read

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.

Please remove
C:\DOCUME~1\ABCSTU~1\Local Settings\Temporary Internet Files\Content.IE5\H58NJ3GU\Q109_KMCCrackers_728x90[1].swf << this file

What you know about this folder H58NJ3GU

----------------

Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.
Visit the Website for more information.


Then I want to check the host file again as you did before,

Go to Start>Run and highlight the contents of the box below then use CTRL+C to copy them and CTRL+V to paste them into the run dialogue box.

Code: Select all
cmd /c copy C:\WINDOWS\system32\drivers\etc\hosts "%userprofile%\desktop\hosts.txt"


Click OK, notepad will then open with your host file. Copy and paste the whole Hosts file in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby b2thej1 » March 22nd, 2009, 9:06 pm

i don't know anything about folder h58nj3gu i have no clue how it got on this computer which is a hand me down.
i tried to restore ms hosts file and kept getting an error message. i tried to remove h58nj3gu by deleting my temp internet files. so did you still want to check the host file even though i couldn't restore.
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby b2thej1 » March 22nd, 2009, 10:51 pm

here's the hosts file... also did a new rooter don't see that file anymore the rooter log will follow this one

89.149.227.223 google.ae
89.149.227.223 google.as
89.149.227.223 google.at
89.149.227.223 google.az
89.149.227.223 google.ba
89.149.227.223 google.be
89.149.227.223 google.bg
89.149.227.223 google.bs
89.149.227.223 google.ca
89.149.227.223 google.cd
89.149.227.223 google.com.gh
89.149.227.223 google.com.gi

89.149.227.223 google.com.hk
89.149.227.223 google.com.jm
89.149.227.223 google.com.ly
89.149.227.223 google.com.mx
89.149.227.223 google.com.my
89.149.227.223 google.com.na
89.149.227.223 google.com.nf
89.149.227.223 google.com.ng
89.149.227.223 google.ch
89.149.227.223 google.com.np
89.149.227.223 google.com.om
89.149.227.223 google.com.pa
89.149.227.223 google.com.pr
89.149.227.223 google.com.qa
89.149.227.223 google.com.sg
89.149.227.223 google.com.tj
89.149.227.223 google.com.tr
89.149.227.223 google.com.tw
89.149.227.223 google.com.ua
89.149.227.223 google.dj
89.149.227.223 google.com.vc
89.149.227.223 google.it.ao
89.149.227.223 google.de
89.149.227.223 google.dk
89.149.227.223 google.dm
89.149.227.223 google.dz
89.149.227.223 google.ee
89.149.227.223 google.fi
89.149.227.223 google.fm
89.149.227.223 google.fr
89.149.227.223 google.ge
89.149.227.223 google.gg
89.149.227.223 google.gm
89.149.227.223 google.gr
89.149.227.223 google.gy
89.149.227.223 google.ht
89.149.227.223 google.ie
89.149.227.223 google.im
89.149.227.223 google.in
89.149.227.223 google.it
89.149.227.223 google.ki
89.149.227.223 google.kz
89.149.227.223 google.la
89.149.227.223 google.li
89.149.227.223 google.lk
89.149.227.223 google.lv
89.149.227.223 google.ma
89.149.227.223 google.md
89.149.227.223 google.ms
89.149.227.223 google.mu
89.149.227.223 google.mv
89.149.227.223 google.mw
89.149.227.223 google.nl
89.149.227.223 google.no
89.149.227.223 google.nr
89.149.227.223 google.nu
89.149.227.223 google.pl
89.149.227.223 google.pn
89.149.227.223 google.pt
89.149.227.223 google.ro
89.149.227.223 google.ru
89.149.227.223 google.rw
89.149.227.223 google.sc
89.149.227.223 google.se
89.149.227.223 google.sh
89.149.227.223 google.si
89.149.227.223 google.sm
89.149.227.223 google.sn
89.149.227.223 google.st
89.149.227.223 google.tl
89.149.227.223 google.tm
89.149.227.223 google.tt
89.149.227.223 google.us
89.149.227.223 google.vg
89.149.227.223 google.vu
89.149.227.223 google.ws
89.149.227.223 google.co.bw
89.149.227.223 google.co.ck
89.149.227.223 google.co.id
89.149.227.223 google.co.il
89.149.227.223 google.co.in
89.149.227.223 google.co.jp
89.149.227.223 google.co.ke
89.149.227.223 google.co.kr
89.149.227.223 google.co.ls
89.149.227.223 google.co.ma
89.149.227.223 google.co.mz
89.149.227.223 google.co.nz
89.149.227.223 google.co.th
89.149.227.223 google.co.tz
89.149.227.223 google.co.ug
89.149.227.223 google.co.uk
89.149.227.223 google.co.za
89.149.227.223 google.co.zm
89.149.227.223 google.co.zw
89.149.227.223 google.com
89.149.227.223 google.com.af
89.149.227.223 google.com.ag
89.149.227.223 google.com.ai
89.149.227.223 google.com.ar
89.149.227.223 google.com.au
89.149.227.223 google.com.bn
89.149.227.223 google.com.br
89.149.227.223 google.com.by
89.149.227.223 google.com.bz
89.149.227.223 google.com.co
89.149.227.223 google.com.cu
89.149.227.223 google.com.ec
89.149.227.223 google.com.et
89.149.227.223 google.com.fj
89.149.227.223 www.google.ae
89.149.227.223 www.google.as
89.149.227.223 www.google.at
89.149.227.223 www.google.az
89.149.227.223 www.google.ba
89.149.227.223 www.google.be
89.149.227.223 www.google.bg
89.149.227.223 www.google.bs
89.149.227.223 www.google.ca
89.149.227.223 www.google.cd
89.149.227.223 www.google.com.gh
89.149.227.223 www.google.com.gi
89.149.227.223 www.google.com.hk
89.149.227.223 www.google.com.jm
89.149.227.223 www.google.com.ly
89.149.227.223 www.google.com.mx
89.149.227.223 www.google.com.my
89.149.227.223 www.google.com.na
89.149.227.223 www.google.com.nf
89.149.227.223 www.google.com.ng
89.149.227.223 www.google.ch
89.149.227.223 www.google.com.np
89.149.227.223 www.google.com.om
89.149.227.223 www.google.com.pa
89.149.227.223 www.google.com.pr
89.149.227.223 www.google.com.qa
89.149.227.223 www.google.com.sg
89.149.227.223 www.google.com.tj
89.149.227.223 www.google.com.tr
89.149.227.223 www.google.com.tw
89.149.227.223 www.google.com.ua
89.149.227.223 www.google.dj
89.149.227.223 www.google.com.vc
89.149.227.223 www.google.it.ao
89.149.227.223 www.google.de
89.149.227.223 www.google.dk
89.149.227.223 www.google.dm
89.149.227.223 www.google.dz
89.149.227.223 www.google.ee
89.149.227.223 www.google.fi
89.149.227.223 www.google.fm
89.149.227.223 www.google.fr
89.149.227.223 www.google.ge
89.149.227.223 www.google.gg
89.149.227.223 www.google.gm
89.149.227.223 www.google.gr
89.149.227.223 www.google.gy
89.149.227.223 www.google.ht
89.149.227.223 www.google.ie
89.149.227.223 www.google.im
89.149.227.223 www.google.in
89.149.227.223 www.google.it
89.149.227.223 www.google.ki
89.149.227.223 www.google.kz
89.149.227.223 www.google.la
89.149.227.223 www.google.li
89.149.227.223 www.google.lk
89.149.227.223 www.google.lv
89.149.227.223 www.google.ma
89.149.227.223 www.google.md
89.149.227.223 www.google.ms
89.149.227.223 www.google.mu
89.149.227.223 www.google.mv
89.149.227.223 www.google.mw
89.149.227.223 www.google.nl
89.149.227.223 www.google.no
89.149.227.223 www.google.nr
89.149.227.223 www.google.nu
89.149.227.223 www.google.pl
89.149.227.223 www.google.pn
89.149.227.223 www.google.pt
89.149.227.223 www.google.ro
89.149.227.223 www.google.ru
89.149.227.223 www.google.rw
89.149.227.223 www.google.sc
89.149.227.223 www.google.se
89.149.227.223 www.google.sh
89.149.227.223 www.google.si
89.149.227.223 www.google.sm
89.149.227.223 www.google.sn
89.149.227.223 www.google.st
89.149.227.223 www.google.tl
89.149.227.223 www.google.tm
89.149.227.223 www.google.tt
89.149.227.223 www.google.us
89.149.227.223 www.google.vg
89.149.227.223 www.google.vu
89.149.227.223 www.google.ws
89.149.227.223 www.google.co.bw
89.149.227.223 www.google.co.ck
89.149.227.223 www.google.co.id
89.149.227.223 www.google.co.il
89.149.227.223 www.google.co.in
89.149.227.223 www.google.co.jp
89.149.227.223 www.google.co.ke
89.149.227.223 www.google.co.kr
89.149.227.223 www.google.co.ls
89.149.227.223 www.google.co.ma
89.149.227.223 www.google.co.mz
89.149.227.223 www.google.co.nz
89.149.227.223 www.google.co.th
89.149.227.223 www.google.co.tz
89.149.227.223 www.google.co.ug
89.149.227.223 www.google.co.uk
89.149.227.223 www.google.co.za
89.149.227.223 www.google.co.zm
89.149.227.223 www.google.co.zw
89.149.227.223 www.google.com
89.149.227.223 www.google.com.af
89.149.227.223 www.google.com.ag
89.149.227.223 www.google.com.ai
89.149.227.223 www.google.com.ar
89.149.227.223 www.google.com.au
89.149.227.223 www.google.com.bn
89.149.227.223 www.google.com.br
89.149.227.223 www.google.com.by
89.149.227.223 www.google.com.bz
89.149.227.223 www.google.com.co
89.149.227.223 www.google.com.cu
89.149.227.223 www.google.com.ec
89.149.227.223 www.google.com.et
89.149.227.223 www.google.com.fj
89.149.227.223 search.yahoo.com
89.149.227.223 www.search.yahoo.com
89.149.227.223 search.live.com
89.149.227.223 search.msn.com
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:57137 Mo/Free:300 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 03/22/2009|21:38

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\rpcnet.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\SpyNoMore\SNM.exe
---------- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 03/22/2009| 0:10
2 - "C:\Rooter$\Rooter_2.txt" - Sun 03/22/2009|21:38

----------------------\\ Scan completed at 21:38
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby dan12 » March 23rd, 2009, 3:44 am

Do you know what the error message you received, when trying to restore the host file?

Try this:
  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writable ?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • When prompted to confirm, click OK.
  • Click on Make Read Only ? to secure it against further infection.
  • Exit the programme.

Then you can post the host file again please.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby b2thej1 » March 23rd, 2009, 9:16 am

it did say make writeable i clicked that but still got the error message...
error:cannot create file c:system 32...
so unable to restore or get new hosts file
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm

Re: google and yahoo misdirects

Unread postby dan12 » March 23rd, 2009, 1:12 pm

Bare with me and will give it some thought just in from work.
I believe this is what's causing your redirects.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby dan12 » March 23rd, 2009, 1:49 pm

Create A Batch File:

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it delhost.bat Please save it on your desktop.

Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib|find/i "hosts">>\Log.txt 2>>&1
cacls hosts>>\Log.txt 2>>&1
popd
move \Log.txt .\
del %0


Double click on delhost.bat

Notepad will open, please copy/paste the results here
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: google and yahoo misdirects

Unread postby b2thej1 » March 23rd, 2009, 8:33 pm

here's the delhost log

R C:\WINDOWS\system32\drivers\etc\hosts
A C:\WINDOWS\system32\drivers\etc\hosts.o1d
A C:\WINDOWS\system32\drivers\etc\hostsTemp
A C:\WINDOWS\system32\drivers\etc\lmhosts.sam
C:\WINDOWS\system32\drivers\etc\hosts NT AUTHORITY\Authenticated Users:(special access:)

READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_READ_DATA
FILE_READ_EA
FILE_READ_ATTRIBUTES
b2thej1
Regular Member
 
Posts: 71
Joined: March 8th, 2009, 11:19 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware