How do I get rid of this virus?

March 8, 2011 at 13:54:33
Specs: Windows XP
YOU HAVE A VIRUS ON YOUR SYSTEM THAT IS TAKING OVER YOUR %WINDIR%\system32\drivers\etc\hosts FILE

This is the message I get when I try to use a search field from a browser or web page.

Anyone know how to get rid of this virus.?

I've run Avast, Superantispyware, RUbotted, Malewarebytes Anti_Maleware, and Regserve. None of which have spotted it. They all say my system is clean.


See More: How do I get rid of this virus?

Report •


#1
March 8, 2011 at 14:03:22
Have a look at your host file manually and check for unknown local hosts that you don't know.

Report •

#2
March 8, 2011 at 14:38:13
I hate to say it but I have no idea where my host file is or what should or should not be in it.

Report •

#3
March 8, 2011 at 14:44:41
Here is my Hijackthis log file. Hope this helps.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:40:15 PM, on 3/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\iGive_Toolbar\igvtt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RegServe\RSListener.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iGive_Toolbar\igvtp.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25548
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 87.106.79.180 www.gtl-server.net
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.148 www.google.com
O1 - Hosts: 204.152.194.148 google.com
O1 - Hosts: 204.152.194.148 google.com.au
O1 - Hosts: 204.152.194.148 www.google.com.au
O1 - Hosts: 204.152.194.148 google.be
O1 - Hosts: 204.152.194.148 www.google.be
O1 - Hosts: 204.152.194.148 google.com.br
O1 - Hosts: 204.152.194.148 www.google.com.br
O1 - Hosts: 204.152.194.148 google.ca
O1 - Hosts: 204.152.194.148 www.google.ca
O1 - Hosts: 204.152.194.148 google.ch
O1 - Hosts: 204.152.194.148 www.google.ch
O1 - Hosts: 204.152.194.148 google.de
O1 - Hosts: 204.152.194.148 www.google.de
O1 - Hosts: 204.152.194.148 google.dk
O1 - Hosts: 204.152.194.148 www.google.dk
O1 - Hosts: 204.152.194.148 google.fr
O1 - Hosts: 204.152.194.148 www.google.fr
O1 - Hosts: 204.152.194.148 google.ie
O1 - Hosts: 204.152.194.148 www.google.ie
O1 - Hosts: 204.152.194.148 google.it
O1 - Hosts: 204.152.194.148 www.google.it
O1 - Hosts: 204.152.194.148 google.co.jp
O1 - Hosts: 204.152.194.148 www.google.co.jp
O1 - Hosts: 204.152.194.148 google.nl
O1 - Hosts: 204.152.194.148 www.google.nl
O1 - Hosts: 204.152.194.148 google.no
O1 - Hosts: 204.152.194.148 www.google.no
O1 - Hosts: 204.152.194.148 google.co.nz
O1 - Hosts: 204.152.194.148 www.google.co.nz
O1 - Hosts: 204.152.194.148 google.pl
O1 - Hosts: 204.152.194.148 www.google.pl
O1 - Hosts: 204.152.194.148 google.se
O1 - Hosts: 204.152.194.148 www.google.se
O1 - Hosts: 204.152.194.148 google.co.uk
O1 - Hosts: 204.152.194.148 www.google.co.uk
O1 - Hosts: 204.152.194.148 google.co.za
O1 - Hosts: 204.152.194.148 www.google.co.za
O1 - Hosts: 204.152.194.148 www.google-analytics.com
O1 - Hosts: 204.152.194.148 www.bing.com
O1 - Hosts: 204.152.194.148 search.yahoo.com
O1 - Hosts: 204.152.194.148 www.search.yahoo.com
O1 - Hosts: 204.152.194.148 uk.search.yahoo.com
O1 - Hosts: 204.152.194.148 ca.search.yahoo.com
O1 - Hosts: 204.152.194.148 de.search.yahoo.com
O1 - Hosts: 204.152.194.148 fr.search.yahoo.com
O1 - Hosts: 204.152.194.148 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: iGive Toolbar - {FA73AE1B-4BA9-4E8B-832B-54A287FF1B7F} - C:\Program Files\iGive_Toolbar\igvtb.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [igvtm] "C:\Program Files\iGive_Toolbar\igvtt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RSListener] C:\Program Files\RegServe\RSListener.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hfawowuwuqecuz] rundll32.exe "C:\WINDOWS\ntfuwi.dll",Startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: iGive Toolbar - file://C:\Documents and Settings\Brown Family\Application Data\iGive_Toolbar\igvtt\igvtC5.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activ...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

--
End of file - 13822 bytes


Report •

Related Solutions

#4
March 8, 2011 at 14:48:35
'I hate to say it but I have no idea where my host file is or what should or should not be in it.'

you can learn how to use google search, it will help you:
http://www.computing.net/howtos/sho...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
March 8, 2011 at 15:30:41
This virus keeps me from using the search fields. Did you not read the first post?

Report •

#6
March 8, 2011 at 15:36:52
http://www.computing.net/howtos/sho...
Just looking at your HJT log you have a few things to remove.
Send your HJT log to the log checker.
http://hijackthis.de/index.php?lang...
Enter the HJT log into the box provided and click analyze, it will tell you whats safe or not.

To check your Host File:
Start- My Computer- (click Tools at the top of this window, click Folder Options, click View, in Advanced Settings window look for unhide hidden folders and check it)-now go to C:Drive- Windows folder- System32 folder- Drivers folder- Etc folder- Host folder right click it and open with notebook.
Scroll down to you see Local host:
It should have one unless you have added some?
127.0.0.1 localhost
Delete all the others keeping the one above.

http://www.youtube.com/watch?v=uwL2...


Report •

#7
March 8, 2011 at 15:51:21
I don't like any of the following, so have a good look at these on the HJT checker site.

Also did you install the iGive Toolbar?
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25548
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 87.106.79.180 www.gtl-server.net
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 204.152.194.148 www.google.com
O1 - Hosts: 204.152.194.148 google.com
O1 - Hosts: 204.152.194.148 google.com.au
O1 - Hosts: 204.152.194.148 www.google.com.au
O1 - Hosts: 204.152.194.148 google.be
O1 - Hosts: 204.152.194.148 www.google.be
O1 - Hosts: 204.152.194.148 google.com.br
O1 - Hosts: 204.152.194.148 www.google.com.br
O1 - Hosts: 204.152.194.148 google.ca
O1 - Hosts: 204.152.194.148 www.google.ca
O1 - Hosts: 204.152.194.148 google.ch
O1 - Hosts: 204.152.194.148 www.google.ch
O1 - Hosts: 204.152.194.148 google.de
O1 - Hosts: 204.152.194.148 www.google.de
O1 - Hosts: 204.152.194.148 google.dk
O1 - Hosts: 204.152.194.148 www.google.dk
O1 - Hosts: 204.152.194.148 google.fr
O1 - Hosts: 204.152.194.148 www.google.fr
O1 - Hosts: 204.152.194.148 google.ie
O1 - Hosts: 204.152.194.148 www.google.ie
O1 - Hosts: 204.152.194.148 google.it
O1 - Hosts: 204.152.194.148 www.google.it
O1 - Hosts: 204.152.194.148 google.co.jp
O1 - Hosts: 204.152.194.148 www.google.co.jp
O1 - Hosts: 204.152.194.148 google.nl
O1 - Hosts: 204.152.194.148 www.google.nl
O1 - Hosts: 204.152.194.148 google.no
O1 - Hosts: 204.152.194.148 www.google.no
O1 - Hosts: 204.152.194.148 google.co.nz
O1 - Hosts: 204.152.194.148 www.google.co.nz
O1 - Hosts: 204.152.194.148 google.pl
O1 - Hosts: 204.152.194.148 www.google.pl
O1 - Hosts: 204.152.194.148 google.se
O1 - Hosts: 204.152.194.148 www.google.se
O1 - Hosts: 204.152.194.148 google.co.uk
O1 - Hosts: 204.152.194.148 www.google.co.uk
O1 - Hosts: 204.152.194.148 google.co.za
O1 - Hosts: 204.152.194.148 www.google.co.za
O1 - Hosts: 204.152.194.148 www.google-analytics.com
O1 - Hosts: 204.152.194.148 www.bing.com
O1 - Hosts: 204.152.194.148 search.yahoo.com
O1 - Hosts: 204.152.194.148 www.search.yahoo.com
O1 - Hosts: 204.152.194.148 uk.search.yahoo.com
O1 - Hosts: 204.152.194.148 ca.search.yahoo.com
O1 - Hosts: 204.152.194.148 de.search.yahoo.com
O1 - Hosts: 204.152.194.148 fr.search.yahoo.com
O1 - Hosts: 204.152.194.148 au.search.yahoo.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll

Let me know how you get on, then we can continue fixing your pc.


Report •

#8
April 6, 2011 at 22:22:27
Go to the following directory:
c:\Windows\system32\drivers\etc\

You will see a file called "hosts". it does not have an extension.

Open the hosts file in notepad. Notepad will allow you to open this file even though it doesn't have an extension.

Erase everything in that hosts file and paste the below. Save it. Hopefully this helps you because it seems that your host file is corrupt.


___________PASTE WHAT IS BELOW THIS LINE________

127.0.0.1 localhost
::1 localhost
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


Report •


Ask Question