Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locked Firefox hosts file- not sure what to do


  • This topic is locked This topic is locked
3 replies to this topic

#1 ghunt

ghunt

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 08 January 2010 - 09:45 AM

I've been having problems with my Firefox on my computer and some embedded redirects and etc. For some reason I never thought to try HijackThis until recently, and I may have found my problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:17 AM, on 1/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: 88.198.247.68 www.google.rw
O1 - Hosts: 88.198.247.68 www.google.sc
O1 - Hosts: 88.198.247.68 www.google.se
O1 - Hosts: 88.198.247.68 www.google.sh
O1 - Hosts: 88.198.247.68 www.google.si
O1 - Hosts: 88.198.247.68 www.google.sm
O1 - Hosts: 88.198.247.68 www.google.sn
O1 - Hosts: 88.198.247.68 www.google.st
O1 - Hosts: 88.198.247.68 www.google.tl
O1 - Hosts: 88.198.247.68 www.google.tm
O1 - Hosts: 88.198.247.68 www.google.tt
O1 - Hosts: 88.198.247.68 www.google.us
O1 - Hosts: 88.198.247.68 www.google.vu
O1 - Hosts: 88.198.247.68 www.google.ws
O1 - Hosts: 88.198.247.68 www.google.co.ck
O1 - Hosts: 88.198.247.68 www.google.co.id
O1 - Hosts: 88.198.247.68 www.google.co.il
O1 - Hosts: 88.198.247.68 www.google.co.in
O1 - Hosts: 88.198.247.68 www.google.co.jp
O1 - Hosts: 88.198.247.68 www.google.co.kr
O1 - Hosts: 88.198.247.68 www.google.co.ls
O1 - Hosts: 88.198.247.68 www.google.co.ma
O1 - Hosts: 88.198.247.68 www.google.co.nz
O1 - Hosts: 88.198.247.68 www.google.co.tz
O1 - Hosts: 88.198.247.68 www.google.co.ug
O1 - Hosts: 88.198.247.68 www.google.co.uk
O1 - Hosts: 88.198.247.68 www.google.co.za
O1 - Hosts: 88.198.247.68 www.google.co.zm
O1 - Hosts: 88.198.247.68 www.google.com
O1 - Hosts: 88.198.247.68 www.google.com.af
O1 - Hosts: 88.198.247.68 www.google.com.ag
O1 - Hosts: 88.198.247.68 www.google.com.ar
O1 - Hosts: 88.198.247.68 www.google.com.au
O1 - Hosts: 88.198.247.68 www.google.com.bn
O1 - Hosts: 88.198.247.68 www.google.com.br
O1 - Hosts: 88.198.247.68 www.google.com.by
O1 - Hosts: 88.198.247.68 www.google.com.bz
O1 - Hosts: 88.198.247.68 www.google.com.cu
O1 - Hosts: 88.198.247.68 www.google.com.ec
O1 - Hosts: 88.198.247.68 www.google.com.fj
O1 - Hosts: 88.198.247.68 google.com
O1 - Hosts: 88.198.247.68 www.google.com
O1 - Hosts: 88.198.247.68 bing.com
O1 - Hosts: 88.198.247.68 www.bing.com
O1 - Hosts: 88.198.247.68 search.yahoo.com
O1 - Hosts: 88.198.247.68 www.search.yahoo.com
O1 - Hosts: 88.198.247.68 search.live.com
O1 - Hosts: 88.198.247.68 search.msn.com
O1 - Hosts: 88.198.247.68 uk.search.yahoo.com
O1 - Hosts: 88.198.247.68 ca.search.yahoo.com
O1 - Hosts: 88.198.247.68 de.search.yahoo.com
O1 - Hosts: 88.198.247.68 fr.search.yahoo.com
O1 - Hosts: 88.198.247.68 au.search.yahoo.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -n QB_ENGINEERINGHP_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\ENGINE~1\LOCALS~1\APPLIC~1\Intuit\QUICKB~2\Log\DBSTAR~1.LOG -y
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fkabave] rundll32.exe "C:\WINDOWS\ubofuqos.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231433045468
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\Software\..\Telephony: DomainName = AlleghenyProcessSystems.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{D516DC9B-708E-4F70-8C14-AD1D8CDD2D9C}: NameServer = 192.168.1.106
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = AlleghenyProcessSystems.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Portable Media Serial Number Service WmdmPmSNaspnet_state (WmdmPmSNaspnet_state) - Unknown owner - C:\WINDOWS\system32\algd.exe (file missing)

--
End of file - 11232 bytes

As you can see I somehow got a thousand hosts listed in there. HT says the hosts file is locked. I followed their instructions on fixing it but it doesn't seem to have worked. The hosts file is showing for me as an unrecognized file type.

I also have multiple spyware programs because people on the Mozilla help forums recommended 2 or 3 different ones, none of which helped. Should I get rid of a-squared free and superantispyware? (those are both programs recommended by the mozillazine people)

Also, to elaborate on the Firefox problems- going to google.com ALWAYS takes me to google.de. Also google won't save any of my preferences changes, and when I do searches the first link I click always sends me on a bunch of redirects.

Thanks!

EDIT: Another problem I'm having- one of the spyware programs I ran found "ubofuqos.dll" in my registry set to run on startup, and deleted it. Problem is that the computer is still looking for it at startup and gives an error saying it can't find it when I restart the computer. How do I remove it from the startup list?

BC AdBot (Login to Remove)

 


#2 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 12 January 2010 - 09:38 AM

Can someone delete this please? I don't know how to request to have it done.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:41 AM

Posted 14 January 2010 - 08:14 PM

Delete the last post or the whole topic?

Are you still looking for help?
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:41 AM

Posted 20 January 2010 - 09:02 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users