AeonFulx Posted April 7, 2010 Share Posted April 7, 2010 Well some of you might already know that I had reformatted my computer recently.But I have problem with Google and Gmail in any other browser, Firefox 3.6.3 and IE 8I will talk about Google first, I find that whatever I search for, unrelated things keep appearing. A good example would be typing Deviant Art and result was crap... Usually they will give deviant art official site at the first link right?Ideally:Crap:This is just plain weird. I also unable to access to gmail due to website's security certificate. Even if I clicked Continue to this website (not recommended). it will give me 404 not found. I don't think it's my ISP as my desktop totally have no issue with gmail or google.Can't be any malware right? I tried scanning with Kaspersky. Nothing was detected. Some solution I found was check your date, time or Windows Update and I did all of that and it doesn't help. I was wondering an experts here can solve it? FYI: I'm using XP Pro. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 Most likely, it is malware. Use Malwarebytes Anti Malware and do a full scan of your PC.Also, don't forget to post a hijackthis log. Link to comment Share on other sites More sharing options...
HX1 Posted April 7, 2010 Share Posted April 7, 2010 IF you are using Tor or a VPN.. any sort of proxy.. or Onion Router.. or even if your traffic is being redirected through something else by your ISP or anything.. Your results that return CAN in some cases return for the country/language/location of the originating connection.. SRWare Iron is natively written in German.. sometimes when I search.. I get results specific to that location or for someone who read/speaks German natively...With Tor this can happen as well.. I can't remember what is was that I changed but it isn't so any longer...As far as malware doing this I don't know.. but it would seem quite odd.. make sure you clear your cache...This could just be something temporary..SpyBot, HostsMan, and HiJack This! would be a good idea in this case I think.. however..EDIT: If you suspect ARP, DNS Cache Poisoning.. ( which could be as much as your ISP as you ).. You could switch over to another DNS Server and see if its not the problem or even reset/restart your router. Link to comment Share on other sites More sharing options...
csmdew Posted April 8, 2010 Share Posted April 8, 2010 Does anyone hear read the hijack logs and if yes where would u post them, thanks Link to comment Share on other sites More sharing options...
HX1 Posted April 8, 2010 Share Posted April 8, 2010 If you create a thread about your problem with specifics, with accompanying logs.. There are several people here who can help you with your logs, but usually they are straight-forward and MOST issues are quite apparent.. Link to comment Share on other sites More sharing options...
*dcs18 Posted April 8, 2010 Share Posted April 8, 2010 This is just plain weird. I also unable to access to gmail due to website's security certificate. Even if I clicked Continue to this website (not recommended). it will give me 404 not found. I don't think it's my ISP as my desktop totally have no issue with gmail or google.No worries.The security certificate of Gmail had expired recently and the authentication was being refused by Firefox and The Bat! Professional as expected. ^_^The issue was a brief one and has been swiftly rectified by Gmail. B) Link to comment Share on other sites More sharing options...
AeonFulx Posted April 8, 2010 Author Share Posted April 8, 2010 Yeah thanks for reminding me about HijackThis. Yes I got the log now and yep there some weird google thing. I will post here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:17 PM, on 4/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\o2flash.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeC:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Fujitsu\Application Panel\QuickTouch.exeC:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeC:\Program Files\Fujitsu\PSUtility\TrayManager.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISA-Firewall.rp.sg:8080O1 - Hosts: 89.149.249.195 www.google.comO1 - Hosts: 89.149.249.195 www.google.deO1 - Hosts: 89.149.249.195 www.google.frO1 - Hosts: 89.149.249.195 www.google.co.ukO1 - Hosts: 89.149.249.195 www.google.com.brO1 - Hosts: 89.149.249.195 www.google.itO1 - Hosts: 89.149.249.195 www.google.esO1 - Hosts: 89.149.249.195 www.google.co.jpO1 - Hosts: 89.149.249.195 www.google.com.mxO1 - Hosts: 89.149.249.195 www.google.caO1 - Hosts: 89.149.249.195 www.google.com.auO1 - Hosts: 89.149.249.195 www.google.nlO1 - Hosts: 89.149.249.195 www.google.co.zaO1 - Hosts: 89.149.249.195 www.google.beO1 - Hosts: 89.149.249.195 www.google.grO1 - Hosts: 89.149.249.195 www.google.atO1 - Hosts: 89.149.249.195 www.google.seO1 - Hosts: 89.149.249.195 www.google.chO1 - Hosts: 89.149.249.195 www.google.ptO1 - Hosts: 89.149.249.195 www.google.dkO1 - Hosts: 89.149.249.195 www.google.fiO1 - Hosts: 89.149.249.195 www.google.ieO1 - Hosts: 89.149.249.195 www.google.noO1 - Hosts: 89.149.249.195 search.yahoo.comO1 - Hosts: 89.149.249.195 us.search.yahoo.comO1 - Hosts: 89.149.249.195 uk.search.yahoo.com127.0.0.1 activate.adobe.comO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeO4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeO4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exeO4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeO4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exeO4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -rO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exeO4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLLO9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270598256265O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270526021218O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sgO17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sgO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sgO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sgO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exeO23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe--End of file - 12575 bytes Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 HOSTS file. Have you ever touched C:\Windows\System32\drivers\etc\Hosts ???This is the main reason of your problem. Someone/something has played with your hosts file.Backup the hosts file. Open it in notepad and remove all the google and yahoo entries. ONLY google and yahoo entries. Save it and try again. ;) Link to comment Share on other sites More sharing options...
AeonFulx Posted April 8, 2010 Author Share Posted April 8, 2010 Yep, I never touched that. This problem occur right after I finish reformat my com. Normally I don't go to the net until I installed my AV and windows update. So when all these are done, my google already screwed up... No idea why. I will try removing that entries!Edit: Now my google is alright now! Thanks to you guys which remind me to use Hijackthis lol one of my favorite tool but I totally forgot about it.Just curious how my Host file being messed up lol Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 Do it now. Save the file. No need to restart. I'm sure it will solve your problem. ;)Then do a Malwarebytes Anti Malware Full System scan. Link to comment Share on other sites More sharing options...
AeonFulx Posted April 8, 2010 Author Share Posted April 8, 2010 Do it now. Save the file. No need to restart. I'm sure it will solve your problem. ;)Then do a Malwarebytes Anti Malware Full System scan.Yep it solved my problem. Actually before I run Hijackthis just now, I did a full system scan for Malwarebytes and nothing was detected :s Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 :thumbsup:Glad that the problem is solved. :)Did you use a .BAT or similar patch to patch adobe photoshop or some other adobe product? Now post another hijackthis log, so that it can be assured that it's proper now. :) Link to comment Share on other sites More sharing options...
AeonFulx Posted April 8, 2010 Author Share Posted April 8, 2010 Did you use a .BAT or similar patch to patch adobe photoshop or some other adobe product? Yes, I did one for PS CS4 but i don't think that's the one causing the problem. As I had the same installation for my desktop and I also used hijackthis to check out. No junk host was added in. :oHere's my new Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:17:28 AM, on 4/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\o2flash.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeC:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Fujitsu\Application Panel\QuickTouch.exeC:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeC:\Program Files\Fujitsu\PSUtility\TrayManager.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXEC:\Program Files\iTunes\iTunes.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISA-Firewall.rp.sg:8080O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeO4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeO4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exeO4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeO4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exeO4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -rO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exeO4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exeO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLLO9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270598256265O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270526021218O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sgO17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sgO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sgO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sgO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exeO23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe--End of file - 11497 bytes Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 Open your hosts file and add these: ;)127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.comIt will block any of the adobe activation links. And you wont have any problems surfing adobe.com or using it's products. And yes that CS4 activator seems to have done this. Link to comment Share on other sites More sharing options...
Night Owl Posted April 8, 2010 Share Posted April 8, 2010 @DKT27: Your hosts file additions looked familiar, but far too long. The last 26 lines are all duplicates. Only the first 14 lines are unique:127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 Yea I didn't notice that. :tooth: Link to comment Share on other sites More sharing options...
HX1 Posted April 8, 2010 Share Posted April 8, 2010 I bet I know exactly how that happened too..Get HostsMan DK.. good tool..EDIT: Wanted to point out too that there are a lot of things you could do to optimize your system operation.. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 8, 2010 Administrator Share Posted April 8, 2010 Thanx heath. Will check it out.I actually have nsane.down and nsane.forums in my hosts file for faster opening. For the other sites, most of them that I visit, have multiple IPs. :( Link to comment Share on other sites More sharing options...
Night Owl Posted April 9, 2010 Share Posted April 9, 2010 @heath28m: Thanks for the reminder about HostsMan. I completely forgot about it. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 9, 2010 Administrator Share Posted April 9, 2010 Yea I tried it now. Is quite good. But don't forget to backup your current hosts file. ;)And when restoring it, don't restore the original one, original one is blank, restore the one below it. Link to comment Share on other sites More sharing options...
HX1 Posted April 9, 2010 Share Posted April 9, 2010 Very useful.. between SpyBot and adding their Security add-ins though I had like 134,000 entries.. hooking up was just too slow.. I know only have a very small number of them.. Currently only using a few entered by hand.. the large number above was after optimizing it even and searching for duplicates... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.