Jump to content

Search the Community

Showing results for tags 'Host File'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. I have been trying to block Facebook on my wife computer (per her request) for a little over a week now. Every time I update the host file and add 127.0.0.1 www.facebook.com to the host file. Every time I do this it blocks facebook for a period of time. Then eventually the line is removed automatically by something and she is able to access facebook again. This is sketchy as stuff and I am not the only one experiencing this. http://www.bleepingc...opic435876.html http://forum.avira.c...threadID=126207 http://www.techsuppo...sts-620204.html Whatever is causing this needs to be investigated further. I have tried everything, setting the host file to read only permissions, adding facebook.com multiple times. Whatever is deleting it is looking specifically for facebook.com and removing the line. Take a look. Friday I edit the host file to look like this, # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost # Block Facebook 127.0.0.1 static.ak.fbcdn.net 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.static.ak.fbcdn.net 127.0.0.1 login.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.login.facebook.com 127.0.0.1 fbcdn.net 127.0.0.1 www.fbcdn.net 127.0.0.1 fbcdn.com 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.fbcdn.com 127.0.0.1 static.ak.connect.facebook.com 127.0.0.1 www.static.ak.connect.facebook.com And Monday it will look like this # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost # Block Facebook 127.0.0.1 static.ak.fbcdn.net 127.0.0.1 www.static.ak.fbcdn.net 127.0.0.1 login.facebook.com 127.0.0.1 www.login.facebook.com 127.0.0.1 fbcdn.net 127.0.0.1 www.fbcdn.net 127.0.0.1 fbcdn.com 127.0.0.1 www.fbcdn.com 127.0.0.1 static.ak.connect.facebook.com 127.0.0.1 www.static.ak.connect.facebook.com I see no processes running related to Facebook. Nothing suspicious in the task scheduler. My wife claims that she is able to get in by clicking links in emails from Facebook but all links appear to be from facebook.com so they should have failed from the beginning. I appreciate any support. Hope to hear some ideas from your community soon. Thx! ---------- Begin Log--------- I have tried to clean unique identifiers from this related to work and usernames. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_33 Run by username at 23:10:03 on 2012-08-27 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1908.232 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe c:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Program Files\marimba\tuner\Tuner.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\mfevtps.exe C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\Program Files\ VPN CLIENT\NvcSvcMgr.exe C:\Program Files\SupportSoft_Amer_i_7\bin\sprtsvc.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\SupportSoft_Amer_i_7\bin\tgsrvc.exe C:\Windows\system32\rundll32.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Program Files\marimba\tuner\.marimba\marimba\ch.25\data\sum.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\SupportSoft_Amer_i_7\bin\sprtcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\calc.exe C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20101202-0021\win32\x86\notes2.exe C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\marimba\tuner\lib\minituner.exe C:\Program Files\Microsoft Office\Office12\WINPROJ.EXE C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\username\AppData\Local\Google\Chrome\Application\chrome.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe C:\Users\username\AppData\Local\Temp\is-OCR82.tmp\mbam-setup.tmp C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://c3..com/ uDefault_Page_URL = https://c3..com uInternet Settings,ProxyOverride = <local> uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120704161559.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [Google Update] "c:\users\username\appdata\local\google\update\GoogleUpdate.exe" /c uRunOnce: [-ENG-IE8Updates-1.0-GBL-R2] "c:\program files\-eng-ie8updates-1.0-gbl-r2\IE8Update_Act.vbs" mRun: [<NO NAME>] mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NVC] "c:\program files\ vpn client\Nvc.exe" -autostart mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Everything] "c:\program files\everything\Everything.exe" -startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [supportSoft_Amer_i_7] "c:\program files\supportsoft_amer_i_7\bin\sprtcmd.exe" /P SupportSoft_Amer_i_7 mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe uPolicies-explorer: NoWindowsUpdate = 1 (0x1) uPolicies-explorer: GreyMSIAds = 1 (0x1) uPolicies-explorer: TaskbarNoNotification = 0 (0x0) mPolicies-explorer: NoPublishingWizard = 1 (0x1) mPolicies-explorer: NoWebServices = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableInstallerDetection = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: FilterAdministratorToken = 1 (0x1) mPolicies-system: dontdisplaylockeduserid = 3 (0x3) mPolicies-system: LogonType = 0 (0x0) dPolicies-explorer: NoFileMenu = 1 (0x1) dPolicies-explorer: NoFileUrl = 1 (0x1) dPolicies-explorer: NoToolsMenu = 1 (0x1) dPolicies-explorer: NoWindowsUpdate = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL Trusted Zone: bipac.net Trusted Zone: idea-central.net DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{696E3B6C-6B22-475A-9739-52DB479C9256} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{696E3B6C-6B22-475A-9739-52DB479C9256}\34963736F68433231363 : DhcpNameServer = 10.1.10.1 TCP: Interfaces\{696E3B6C-6B22-475A-9739-52DB479C9256}\C41646C656370235F6570737 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{696E3B6C-6B22-475A-9739-52DB479C9256}\E4544574541425 : DhcpNameServer = 192.168.1.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll mASetup: {3A00BDE2-D512-4D0A-8A9E-52E842431F7D} - c:\program files\-eng-ie8_updates-1.0-gbl-r1\IE8Update_Act.vbs mASetup: ADBFIX - c:\program files\patches\stub\ADB_Stub.EXE mASetup: -ENG-IE8Updates-1.0-GBL-R2 - "c:\program files\-eng-ie8updates-1.0-gbl-r2\IE8Update_Act.vbs" mASetup: ENG-SetMailtoLotusNotes-1.0-GBL-R1 - "c:\windows\system32\cmd.exe" /c "reg add hkcu\software\microsoft\windows\shell\associations\urlassociations\mailto\UserChoice /v Progid /d Notes.mailto /f" mASetup: OFFIX - c:\program files\patches\stub\OFF-FIX-STUB.EXE . ================= FIREFOX =================== . FF - ProfilePath - c:\users\username\appdata\roaming\mozilla\firefox\profiles\zyudn6re.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll FF - plugin: c:\users\username\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\username\appdata\roaming\mozilla\plugins\npatgpc.dll FF - plugin: c:\users\username\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\username\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-1 214696] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2011-2-1 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2011-2-1 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2011-2-1 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2011-2-1 35552] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-2-1 45352] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-1 29472] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2011-2-1 44680] . =============== Created Last 30 ================ . 2012-08-28 03:09:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-27 11:50:52 -------- d-----w- c:\users\username\appdata\roaming\smkits 2012-08-22 15:25:25 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-22 15:21:51 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-22 15:21:51 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-22 15:21:26 769024 ----a-w- c:\windows\system32\localspl.dll 2012-08-20 17:04:50 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-08-20 13:05:56 -------- d-----w- c:\windows\system32\SPReview 2012-08-20 11:53:59 198144 ----a-w- c:\windows\system32\sysclass.dll 2012-08-20 11:51:04 -------- d-----w- c:\windows\system32\EventProviders 2012-08-20 11:47:55 123904 ----a-w- c:\windows\system32\poqexec.exe 2012-08-16 15:51:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9a69a146-b4c8-42c1-a1a3-8bbc57ef09e6}\offreg.dll 2012-08-16 15:49:59 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9a69a146-b4c8-42c1-a1a3-8bbc57ef09e6}\mpengine.dll 2012-08-16 15:49:58 -------- d-----w- C:\15b02a4ca90d6d3cfc48adf930e3 2012-07-31 17:52:06 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-31 17:52:03 122128 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-07-31 17:52:02 323344 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-07-31 17:52:02 175376 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-07-31 17:52:01 1048576 ----a-w- c:\windows\system32\syndata.bin 2012-07-31 17:52:00 400656 ----a-w- c:\windows\system32\SynCOM.dll 2012-07-31 17:52:00 249104 ----a-w- c:\windows\system32\SynCtrl.dll 2012-07-31 17:50:56 -------- d-----w- C:\DRIVERS . ==================== Find3M ==================== . 2012-08-20 12:53:07 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-08-09 05:43:30 143040 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-07-15 18:52:16 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-15 18:52:15 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-05 20:19:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-05 20:19:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-04 20:13:38 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-07-04 20:13:37 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-07-04 20:13:37 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-07-04 20:13:37 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-07-04 20:13:37 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-07-04 20:13:37 148520 ----a-w- c:\windows\system32\mfevtps.exe 2012-07-04 20:13:36 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-07-04 20:13:36 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-07-04 20:13:36 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-07-04 20:13:36 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 05:53:07 981504 ----a-w- c:\windows\system32\wininet.dll 2012-06-27 04:10:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 23:14:03.74 =============== Sorry for the small font, I copied from a previous thread that was in the wrong topic. In case my original post was too small I have been trying to block Facebook on my wife computer (per her request) for a little over a week now. Every time I update the host file and add 127.0.0.1 www.facebook.com to the host file. Every time I do this it blocks facebook for a period of time. Then eventually the line is removed automatically by something and she is able to access facebook again. This is sketchy as stuff and I am not the only one experiencing this. http://www.bleepingc...opic435876.html http://forum.avira.c...threadID=126207 http://www.techsuppo...sts-620204.html Whatever is causing this needs to be investigated further. I have tried everything, setting the host file to read only permissions, adding facebook.com multiple times. Whatever is deleting it is looking specifically for facebook.com and removing the line. Take a look. Friday I edit the host file to look like this, # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost # Block Facebook 127.0.0.1 static.ak.fbcdn.net 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.static.ak.fbcdn.net 127.0.0.1 login.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.login.facebook.com 127.0.0.1 fbcdn.net 127.0.0.1 www.fbcdn.net 127.0.0.1 fbcdn.com 127.0.0.1 www.facebook.com 127.0.0.1 www.facebook.com 127.0.0.1 www.fbcdn.com 127.0.0.1 static.ak.connect.facebook.com 127.0.0.1 www.static.ak.connect.facebook.com And Monday it will look like this # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost # Block Facebook 127.0.0.1 static.ak.fbcdn.net 127.0.0.1 www.static.ak.fbcdn.net 127.0.0.1 login.facebook.com 127.0.0.1 www.login.facebook.com 127.0.0.1 fbcdn.net 127.0.0.1 www.fbcdn.net 127.0.0.1 fbcdn.com 127.0.0.1 www.fbcdn.com 127.0.0.1 static.ak.connect.facebook.com 127.0.0.1 www.static.ak.connect.facebook.com I see no processes running related to Facebook. Nothing suspicious in the task scheduler. My wife claims that she is able to get in by clicking links in emails from Facebook but all links appear to be from facebook.com so they should have failed from the beginning. I appreciate any support. Hope to hear some ideas from your community soon. Thx!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.