Webpage redirect, roar.com

Welcome to Major Geeks!

I'm not sure what you are trying to tell me hear but that full URL is not valid. The www.austco.com is valid and I assume that is the one you want to access. I see nothing in any of your logs that would indicate redirection problems other than the fact that you have a ridiculously large hosts file. Did you use a program to insert lots of stuff into your hosts files. Like MVPS-Hosts or similar. We personally think tools like that are a bad idea since they slow surfing down and they give an easy hiding place for a few malware things to hide. Just think how hard it is to find one or two bad lines in a hosts file that is thousands of lines long. Banning the internet is the wrong approach. Properly protecting your PC to begin with and educating people on good surfing habits is the correct approach. I recommend that you reset your hosts file to Microsoft's default using the below.

Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
  [*]It will create a folder named HostsXpert in whatever folder you extract it to.
  [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
  [*]Click the X to exit the program

You need to run the scans on the account that is infected. Otherwise things that are unique to the problem account will not be found since the account is not active. Which logs were not obtained from the problem account?

Other than all the junk in your email folders (which was pointed out by Panda and BitDefender) you are clean. You need to cleanup these email folders and files yourself manually. If anything the scans are pointing at are known to be valid (you are they one that will need to know this), then keep the email.

Are you still have redirection problems? If so, exactly when and what is the exact site you are being redirected to? Is it only when using FireFox?

Why do you load explorer at startup?
O4 - Startup: Windows Explorer.lnk = C:\WINNT\explorer.exe

 

I forgot one other thing. You should uninstall the below old Sun Java version since you already have the current version installed:

J2SE Runtime Environment 5.0 Update 11

 

Did you run HostsXpert to reset your hosts file? If not, please do so now. Then do the below.

Now run this WareOut Removal and attach the requested log.

Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.

 

Based on your log from FixWareout, you did not install and run it properly! The log was incomplete and it could not even find one of its own files that is installed when you run the program. Try again. Make sure that you do not allow any antivirus or antispyware program to interfere with the install or running.

Also do the below!

Click Start, Run, and enter ipconfig /flushdns and click OK.


Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now please download ProcessExplorer

• Unzip it to its own folder somewhere you can locate it.
• Make sure you have only one Internet Explorer brower open.
• Now run procexp.exe by double clicking on it.
• Let's configure some options first:
  • Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked.
  • Now click on iexplore.exe.
  • Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
• Now click on File and then Save As. And save the process list.
• Post it back here as an attachment.

 

Goto the C:\fixwareout\FindT folder and tell me all the files you see.

Well that sounds promising!

 

Hmmm! That looks okay. The only reason I can think of that you cannot run FixWareOut properly is that you may have illegal characters in some of your file or folder names somewhere. This is documented by Microsoft here: http://support.microsoft.com/kb/103368

I'm not sure the FixWareOut was going to find anything anyway.

Yes the problem could be at some other point in your network. You may need to cleanup your server and flush the DNS cache there too.

One other thing that may be interesting to try is:

• Save your FireFox favorites somewhere to
• uninstall FireFox
• reboot
• delete the C:\Program Files\Mozilla Firefox folder
• reinstall FireFox
• see if the problem still occurs.