0

Hi, my google does not seem to be loading up but every other webpage does, I have ran AVG and Ad-Aware.

Logfile of HijackThis v1.99.1
Scan saved at 12:35:45 PM, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\Anti Virus\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

3
Contributors
17
Replies
19
Views
7 Years
Discussion Span
Last Post by gerbil
0

Have you edited the hosts file?

It looks like all the google sites are on your hosts file list (among many other sites). Go to C:\windows\system32\drivers\etc and open the hosts file using notepad. Delete all the google entries and save the file with no extension.

0

You might wish to run Malwarebyte's Antimalware. A quick scan will suffice. altering your Hosts file is not all that the malware you have does to your sys.

0

Have you edited the hosts file?

It looks like all the google sites are on your hosts file list (among many other sites). Go to C:\windows\system32\drivers\etc and open the hosts file using notepad. Delete all the google entries and save the file with no extension.

There were no google entries in there. A few others that are listed in hijack this, but not ones for google.

0

Sorry to double post, didn't see the edit button. I also downloaded Malwarebytes and ran a full system scan. It only came up with one infected object, the problem with google still occurs. (I did update the program as well.)

0

K. Please delete your copy of hijackthis, dl this one:
== http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop.
Post a fresh log please.

I ran the scan and it said "For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, Hijack this may NOT be able to fix this" Then it explaines how to remove them myself.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:06 PM, on 10/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\HP_Administrator\Desktop\Anti Virus\HijackThis.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system\hpsysdrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 206.53.61.77 google.com.jm
O1 - Hosts: 206.53.61.77 google.com.mx
O1 - Hosts: 206.53.61.77 google.com.my
O1 - Hosts: 206.53.61.77 google.com.na
O1 - Hosts: 206.53.61.77 google.com.nf
O1 - Hosts: 206.53.61.77 google.com.ng
O1 - Hosts: 206.53.61.77 google.ch
O1 - Hosts: 206.53.61.77 google.com.np
O1 - Hosts: 206.53.61.77 google.com.pr
O1 - Hosts: 206.53.61.77 google.com.qa
O1 - Hosts: 206.53.61.77 google.com.sg
O1 - Hosts: 206.53.61.77 google.com.tj
O1 - Hosts: 206.53.61.77 google.com.tw
O1 - Hosts: 206.53.61.77 google.dj
O1 - Hosts: 206.53.61.77 google.de
O1 - Hosts: 206.53.61.77 google.dk
O1 - Hosts: 206.53.61.77 google.dm
O1 - Hosts: 206.53.61.77 google.ee
O1 - Hosts: 206.53.61.77 google.fi
O1 - Hosts: 206.53.61.77 google.fm
O1 - Hosts: 206.53.61.77 google.fr
O1 - Hosts: 206.53.61.77 google.ge
O1 - Hosts: 206.53.61.77 google.gg
O1 - Hosts: 206.53.61.77 google.gm
O1 - Hosts: 206.53.61.77 google.gr
O1 - Hosts: 206.53.61.77 google.ht
O1 - Hosts: 206.53.61.77 google.ie
O1 - Hosts: 206.53.61.77 google.im
O1 - Hosts: 206.53.61.77 google.in
O1 - Hosts: 206.53.61.77 google.it
O1 - Hosts: 206.53.61.77 google.ki
O1 - Hosts: 206.53.61.77 google.la
O1 - Hosts: 206.53.61.77 google.li
O1 - Hosts: 206.53.61.77 google.lv
O1 - Hosts: 206.53.61.77 google.ma
O1 - Hosts: 206.53.61.77 google.ms
O1 - Hosts: 206.53.61.77 google.mu
O1 - Hosts: 206.53.61.77 google.mw
O1 - Hosts: 206.53.61.77 google.nl
O1 - Hosts: 206.53.61.77 google.no
O1 - Hosts: 206.53.61.77 google.nr
O1 - Hosts: 206.53.61.77 google.nu
O1 - Hosts: 206.53.61.77 google.pl
O1 - Hosts: 206.53.61.77 google.pn
O1 - Hosts: 206.53.61.77 google.pt
O1 - Hosts: 206.53.61.77 google.ro
O1 - Hosts: 206.53.61.77 google.ru
O1 - Hosts: 206.53.61.77 google.rw
O1 - Hosts: 206.53.61.77 google.sc
O1 - Hosts: 206.53.61.77 google.se
O1 - Hosts: 206.53.61.77 google.sh
O1 - Hosts: 206.53.61.77 google.si
O1 - Hosts: 206.53.61.77 google.sm
O1 - Hosts: 206.53.61.77 google.sn
O1 - Hosts: 206.53.61.77 google.st
O1 - Hosts: 206.53.61.77 google.tl
O1 - Hosts: 206.53.61.77 google.tm
O1 - Hosts: 206.53.61.77 google.tt
O1 - Hosts: 206.53.61.77 google.us
O1 - Hosts: 206.53.61.77 google.vu
O1 - Hosts: 206.53.61.77 google.ws
O1 - Hosts: 206.53.61.77 google.co.ck
O1 - Hosts: 206.53.61.77 google.co.id
O1 - Hosts: 206.53.61.77 google.co.il
O1 - Hosts: 206.53.61.77 google.co.in
O1 - Hosts: 206.53.61.77 google.co.jp
O1 - Hosts: 206.53.61.77 google.co.kr
O1 - Hosts: 206.53.61.77 google.co.ls
O1 - Hosts: 206.53.61.77 google.co.ma
O1 - Hosts: 206.53.61.77 google.co.nz
O1 - Hosts: 206.53.61.77 google.co.tz
O1 - Hosts: 206.53.61.77 google.co.ug
O1 - Hosts: 206.53.61.77 google.co.uk
O1 - Hosts: 206.53.61.77 google.co.za
O1 - Hosts: 206.53.61.77 google.co.zm
O1 - Hosts: 206.53.61.77 google.com
O1 - Hosts: 206.53.61.77 google.com.af
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O24 - Desktop Component 0: (no name) - http://static.racingjunk.com/63/ui/2/5/5627851311863.gif

--
End of file - 14872 bytes

0

And wre you able to fix it? This tool makes it very simple, removes protections that malware places.
==download HostsXpert from http://www.funkytoad.com/content/view/13/31/
-click the top button Make Writable if it is available
-click Restore MS Hosts File button.

No I was not able to fix it. And I tried hostsXpert before, and I just tried again. "Your hosts file is marked as a system file and cannot be manipulated." and clicking the make writable does not work.

0

If you would like to clear your hosts file manually [C:\Windows\system32\drivers\etc\hosts] then apart from the helpful guff from M$ which may or may not exist in your hosts file, this should be the only [or bare minimum!!] entry:
127.0.0.1 localhost
Drag Hosts into an empty notepad, edit it and Save.
You may find that you are not able to save the changed/corrected file. This is because some security applications, possibly also various malware, will lock your Hosts file [make it read-only] as a protection. Lock/Unlock hosts exists in Zonealarm and Spybot S&D.
ZoneAlarm : look under firewall, advanced;
Spybot : click Tools, Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd ...and press Enter. Paste this line into the window at the prompt, press Enter, close the window and try to save the file again.
attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS

0

Doesn't work. Spybot says "Cannot create file "C:/winows... ect" Access is denied. In CMD it after I put that line in it says Access is denied - C:/Windows/.... ect.

0

Did you stop Spybot blocking file alterations, as in:
Spybot : click Tools, Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers" ?
What Spybot does, if you attempt to change the hosts file attributes via the attrib cmd line i gave, is automatically set those attributes again so as to protect the file.

Edited by gerbil: n/a

0

I found that exact option check box, but it was in tools under IE tweaks. I un checked it and it still does not work.

Edited by OverZealous7754: n/a

0

Please open a cmd window and run these, tell us what attrib posts for the hosts file:
cd %systemroot%
cd system32\drivers\etc
attrib

With that SB option unchecked you should be able to clear any of those attributes with:
attrib -r -h -s hosts [while in the above directory]; check with another attrib

Edited by gerbil: n/a

0

Please open a cmd window and run these, tell us what attrib posts for the hosts file:
cd %systemroot%
cd system32\drivers\etc
attrib

With that SB option unchecked you should be able to clear any of those attributes with:
attrib -r -h -s hosts [while in the above directory]; check with another attrib

system root

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\HP_Administrator>cd %systemroot%

C:\WINDOWS>attrib
A C:\WINDOWS\0.log
A C:\WINDOWS\003225_.tmp
A C:\WINDOWS\4A3724EE.ini
A C:\WINDOWS\ALCXMNTR.EXE
A C:\WINDOWS\armcex.dll
A C:\WINDOWS\arpower.dll
A C:\WINDOWS\arpwrmsg.exe
A C:\WINDOWS\arservice.exe
A C:\WINDOWS\Blue Lace 16.bmp
A S C:\WINDOWS\bootstat.dat
A C:\WINDOWS\cdplayer.ini
A C:\WINDOWS\clock.avi
A C:\WINDOWS\Coffee Bean.bmp
A C:\WINDOWS\comsetup.log
A C:\WINDOWS\control.ini
A C:\WINDOWS\dellstat.ini
A C:\WINDOWS\desktop.ini
A C:\WINDOWS\DIIUnin.dat
A C:\WINDOWS\DIIUnin.exe
A C:\WINDOWS\DIIUnin.pif
A C:\WINDOWS\ehOCGen.log
A C:\WINDOWS\explorer.exe
A C:\WINDOWS\explorer.scf
A C:\WINDOWS\FaxSetup.log
A C:\WINDOWS\FeatherTexture.bmp
A C:\WINDOWS\Gone Fishing.bmp
A C:\WINDOWS\Greenstone.bmp
A C:\WINDOWS\hh.exe
A R C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
A C:\WINDOWS\HPGdiPlus.ini
A C:\WINDOWS\HPHins08.dat
A C:\WINDOWS\hphmdl08.dat
A C:\WINDOWS\hpiins01.dat
A C:\WINDOWS\hpimdl01.dat
A C:\WINDOWS\hpoins06.dat
A C:\WINDOWS\hpoins07.dat
A C:\WINDOWS\hpomdl06.dat
A C:\WINDOWS\hpomdl07.dat
A C:\WINDOWS\HP_48BitScanUpdatePatch.ini
A C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
A C:\WINDOWS\HP_InstantSHareJPG.ini
A C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
A C:\WINDOWS\hsc.ico
A C:\WINDOWS\iis6.log
A C:\WINDOWS\imsins.log
A C:\WINDOWS\IsUninst.exe
A C:\WINDOWS\jautoexp.dat
C:\WINDOWS\kb913800.exe
A C:\WINDOWS\KB975561.log
A C:\WINDOWS\lexstat.ini
A C:\WINDOWS\MedCtrOC.log
A C:\WINDOWS\MF_C420.lfa
A C:\WINDOWS\MF_C421.lfa
A C:\WINDOWS\MF_C425.lfa
A C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
A C:\WINDOWS\msdfmap.ini
A C:\WINDOWS\msgsocm.log
A C:\WINDOWS\msmqinst.log
A C:\WINDOWS\netfxocm.log
A C:\WINDOWS\notepad.exe
A C:\WINDOWS\nsreg.dat
A C:\WINDOWS\NSSetDefaultBrowser.EXE
A C:\WINDOWS\NSSetDefaultBrowser.ini
A C:\WINDOWS\ntbtlog.txt
A C:\WINDOWS\ntdtcsetup.log
A C:\WINDOWS\ocgen.log
A C:\WINDOWS\ocmsn.log
A C:\WINDOWS\ODBC.INI
A C:\WINDOWS\ODBCINST.INI
A C:\WINDOWS\orun32.ini
A C:\WINDOWS\orun32.isu
A C:\WINDOWS\PCDLIB32.DLL
A C:\WINDOWS\plusoc.log
A C:\WINDOWS\PowerReg.dat
A C:\WINDOWS\Prairie Wind.bmp
A C:\WINDOWS\QTFont.for
A H C:\WINDOWS\QTFont.qfn
A C:\WINDOWS\Quicken.ini
A C:\WINDOWS\regedit.exe
A C:\WINDOWS\REGLOCS.OLD
A C:\WINDOWS\Rhododendron.bmp
A C:\WINDOWS\River Sumida.bmp
A C:\WINDOWS\Santa Fe Stucco.bmp
A C:\WINDOWS\SchedLgU.Txt
A C:\WINDOWS\setdebug.exe
A C:\WINDOWS\setupact.log
A C:\WINDOWS\setupapi.log.0.old
A C:\WINDOWS\setuperr.log
A C:\WINDOWS\SIGVERIF.TXT
C:\WINDOWS\slrundll.exe
A C:\WINDOWS\smscfg.ini
A C:\WINDOWS\Soap Bubbles.bmp
C:\WINDOWS\Sti_Trace.log
A C:\WINDOWS\system.ini
A C:\WINDOWS\tabletoc.log
A C:\WINDOWS\TASKMAN.EXE
A C:\WINDOWS\tsoc.log
A C:\WINDOWS\twain.dll
A C:\WINDOWS\twain_32.dll
A C:\WINDOWS\Twunk_16.dll
A C:\WINDOWS\twunk_16.exe
A C:\WINDOWS\Twunk_32.dll
A C:\WINDOWS\twunk_32.exe
A C:\WINDOWS\uninst.exe
A C:\WINDOWS\UPGRADE.TXT
A C:\WINDOWS\vb.ini
A C:\WINDOWS\vbaddin.ini
A C:\WINDOWS\VECalc.INI
A C:\WINDOWS\vmmreg32.dll
A C:\WINDOWS\wiadebug.log
A C:\WINDOWS\wiaservc.log
A C:\WINDOWS\win.ini
A HR C:\WINDOWS\WindowsShell.Manifest
A C:\WINDOWS\WindowsUpdate.log
A C:\WINDOWS\winhelp.exe
A C:\WINDOWS\winhlp32.exe
A C:\WINDOWS\WININIT.INI
A SH C:\WINDOWS\winnt.bmp
A SH C:\WINDOWS\winnt256.bmp
A C:\WINDOWS\WMSysPr9.prx
A C:\WINDOWS\Zapotec.bmp
A C:\WINDOWS\_default.pif

C:\WINDOWS>

attrib = File not found - Hosts


system 32 drivers

C:\Documents and Settings\HP_Administrator>cd %systemroot%

C:\WINDOWS>cd system32\drivers\etc

C:\WINDOWS\system32\drivers\etc>attrib -r -h -s hosts
Access denied - C:\WINDOWS\system32\drivers\etc\hosts

C:\WINDOWS\system32\drivers\etc>


Attrib


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\HP_Administrator>cd %systemroot%

C:\WINDOWS>cd system32\drivers\etc

C:\WINDOWS\system32\drivers\etc>attrib
C:\WINDOWS\system32\drivers\etc\hosts
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155248.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155300.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155331.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155335.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155341.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-155555.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163949.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163953.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163954.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163955.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163956.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163957.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163958.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-163959.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164000.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164001.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164002.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164003.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164004.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164005.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164006.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164007.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164008.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164009.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164010.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164011.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164012.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164013.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164014.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164015.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164017.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164021.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164022.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164023.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164024.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164025.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164026.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164027.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164028.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164029.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164030.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164031.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164032.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164033.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164034.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164035.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164036.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164037.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164038.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164039.backup
A SHR C:\WINDOWS\system32\drivers\etc\hosts.20100315-164040.backup
A SH C:\WINDOWS\system32\drivers\etc\hosts.20100319-163400.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163544.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163901.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163907.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163908.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163909.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163910.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163911.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163912.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163913.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163914.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163915.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163916.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163917.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163918.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163919.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163920.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163921.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163922.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163923.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163924.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163925.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163926.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163927.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163928.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163929.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163930.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163931.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163932.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163933.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163934.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163935.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163936.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163937.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163938.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163939.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163940.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163941.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163942.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163943.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163944.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163945.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163946.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163947.backup
A C:\WINDOWS\system32\drivers\etc\hosts.20100319-163948.backup
A C:\WINDOWS\system32\drivers\etc\hosts.new
A C:\WINDOWS\system32\drivers\etc\lmhosts.sam
A C:\WINDOWS\system32\drivers\etc\networks
A C:\WINDOWS\system32\drivers\etc\protocol
A C:\WINDOWS\system32\drivers\etc\services

C:\WINDOWS\system32\drivers\etc>


Still no dice.

0

So i see. The hosts file is not locked by attributes, but still there is that Access Denied. You could delete it, and then create a new hosts file. I'd delete that whole slew of hosts.numbers.backup files also. Below is the standard hosts; just copy it into a notepad and save as C:\Windows\system32\drivers\etc\hosts
And if it will not delete then try this tool [you may think it handy to keep]:
Unlocker
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Browse to the file, rclick it, choose Unlocker, remove any hooks...[ If the file or folder is locked then a window will appear with a list of processes locking the file or folder. Select the locks and click Unlock and you are done. It is recommended to Unlock wisely and to close open processes locking files or folder if any, but if only Explorer.exe is the culprit, do not hesitate!]
...choose Delete, and delete it.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Edited by gerbil: n/a

0

So i see. The hosts file is not locked by attributes, but still there is that Access Denied. You could delete it, and then create a new hosts file. I'd delete that whole slew of hosts.numbers.backup files also. Below is the standard hosts; just copy it into a notepad and save as C:\Windows\system32\drivers\etc\hosts
And if it will not delete then try this tool [you may think it handy to keep]:
Unlocker
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
Browse to the file, rclick it, choose Unlocker, remove any hooks...[ If the file or folder is locked then a window will appear with a list of processes locking the file or folder. Select the locks and click Unlock and you are done. It is recommended to Unlock wisely and to close open processes locking files or folder if any, but if only Explorer.exe is the culprit, do not hesitate!]
...choose Delete, and delete it.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Sorry that took so long to reply. But that worked perfectly! Thank you very very much for your help!

OverZealous

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.