Host Corrupted

July 28, 2010 at 23:00:13
Specs: Windows XP
Hi Jack this file enclosed. It is not being let into my hosts file so cant fix problems. What do I do??

Thanks
Jack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:36 PM, on 28/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.108 www.google.com
O1 - Hosts: 94.75.207.108 google.com
O1 - Hosts: 94.75.207.108 google.com.au
O1 - Hosts: 94.75.207.108 www.google.com.au
O1 - Hosts: 94.75.207.108 google.be
O1 - Hosts: 94.75.207.108 www.google.be
O1 - Hosts: 94.75.207.108 google.com.br
O1 - Hosts: 94.75.207.108 www.google.com.br
O1 - Hosts: 94.75.207.108 google.ca
O1 - Hosts: 94.75.207.108 www.google.ca
O1 - Hosts: 94.75.207.108 google.ch
O1 - Hosts: 94.75.207.108 www.google.ch
O1 - Hosts: 94.75.207.108 google.de
O1 - Hosts: 94.75.207.108 www.google.de
O1 - Hosts: 94.75.207.108 google.dk
O1 - Hosts: 94.75.207.108 www.google.dk
O1 - Hosts: 94.75.207.108 google.fr
O1 - Hosts: 94.75.207.108 www.google.fr
O1 - Hosts: 94.75.207.108 google.ie
O1 - Hosts: 94.75.207.108 www.google.ie
O1 - Hosts: 94.75.207.108 google.it
O1 - Hosts: 94.75.207.108 www.google.it
O1 - Hosts: 94.75.207.108 google.co.jp
O1 - Hosts: 94.75.207.108 www.google.co.jp
O1 - Hosts: 94.75.207.108 google.nl
O1 - Hosts: 94.75.207.108 www.google.nl
O1 - Hosts: 94.75.207.108 google.no
O1 - Hosts: 94.75.207.108 www.google.no
O1 - Hosts: 94.75.207.108 google.co.nz
O1 - Hosts: 94.75.207.108 www.google.co.nz
O1 - Hosts: 94.75.207.108 google.pl
O1 - Hosts: 94.75.207.108 www.google.pl
O1 - Hosts: 94.75.207.108 google.se
O1 - Hosts: 94.75.207.108 www.google.se
O1 - Hosts: 94.75.207.108 google.co.uk
O1 - Hosts: 94.75.207.108 www.google.co.uk
O1 - Hosts: 94.75.207.108 google.co.za
O1 - Hosts: 94.75.207.108 www.google.co.za
O1 - Hosts: 94.75.207.108 www.google-analytics.com
O1 - Hosts: 94.75.207.108 www.bing.com
O1 - Hosts: 94.75.207.108 search.yahoo.com
O1 - Hosts: 94.75.207.108 www.search.yahoo.com
O1 - Hosts: 94.75.207.108 uk.search.yahoo.com
O1 - Hosts: 94.75.207.108 ca.search.yahoo.com
O1 - Hosts: 94.75.207.108 de.search.yahoo.com
O1 - Hosts: 94.75.207.108 fr.search.yahoo.com
O1 - Hosts: 94.75.207.108 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOCUME~1\COMPAQ~1\Shared\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9760 bytes


See More: Host Corrupted

Report •


#1
July 29, 2010 at 01:14:20
Use Norman Malware Cleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.norman.com/support/suppo...
- remove references created by malware in hosts file

Note
To give Norman Malware Cleaner the best working conditions possible, we recommend that you start the computer in Safe mode before running the program.
To do this, tap the F8 key on your keyboard during startup, before Windows starts, and select Safe mode from the menu that appears.
Pressing the F8 key at just the right time may be a little difficult (after the firmware POST process completes, but before Windows displays graphical output). If the F8 method does not work, repeat the procedure, but press the F8 key more quickly, or press it several times.


Report •
Related Solutions


Ask Question