I have run HijackThis; the log is posted below. When I ran the program, however, I received a message: "For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, HiJackThis MAY NOT be able to fix this. If that happens, you need to edit the file yourself...." I edited the hosts file, rebooted, and still have the bug. There is a program somewhere on my hard drive that is regenerating the hijacked domains. In a nutshell, I cannot use Google or any other search engine (other than Norton SafeSearch) due to this bug. Any help would be appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:02 AM, on 11/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Max\Local Settings\Temporary Internet Files\Content.IE5\R0FL5XHO\HijackThis[1].exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 64.86.16.97 google.ae
O1 - Hosts: 64.86.16.97 google.as
O1 - Hosts: 64.86.16.97 google.at
O1 - Hosts: 64.86.16.97 google.az
O1 - Hosts: 64.86.16.97 google.ba
O1 - Hosts: 64.86.16.97 google.be
O1 - Hosts: 64.86.16.97 google.bg
O1 - Hosts: 64.86.16.97 google.bs
O1 - Hosts: 64.86.16.97 google.ca
O1 - Hosts: 64.86.16.97 google.cd
O1 - Hosts: 64.86.16.97 google.com.gh
O1 - Hosts: 64.86.16.97 google.com.hk
O1 - Hosts: 64.86.16.97 google.com.jm
O1 - Hosts: 64.86.16.97 google.com.mx
O1 - Hosts: 64.86.16.97 google.com.my
O1 - Hosts: 64.86.16.97 google.com.na
O1 - Hosts: 64.86.16.97 google.com.nf
O1 - Hosts: 64.86.16.97 google.com.ng
O1 - Hosts: 64.86.16.97 google.ch
O1 - Hosts: 64.86.16.97 google.com.np
O1 - Hosts: 64.86.16.97 google.com.pr
O1 - Hosts: 64.86.16.97 google.com.qa
O1 - Hosts: 64.86.16.97 google.com.sg
O1 - Hosts: 64.86.16.97 google.com.tj
O1 - Hosts: 64.86.16.97 google.com.tw
O1 - Hosts: 64.86.16.97 google.dj
O1 - Hosts: 64.86.16.97 google.de
O1 - Hosts: 64.86.16.97 google.dk
O1 - Hosts: 64.86.16.97 google.dm
O1 - Hosts: 64.86.16.97 google.ee
O1 - Hosts: 64.86.16.97 google.fi
O1 - Hosts: 64.86.16.97 google.fm
O1 - Hosts: 64.86.16.97 google.fr
O1 - Hosts: 64.86.16.97 google.ge
O1 - Hosts: 64.86.16.97 google.gg
O1 - Hosts: 64.86.16.97 google.gm
O1 - Hosts: 64.86.16.97 google.gr
O1 - Hosts: 64.86.16.97 google.ht
O1 - Hosts: 64.86.16.97 google.ie
O1 - Hosts: 64.86.16.97 google.im
O1 - Hosts: 64.86.16.97 google.in
O1 - Hosts: 64.86.16.97 google.it
O1 - Hosts: 64.86.16.97 google.ki
O1 - Hosts: 64.86.16.97 google.la
O1 - Hosts: 64.86.16.97 google.li
O1 - Hosts: 64.86.16.97 google.lv
O1 - Hosts: 64.86.16.97 google.ma
O1 - Hosts: 64.86.16.97 google.ms
O1 - Hosts: 64.86.16.97 google.mu
O1 - Hosts: 64.86.16.97 google.mw
O1 - Hosts: 64.86.16.97 google.nl
O1 - Hosts: 64.86.16.97 google.no
O1 - Hosts: 64.86.16.97 google.nr
O1 - Hosts: 64.86.16.97 google.nu
O1 - Hosts: 64.86.16.97 google.pl
O1 - Hosts: 64.86.16.97 google.pn
O1 - Hosts: 64.86.16.97 google.pt
O1 - Hosts: 64.86.16.97 google.ro
O1 - Hosts: 64.86.16.97 google.ru
O1 - Hosts: 64.86.16.97 google.rw
O1 - Hosts: 64.86.16.97 google.sc
O1 - Hosts: 64.86.16.97 google.se
O1 - Hosts: 64.86.16.97 google.sh
O1 - Hosts: 64.86.16.97 google.si
O1 - Hosts: 64.86.16.97 google.sm
O1 - Hosts: 64.86.16.97 google.sn
O1 - Hosts: 64.86.16.97 google.st
O1 - Hosts: 64.86.16.97 google.tl
O1 - Hosts: 64.86.16.97 google.tm
O1 - Hosts: 64.86.16.97 google.tt
O1 - Hosts: 64.86.16.97 google.us
O1 - Hosts: 64.86.16.97 google.vu
O1 - Hosts: 64.86.16.97 google.ws
O1 - Hosts: 64.86.16.97 google.co.ck
O1 - Hosts: 64.86.16.97 google.co.id
O1 - Hosts: 64.86.16.97 google.co.il
O1 - Hosts: 64.86.16.97 google.co.in
O1 - Hosts: 64.86.16.97 google.co.jp
O1 - Hosts: 64.86.16.97 google.co.kr
O1 - Hosts: 64.86.16.97 google.co.ls
O1 - Hosts: 64.86.16.97 google.co.ma
O1 - Hosts: 64.86.16.97 google.co.nz
O1 - Hosts: 64.86.16.97 google.co.tz
O1 - Hosts: 64.86.16.97 google.co.ug
O1 - Hosts: 64.86.16.97 google.co.uk
O1 - Hosts: 64.86.16.97 google.co.za
O1 - Hosts: 64.86.16.97 google.co.zm
O1 - Hosts: 64.86.16.97 google.com
O1 - Hosts: 64.86.16.97 google.com.af
O1 - Hosts: 64.86.16.97 google.com.ag
O1 - Hosts: 64.86.16.97 google.com.ar
O1 - Hosts: 64.86.16.97 google.com.au
O1 - Hosts: 64.86.16.97 google.com.bn
O1 - Hosts: 64.86.16.97 google.com.br
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8805324434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8806170968
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11365 bytes