Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error when running HijackThis


  • This topic is locked This topic is locked
9 replies to this topic

#1 JD11

JD11

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 05 March 2012 - 12:43 AM

Hi everyone. Great site you have here with a lot of useful information I've used in the past. I'm doing some maintenance on my computer (running Windows 7), and when I run a scan HiJackThis I get the error message:

"For some reason your system denied write access to the Host file. If any hijacked domains are in this file, HJT may not be able to fix this. You will need to edit the file yourself."

It then goes on to say I should access the Hosts file and run as an administrator to gain control over it. Problem is I can't. When I open the Hosts file and try to save it, I get the error saying "Access Denied". I'm thinking I may have a malware problem. I've followed the steps 6-10 in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help thread and so I'll posts my DDS, Attach, and ARK logs here. Thanks for taking a look.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by JOOOOOOE at 14:57:44 on 2012-03-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1060 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\notepad.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JOOOOOOE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0609&m=aspire_5810t
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\jooooooe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\jooooooe\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.15.0.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://asgaccess.statestreet.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{398F47CC-925E-4A5C-A073-7F229ACA83B9} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\130364850363038363830343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\15579636B644F676D27657563747 : DhcpNameServer = 68.87.64.150 68.87.75.198 192.168.33.1
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\24F696E676F60284F6473707F647 : DhcpNameServer = 10.1.0.1
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\34573747F6D656270294E6475627E65647023456E6475627 : DhcpNameServer = 192.168.4.1
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\35570756270283 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\876696E696479777966696 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{60C91503-2FB3-4F79-9C5F-6C4C1857F88F}\9405654313 : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jooooooe\appdata\roaming\mozilla\firefox\profiles\snc6ojy7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\users\jooooooe\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\jooooooe\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jooooooe\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-4 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-4 337112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-4 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-4 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-4 44768]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-6-14 117256]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-14 703008]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 290832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-24 652360]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2009-6-14 118784]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-6-14 237568]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-12-8 17296]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-14 112128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-24 20464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-5-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-24 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-12 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-03-04 18:59:47 388096 ----a-r- c:\users\jooooooe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-04 18:59:46 -------- d-----w- c:\program files\Trend Micro
2012-03-04 12:16:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{46457312-0365-4237-a839-df2b8e02271b}\offreg.dll
2012-03-04 08:07:54 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-04 08:07:53 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-04 08:07:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-04 08:07:38 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-04 08:07:30 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{46457312-0365-4237-a839-df2b8e02271b}\mpengine.dll
2012-03-04 08:06:38 41184 ----a-w- c:\windows\avastSS.scr
2012-03-04 08:06:14 -------- d-----w- c:\programdata\AVAST Software
2012-03-04 08:06:14 -------- d-----w- c:\program files\AVAST Software
2012-02-26 01:19:44 756224 ----a-w- c:\windows\system32\LameACM.acm
2012-02-25 01:44:15 -------- d-----w- c:\program files\SugarSync
2012-02-24 09:39:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 09:39:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 23:03:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-21 23:03:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-21 23:02:59 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-21 23:02:59 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-21 23:02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-21 23:02:56 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-21 23:02:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-21 22:58:46 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-21 22:58:44 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 22:58:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-21 22:57:50 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-21 22:57:06 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-21 22:57:05 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-21 22:57:04 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-21 22:57:03 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 23:27:15 67863 ----a-w- c:\windows\system32\x264vfw-uninstall.exe
2012-02-08 05:26:29 81920 ------r- c:\program files\common files\installshield\updateservice\issch.exe
2012-02-08 05:26:28 368640 ------r- c:\program files\common files\installshield\updateservice\_isusres.dll
2012-02-08 05:26:28 278528 ------r- c:\program files\common files\installshield\updateservice\ISDM.exe
2012-02-08 05:26:19 -------- d-----w- c:\program files\Windows Media Components
2012-02-08 05:25:19 618496 ------r- c:\program files\common files\installshield\updateservice\agent.exe
2012-02-08 04:36:00 4772 ----a-w- c:\windows\system32\drivers\StkScan.sys
2012-02-08 04:35:59 653988 ----a-w- c:\windows\system32\drivers\StkAPin.sys
2012-02-08 04:35:59 61440 ----a-w- c:\windows\StkATVAp.exe
2012-02-08 04:35:59 53248 ----a-w- c:\windows\system32\StkAWIA.dll
2012-02-08 04:35:59 49152 ----a-w- c:\windows\system32\StkAProp.ax
2012-02-08 04:35:59 45056 ----a-w- c:\windows\system32\StkAVFW.dll
2012-02-08 04:35:59 24576 ----a-w- c:\windows\system32\StkASv2K.exe
2012-02-08 04:35:59 24576 ----a-w- c:\windows\system32\StkASSrv.dll
2012-02-08 04:35:59 243212 ----a-w- c:\windows\system32\drivers\StkACamd.sys
2012-02-08 04:35:59 242139 ----a-w- c:\windows\system32\drivers\StkAMini.sys
2012-02-08 04:35:59 18754 ----a-w- c:\windows\system32\drivers\StkASam.sys
2012-02-08 04:35:59 106496 ----a-w- c:\windows\Stk1150.exe
2012-02-08 04:35:59 10479603 ----a-w- c:\windows\system32\drivers\StkAPipe.sys
.
==================== Find3M ====================
.
2012-01-29 13:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-21 16:41:17 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-21 16:41:17 567184 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 14:59:08.43 ===============

Attached Files


Edited by JD11, 05 March 2012 - 12:48 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:49 AM

Posted 05 March 2012 - 03:23 PM

Good evening. :)

Is the only issue you have with the PC the HJT error message?

So long, and thanks for all the fish.

 

 


#3 JD11

JD11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 05 March 2012 - 04:02 PM

Good evening. :)

Is the only issue you have with the PC the HJT error message?


Yes that seems to be the only real issue and the fact that I was unable to take control of the Hosts file.

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:49 AM

Posted 05 March 2012 - 05:24 PM

Are you running as Administrator on the system?

So long, and thanks for all the fish.

 

 


#5 JD11

JD11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 05 March 2012 - 08:28 PM

Are you running as Administrator on the system?


I assume so because when I right click on HiJackThis there is no option to run as administrator.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:49 AM

Posted 06 March 2012 - 03:24 PM

Good evening. :)

I am Administrator on my system and I have the right click "Run as Admin" option, so your not having it doesn't mean that. I am wondering, did you downloaded the stand-alone executable or the installer package. HJT had issues with accessing the Hosts file under Vista if it wasn't run with sufficient privileges, and I assume that the same issue exists with 7. The fact that HJT reports being unable to access the Hosts file suggests to me that you aren't running it as Admin for one reason or another.


As to you inability to "take control" of the Hosts file - what exactly are you trying to do that you can't?

So long, and thanks for all the fish.

 

 


#7 JD11

JD11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 07 March 2012 - 08:43 PM

Good evening. :)

I am Administrator on my system and I have the right click "Run as Admin" option, so your not having it doesn't mean that. I am wondering, did you downloaded the stand-alone executable or the installer package. HJT had issues with accessing the Hosts file under Vista if it wasn't run with sufficient privileges, and I assume that the same issue exists with 7. The fact that HJT reports being unable to access the Hosts file suggests to me that you aren't running it as Admin for one reason or another.


As to you inability to "take control" of the Hosts file - what exactly are you trying to do that you can't?


Thanks for the response. I thought that the Hosts file was corrupt because HiJackThis kept coming up with that error message. I was able to find the .exe file of HJT and was able to run it as an administrator. I was trying to access the Hosts file and take control over it as HJT was suggesting in the error.

I am no longer getting that error from HJT and can run it as an administrator. So I guess everything is in order then or does anyone see anything else I should be concerned with?

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:49 AM

Posted 10 March 2012 - 03:27 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
Download OTL by OldTimer from here and save it to your Desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#9 JD11

JD11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 10 March 2012 - 11:36 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
Download OTL by OldTimer from here and save it to your Desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


All scans have shown that there is no malicious software installed and my computer is running with no issues. Don't need to waste your time with this thread anymore and thanks for you help everyone.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:49 AM

Posted 11 March 2012 - 02:31 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users