Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Can't fix hosts file

  1. 08-17-2009, 05:09 AM #1
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12

    Can't fix hosts file

    I've been trying to fix this all week. A few of the problems
    I cant modify or delete HOSTS FILE. GOOGLE, GMAIL, and image verification for IAMNOTAGEEK dont work I cant update windows defender or
    or re-install service pack 3 - said access was not allowed--only tried to do that bc a program was saying my svchost.exe was missing or something. Also website do not recognize that I have the most current Firefox browser and redirect me. I used to have norton but have tried to delete all the files but the updater and symantec files remain.

    I ran ESET but didnt see the text log. There were no found problems.


    ---------------

    Logfile of HijackThis v1.99.1
    Scan saved at 5:07:04 AM, on 8/17/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\antivirus\jackedup.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 64.86.17.32 google.ae
    O1 - Hosts: 64.86.17.32 google.as
    O1 - Hosts: 64.86.17.32 google.at
    O1 - Hosts: 64.86.17.32 google.az
    O1 - Hosts: 64.86.17.32 google.ba
    O1 - Hosts: 64.86.17.32 google.be
    O1 - Hosts: 64.86.17.32 google.bg
    O1 - Hosts: 64.86.17.32 google.bs
    O1 - Hosts: 64.86.17.32 google.ca
    O1 - Hosts: 64.86.17.32 google.cd
    O1 - Hosts: 64.86.17.32 google.com.gh
    O1 - Hosts: 64.86.17.32 google.com.hk
    O1 - Hosts: 64.86.17.32 google.com.jm
    O1 - Hosts: 64.86.17.32 google.com.mx
    O1 - Hosts: 64.86.17.32 google.com.my
    O1 - Hosts: 64.86.17.32 google.com.na
    O1 - Hosts: 64.86.17.32 google.com.nf
    O1 - Hosts: 64.86.17.32 google.com.ng
    O1 - Hosts: 64.86.17.32 google.ch
    O1 - Hosts: 64.86.17.32 google.com.np
    O1 - Hosts: 64.86.17.32 google.com.pr
    O1 - Hosts: 64.86.17.32 google.com.qa
    O1 - Hosts: 64.86.17.32 google.com.sg
    O1 - Hosts: 64.86.17.32 google.com.tj
    O1 - Hosts: 64.86.17.32 google.com.tw
    O1 - Hosts: 64.86.17.32 google.dj
    O1 - Hosts: 64.86.17.32 google.de
    O1 - Hosts: 64.86.17.32 google.dk
    O1 - Hosts: 64.86.17.32 google.dm
    O1 - Hosts: 64.86.17.32 google.ee
    O1 - Hosts: 64.86.17.32 google.fi
    O1 - Hosts: 64.86.17.32 google.fm
    O1 - Hosts: 64.86.17.32 google.fr
    O1 - Hosts: 64.86.17.32 google.ge
    O1 - Hosts: 64.86.17.32 google.gg
    O1 - Hosts: 64.86.17.32 google.gm
    O1 - Hosts: 64.86.17.32 google.gr
    O1 - Hosts: 64.86.17.32 google.ht
    O1 - Hosts: 64.86.17.32 google.ie
    O1 - Hosts: 64.86.17.32 google.im
    O1 - Hosts: 64.86.17.32 google.in
    O1 - Hosts: 64.86.17.32 google.it
    O1 - Hosts: 64.86.17.32 google.ki
    O1 - Hosts: 64.86.17.32 google.la
    O1 - Hosts: 64.86.17.32 google.li
    O1 - Hosts: 64.86.17.32 google.lv
    O1 - Hosts: 64.86.17.32 google.ma
    O1 - Hosts: 64.86.17.32 google.ms
    O1 - Hosts: 64.86.17.32 google.mu
    O1 - Hosts: 64.86.17.32 google.mw
    O1 - Hosts: 64.86.17.32 google.nl
    O1 - Hosts: 64.86.17.32 google.no
    O1 - Hosts: 64.86.17.32 google.nr
    O1 - Hosts: 64.86.17.32 google.nu
    O1 - Hosts: 64.86.17.32 google.pl
    O1 - Hosts: 64.86.17.32 google.pn
    O1 - Hosts: 64.86.17.32 google.pt
    O1 - Hosts: 64.86.17.32 google.ro
    O1 - Hosts: 64.86.17.32 google.ru
    O1 - Hosts: 64.86.17.32 google.rw
    O1 - Hosts: 64.86.17.32 google.sc
    O1 - Hosts: 64.86.17.32 google.se
    O1 - Hosts: 64.86.17.32 google.sh
    O1 - Hosts: 64.86.17.32 google.si
    O1 - Hosts: 64.86.17.32 google.sm
    O1 - Hosts: 64.86.17.32 google.sn
    O1 - Hosts: 64.86.17.32 google.st
    O1 - Hosts: 64.86.17.32 google.tl
    O1 - Hosts: 64.86.17.32 google.tm
    O1 - Hosts: 64.86.17.32 google.tt
    O1 - Hosts: 64.86.17.32 google.us
    O1 - Hosts: 64.86.17.32 google.vu
    O1 - Hosts: 64.86.17.32 google.ws
    O1 - Hosts: 64.86.17.32 google.co.ck
    O1 - Hosts: 64.86.17.32 google.co.id
    O1 - Hosts: 64.86.17.32 google.co.il
    O1 - Hosts: 64.86.17.32 google.co.in
    O1 - Hosts: 64.86.17.32 google.co.jp
    O1 - Hosts: 64.86.17.32 google.co.kr
    O1 - Hosts: 64.86.17.32 google.co.ls
    O1 - Hosts: 64.86.17.32 google.co.ma
    O1 - Hosts: 64.86.17.32 google.co.nz
    O1 - Hosts: 64.86.17.32 google.co.tz
    O1 - Hosts: 64.86.17.32 google.co.ug
    O1 - Hosts: 64.86.17.32 google.co.uk
    O1 - Hosts: 64.86.17.32 google.co.za
    O1 - Hosts: 64.86.17.32 google.co.zm
    O1 - Hosts: 64.86.17.32 google.com
    O1 - Hosts: 64.86.17.32 google.com.af
    O1 - Hosts: 64.86.17.32 google.com.ag
    O1 - Hosts: 64.86.17.32 google.com.ar
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 5.0\THGuard.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)


    -------------------------------------
    Uninstall list

    Ad-Aware SE Personal
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    COMODO Internet Security
    Conexant HD Audio
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Content Uploader
    DivX Web Player
    DVD-RAM Driver
    ESET Online Scanner v3
    GenoPro 2.0.1.6
    GRE POWERPREP
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    LG USB Modem driver
    LimeWire 4.18.8
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    MobileMe Control Panel
    Mozilla Firefox (3.5.2)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    mWlsSafe
    mXML
    mZConfig
    Office 2003 Trial Assistant
    Panda ActiveScan 2.0
    PeerGuardian 2.0
    QuickTime
    RealPlayer Basic
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Shop for HP Supplies
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Sony Picture Utility
    Sony USB Driver
    SPSS 16.0 Graduate Student Version
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    Symantec KB-DocID:2003093015493306
    SymNet
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TOSHIBA Assist
    TOSHIBA ConfigFree
    Toshiba Controls Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Touchpad Utility
    TOSHIBA TV Tuner 4.0.12.73
    Toshiba Utility
    TOSHIBA Zooming Utility
    TrojanHunter 5.0
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    V CAST Music Manager
    VideoLAN VLC media player 0.8.6c
    Vuze Toolbar
    Windows Defender
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WinRAR archiver


    ------------------------------

    MBAM log.


    Malwarebytes' Anti-Malware 1.40
    Database version: 2608
    Windows 5.1.2600 Service Pack 3

    8/17/2009 4:11:53 AM
    mbam-log-2009-08-17 (04-11-53).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 165521
    Time elapsed: 30 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Attached Files Attached Files
    Last edited by ryan85; 08-17-2009 at 01:06 PM.
    Reply With Quote Reply With Quote
  2. 08-17-2009, 04:04 PM #2
    cauzomb
    cauzomb is offline Administrator
    Join Date
    Aug 2006
    Posts
    2,763
    Hello, thank you for posting.

    I have copied the text of your logs and added them to your post because our volunteer's do not want to download possibly infected files.


    As a general rule we don't provide help support for computers that are currently using P2P/filesharing applications.. The reason is that these P2P applications can lead to infections, re-infections, we don't want the work done towards cleaning/uninfecting your machine to be a lost cause. Some of the files that you may have downloaded with these applications could contain viruses..

    Please uninstall any filesharing/peer to peer applications, even if it is temporary on your part, then open spybot search and destroy, from the file menu at the top find and select advanced view, then from the left hand control panel of spybot search and destroy, find and select tools, then select resident, uncheck teatimer.

    If you have installed and uninstalled other A/V applications, and still some of their files remain.. There's some other instructions in another post somewhere on here on how to deal with that, I think also, there are some removal utilities to look into, we may have to start with getting these extra A/V applications/files off your machine prior to doing any of the pre-clean up suggestions..


    From there, start a new "before you post for help" process, according to the directions posted in this thread

    Ensure that MBAM is up to date before running, then ensure that "fix all" is checked/selected..

    If you continue to have problems with Eset, make sure you are following the tips listed below:

    You will need to use Internet Explorer to to complete this scan.
    You will need to temporarily Disable your current Anti-virus program.
    Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:
    • ESET Online Scanner
    • Kaspersky Online Scanner
    • Panda Active Scan
    • Trend Micro HouseCall
    • F-Secure Online Virus Scanner

    You will find the above links in the "before you post for help" sticky

    Finally, ensure that you have only ONE anti-virus application installed and running at a time..


    Copy and paste the entire text of your new logs into your next reply, please do not attach the files.
    ~REQUIRED READING.Quotes that don't all fit in my sig..
    Reply With Quote Reply With Quote
  3. 08-18-2009, 03:42 AM #3
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12
    .....
    Last edited by ryan85; 08-20-2009 at 02:53 AM. Reason: double post
    Reply With Quote Reply With Quote
  4. 08-18-2009, 03:45 AM #4
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12
    Alright did everything as advised.

    Malwarebytes' Anti-Malware 1.40
    Database version: 2644
    Windows 5.1.2600 Service Pack 3

    8/18/2009 2:32:58 AM
    mbam-log-2009-08-18 (02-32-58).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 167085
    Time elapsed: 30 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    ESETSmartInstaller@High as downloader log:
    all ok
    # version=6
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=4b8a8c955132fd4d862f202e4471aa96
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-09 08:41:23
    # local_time=2009-08-09 03:41:23 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # scanned=62879
    # found=0
    # cleaned=0
    # scan_time=2256
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=6
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=4b8a8c955132fd4d862f202e4471aa96
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-10 07:2 7: 29
    # local_time=2009-08-10 02:2 7: 29 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # scanned=62950
    # found=0
    # cleaned=0
    # scan_time=2393
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=6
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6048
    # api_version=3.0.2
    # EOSSerial=4b8a8c955132fd4d862f202e4471aa96
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-17 10:03:54
    # local_time=2009-08-17 05:03:54 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3073 37 80 88 38957656250
    # compatibility_mode=5889 61 66 100 749394448125000
    # scanned=64551
    # found=0
    # cleaned=0
    # scan_time=2742
    # version=6
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6048
    # api_version=3.0.2
    # EOSSerial=4b8a8c955132fd4d862f202e4471aa96
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-18 08:24:18
    # local_time=2009-08-18 03:24:18 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3073 37 80 88 54308125000
    # compatibility_mode=5889 61 66 100 750198685625000
    # scanned=64780
    # found=0
    # cleaned=0
    # scan_time=2607







    Logfile of HijackThis v1.99.1
    Scan saved at 3:35:14 AM, on 8/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\antivirus\jackedup.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 64.86.17.32 google.ae
    O1 - Hosts: 64.86.17.32 google.as
    O1 - Hosts: 64.86.17.32 google.at
    O1 - Hosts: 64.86.17.32 google.az
    O1 - Hosts: 64.86.17.32 google.ba
    O1 - Hosts: 64.86.17.32 google.be
    O1 - Hosts: 64.86.17.32 google.bg
    O1 - Hosts: 64.86.17.32 google.bs
    O1 - Hosts: 64.86.17.32 google.ca
    O1 - Hosts: 64.86.17.32 google.cd
    O1 - Hosts: 64.86.17.32 google.com.gh
    O1 - Hosts: 64.86.17.32 google.com.hk
    O1 - Hosts: 64.86.17.32 google.com.jm
    O1 - Hosts: 64.86.17.32 google.com.mx
    O1 - Hosts: 64.86.17.32 google.com.my
    O1 - Hosts: 64.86.17.32 google.com.na
    O1 - Hosts: 64.86.17.32 google.com.nf
    O1 - Hosts: 64.86.17.32 google.com.ng
    O1 - Hosts: 64.86.17.32 google.ch
    O1 - Hosts: 64.86.17.32 google.com.np
    O1 - Hosts: 64.86.17.32 google.com.pr
    O1 - Hosts: 64.86.17.32 google.com.qa
    O1 - Hosts: 64.86.17.32 google.com.sg
    O1 - Hosts: 64.86.17.32 google.com.tj
    O1 - Hosts: 64.86.17.32 google.com.tw
    O1 - Hosts: 64.86.17.32 google.dj
    O1 - Hosts: 64.86.17.32 google.de
    O1 - Hosts: 64.86.17.32 google.dk
    O1 - Hosts: 64.86.17.32 google.dm
    O1 - Hosts: 64.86.17.32 google.ee
    O1 - Hosts: 64.86.17.32 google.fi
    O1 - Hosts: 64.86.17.32 google.fm
    O1 - Hosts: 64.86.17.32 google.fr
    O1 - Hosts: 64.86.17.32 google.ge
    O1 - Hosts: 64.86.17.32 google.gg
    O1 - Hosts: 64.86.17.32 google.gm
    O1 - Hosts: 64.86.17.32 google.gr
    O1 - Hosts: 64.86.17.32 google.ht
    O1 - Hosts: 64.86.17.32 google.ie
    O1 - Hosts: 64.86.17.32 google.im
    O1 - Hosts: 64.86.17.32 google.in
    O1 - Hosts: 64.86.17.32 google.it
    O1 - Hosts: 64.86.17.32 google.ki
    O1 - Hosts: 64.86.17.32 google.la
    O1 - Hosts: 64.86.17.32 google.li
    O1 - Hosts: 64.86.17.32 google.lv
    O1 - Hosts: 64.86.17.32 google.ma
    O1 - Hosts: 64.86.17.32 google.ms
    O1 - Hosts: 64.86.17.32 google.mu
    O1 - Hosts: 64.86.17.32 google.mw
    O1 - Hosts: 64.86.17.32 google.nl
    O1 - Hosts: 64.86.17.32 google.no
    O1 - Hosts: 64.86.17.32 google.nr
    O1 - Hosts: 64.86.17.32 google.nu
    O1 - Hosts: 64.86.17.32 google.pl
    O1 - Hosts: 64.86.17.32 google.pn
    O1 - Hosts: 64.86.17.32 google.pt
    O1 - Hosts: 64.86.17.32 google.ro
    O1 - Hosts: 64.86.17.32 google.ru
    O1 - Hosts: 64.86.17.32 google.rw
    O1 - Hosts: 64.86.17.32 google.sc
    O1 - Hosts: 64.86.17.32 google.se
    O1 - Hosts: 64.86.17.32 google.sh
    O1 - Hosts: 64.86.17.32 google.si
    O1 - Hosts: 64.86.17.32 google.sm
    O1 - Hosts: 64.86.17.32 google.sn
    O1 - Hosts: 64.86.17.32 google.st
    O1 - Hosts: 64.86.17.32 google.tl
    O1 - Hosts: 64.86.17.32 google.tm
    O1 - Hosts: 64.86.17.32 google.tt
    O1 - Hosts: 64.86.17.32 google.us
    O1 - Hosts: 64.86.17.32 google.vu
    O1 - Hosts: 64.86.17.32 google.ws
    O1 - Hosts: 64.86.17.32 google.co.ck
    O1 - Hosts: 64.86.17.32 google.co.id
    O1 - Hosts: 64.86.17.32 google.co.il
    O1 - Hosts: 64.86.17.32 google.co.in
    O1 - Hosts: 64.86.17.32 google.co.jp
    O1 - Hosts: 64.86.17.32 google.co.kr
    O1 - Hosts: 64.86.17.32 google.co.ls
    O1 - Hosts: 64.86.17.32 google.co.ma
    O1 - Hosts: 64.86.17.32 google.co.nz
    O1 - Hosts: 64.86.17.32 google.co.tz
    O1 - Hosts: 64.86.17.32 google.co.ug
    O1 - Hosts: 64.86.17.32 google.co.uk
    O1 - Hosts: 64.86.17.32 google.co.za
    O1 - Hosts: 64.86.17.32 google.co.zm
    O1 - Hosts: 64.86.17.32 google.com
    O1 - Hosts: 64.86.17.32 google.com.af
    O1 - Hosts: 64.86.17.32 google.com.ag
    O1 - Hosts: 64.86.17.32 google.com.ar
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)






    Ad-Aware SE Personal
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    COMODO Internet Security
    Conexant HD Audio
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Content Uploader
    DivX Web Player
    DVD-RAM Driver
    ESET Online Scanner v3
    GRE POWERPREP
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Essential
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    LG USB Modem driver
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    MobileMe Control Panel
    Mozilla Firefox (3.5.2)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    mWlsSafe
    mXML
    mZConfig
    Office 2003 Trial Assistant
    Panda ActiveScan 2.0
    QuickTime
    RealPlayer Basic
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Shop for HP Supplies
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Sony Picture Utility
    Sony USB Driver
    SPSS 16.0 Graduate Student Version
    Spybot - Search & Destroy
    Symantec KB-DocID:2003093015493306
    SymNet
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TOSHIBA Assist
    TOSHIBA ConfigFree
    Toshiba Controls Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    Toshiba Touchpad Utility
    TOSHIBA TV Tuner 4.0.12.73
    Toshiba Utility
    TOSHIBA Zooming Utility
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    V CAST Music Manager
    VideoLAN VLC media player 0.8.6c
    Windows Defender
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WinRAR archiver
    Reply With Quote Reply With Quote
  5. 08-19-2009, 03:47 PM #5
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Download the program HostsXpert which gives you the ability to restore the default host file back onto your machine. To do so, download the HostsXpert program and run it. When it opens, click on the Restore Original Hosts button and then exit HostsXpert.

    You are using a WAY out of date version of HiJackThis. Please Uninstall that, download the latest version from HERE

    Run the full scan with it and post the new scan log. We have no need to see the installed programs list again so you don't have to do that again. Just the new HJT scan log.
    Reply With Quote Reply With Quote
  6. 08-20-2009, 11:43 AM #6
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12
    Downloaded HostsXpert. At first it said the obvious "Your Hosts file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system attribute, CANCEL to Quit." So I hit ok. But the same message pops up. So I hit OK again. The program runs and i guess makes changes something. Then I press Restore MS Hosts File. "Press ok to restore original hosts file" pops up I press ok. It says, "ERROR Cannot create C:\Windows\System 32\Drivers\ETC\hosts" I click ok and the program closes.

    Should I try it in safe mode?






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:13 AM, on 8/20/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\antivirus\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 64.86.17.32 google.ae
    O1 - Hosts: 64.86.17.32 google.as
    O1 - Hosts: 64.86.17.32 google.at
    O1 - Hosts: 64.86.17.32 google.az
    O1 - Hosts: 64.86.17.32 google.ba
    O1 - Hosts: 64.86.17.32 google.be
    O1 - Hosts: 64.86.17.32 google.bg
    O1 - Hosts: 64.86.17.32 google.bs
    O1 - Hosts: 64.86.17.32 google.ca
    O1 - Hosts: 64.86.17.32 google.cd
    O1 - Hosts: 64.86.17.32 google.com.gh
    O1 - Hosts: 64.86.17.32 google.com.hk
    O1 - Hosts: 64.86.17.32 google.com.jm
    O1 - Hosts: 64.86.17.32 google.com.mx
    O1 - Hosts: 64.86.17.32 google.com.my
    O1 - Hosts: 64.86.17.32 google.com.na
    O1 - Hosts: 64.86.17.32 google.com.nf
    O1 - Hosts: 64.86.17.32 google.com.ng
    O1 - Hosts: 64.86.17.32 google.ch
    O1 - Hosts: 64.86.17.32 google.com.np
    O1 - Hosts: 64.86.17.32 google.com.pr
    O1 - Hosts: 64.86.17.32 google.com.qa
    O1 - Hosts: 64.86.17.32 google.com.sg
    O1 - Hosts: 64.86.17.32 google.com.tj
    O1 - Hosts: 64.86.17.32 google.com.tw
    O1 - Hosts: 64.86.17.32 google.dj
    O1 - Hosts: 64.86.17.32 google.de
    O1 - Hosts: 64.86.17.32 google.dk
    O1 - Hosts: 64.86.17.32 google.dm
    O1 - Hosts: 64.86.17.32 google.ee
    O1 - Hosts: 64.86.17.32 google.fi
    O1 - Hosts: 64.86.17.32 google.fm
    O1 - Hosts: 64.86.17.32 google.fr
    O1 - Hosts: 64.86.17.32 google.ge
    O1 - Hosts: 64.86.17.32 google.gg
    O1 - Hosts: 64.86.17.32 google.gm
    O1 - Hosts: 64.86.17.32 google.gr
    O1 - Hosts: 64.86.17.32 google.ht
    O1 - Hosts: 64.86.17.32 google.ie
    O1 - Hosts: 64.86.17.32 google.im
    O1 - Hosts: 64.86.17.32 google.in
    O1 - Hosts: 64.86.17.32 google.it
    O1 - Hosts: 64.86.17.32 google.ki
    O1 - Hosts: 64.86.17.32 google.la
    O1 - Hosts: 64.86.17.32 google.li
    O1 - Hosts: 64.86.17.32 google.lv
    O1 - Hosts: 64.86.17.32 google.ma
    O1 - Hosts: 64.86.17.32 google.ms
    O1 - Hosts: 64.86.17.32 google.mu
    O1 - Hosts: 64.86.17.32 google.mw
    O1 - Hosts: 64.86.17.32 google.nl
    O1 - Hosts: 64.86.17.32 google.no
    O1 - Hosts: 64.86.17.32 google.nr
    O1 - Hosts: 64.86.17.32 google.nu
    O1 - Hosts: 64.86.17.32 google.pl
    O1 - Hosts: 64.86.17.32 google.pn
    O1 - Hosts: 64.86.17.32 google.pt
    O1 - Hosts: 64.86.17.32 google.ro
    O1 - Hosts: 64.86.17.32 google.ru
    O1 - Hosts: 64.86.17.32 google.rw
    O1 - Hosts: 64.86.17.32 google.sc
    O1 - Hosts: 64.86.17.32 google.se
    O1 - Hosts: 64.86.17.32 google.sh
    O1 - Hosts: 64.86.17.32 google.si
    O1 - Hosts: 64.86.17.32 google.sm
    O1 - Hosts: 64.86.17.32 google.sn
    O1 - Hosts: 64.86.17.32 google.st
    O1 - Hosts: 64.86.17.32 google.tl
    O1 - Hosts: 64.86.17.32 google.tm
    O1 - Hosts: 64.86.17.32 google.tt
    O1 - Hosts: 64.86.17.32 google.us
    O1 - Hosts: 64.86.17.32 google.vu
    O1 - Hosts: 64.86.17.32 google.ws
    O1 - Hosts: 64.86.17.32 google.co.ck
    O1 - Hosts: 64.86.17.32 google.co.id
    O1 - Hosts: 64.86.17.32 google.co.il
    O1 - Hosts: 64.86.17.32 google.co.in
    O1 - Hosts: 64.86.17.32 google.co.jp
    O1 - Hosts: 64.86.17.32 google.co.kr
    O1 - Hosts: 64.86.17.32 google.co.ls
    O1 - Hosts: 64.86.17.32 google.co.ma
    O1 - Hosts: 64.86.17.32 google.co.nz
    O1 - Hosts: 64.86.17.32 google.co.tz
    O1 - Hosts: 64.86.17.32 google.co.ug
    O1 - Hosts: 64.86.17.32 google.co.uk
    O1 - Hosts: 64.86.17.32 google.co.za
    O1 - Hosts: 64.86.17.32 google.co.zm
    O1 - Hosts: 64.86.17.32 google.com
    O1 - Hosts: 64.86.17.32 google.com.af
    O1 - Hosts: 64.86.17.32 google.com.ag
    O1 - Hosts: 64.86.17.32 google.com.ar
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [toscdspd] TOSCDSPD.EXE
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe -p
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O17 - HKLM\System\CCS\Services\Tcpip\..\{588172A1-90A6-40BB-97CE-27B3F44B5350}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8258AADA-EC4D-4A6B-B39A-537A0185E6B3}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A21E134D-B69F-4B23-AFF5-9134E0528B10}: NameServer = 156.154.70.22,156.154.71.22
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 8361 bytes
    Reply With Quote Reply With Quote
  7. 08-24-2009, 03:00 AM #7
    cauzomb
    cauzomb is offline Administrator
    Join Date
    Aug 2006
    Posts
    2,763
    Didn't notice till tonight, your last post was placed in que pending approval, it may not have been visible by you after posting. I moved it to approved but if you notice that you cant view your latest posts after posting, please send Jholland or myself a PM to bring it to our attention. Sorry for the inconvenience.

    When you run the hostfile fix application, make sure you are logged in as administrator, disconnect from the internet/network physically, unplug.. then temporarily disable/exit any anti-virus/anti-malware applications that are running as they may be preventing the application from making the necesary changes.. "protecting system files from changes"

    You may also need to run the application as administrator, to do this; Right click on the icon for that application, find and select "RUN AS" then "Administrator" If you see the option "protect my computer and data from unauthorized program activity" uncheck it.

    If you are not currently logged in as administrator, select the user "administrator" from the user list below the current user.
    ~REQUIRED READING.Quotes that don't all fit in my sig..
    Reply With Quote Reply With Quote
  8. 08-31-2009, 11:04 AM #8
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12
    I disconnected from the internet as told, and disabled all anti virus/malware programs. Still the same problem. Then I tried to right click..run as..(my account, I only have one user account- which is set to the administrator) didnt work, then at the bottom of the run as menu tried to select administrator, but my user account password didnt work and leaving it blank didnt work. Then i tried it in safe mode, logged in as the administrator-wth no password, and still the same problem. "ERROR Cannot create C:\Windows\System 32\Drivers\ETC\hosts
    Reply With Quote Reply With Quote
  9. 08-31-2009, 11:59 AM #9
    cauzomb
    cauzomb is offline Administrator
    Join Date
    Aug 2006
    Posts
    2,763
    It looks like your post went through without being moderated by the system, so.. on with the show.. I have a couple more suggestions regarding the hosts file.

    Open the start menu then "Search", then "for files and folders" type in Hosts, select local drive C: and then click search, your search should find, hosts "no extension" with the path C:\WINDOWS\system32\drivers\etc, if so it's in there, and everything should be OK with the file, right click on HOSTS with the path listed above, then select properties.. There should be some check boxes at the bottom of the popup box tht read/lists host file attributes.. Find and Uncheck read only, then try running the previous application as "administrator and see what happens.

    The other suggestion is to ensure that you are logged in as administrator, open the start menu, select "settings" then "control panel" then find and open "system", click on the "advanced" tab near the top of the pop up box, from the advanced tab find and select settings in the "performance" section. From the performance settings, find and select the tab that says "data execution prevention".. Find and select Turn on DEP for all programs and services except those that I select.. Then select "ADD..." Use the explorer popup box to find and select the application's "hostxpert.exe?" whatever .exe the start/desktop Icon is linked to.. It's the main program EXE file that you are using to edit/restore your hosts file... Adding this application to DEP's exclusion list should give it full administrator access. If these suggestions do not work, you may need to run in safe mode and change the read only attribute of c:\windows\system32\drivers\etc\hosts, then just delete it.

    ensure that "hide file extensions of known file types" is unchecked in folder vew options. then open notepad.exe, located in start/programs/accessories then copy and paste the following into notepad..
    Quote Originally Posted by hosts file
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    Then save the file as a .txt file in the c:\windows\system32\drivers\etc folder, as hosts.txt
    Then navigate to the c:\windows\system32\drivers\etc folder, then right click on the HOSTS.TXT file that you just saved, then select rename, and finally delete the file name's extention ".txt" including the period.. windows should as if you are SURE you want to chane the file type, click yes or OK, then you have a new fixed default hosts file.. without readonly attributes.. If you do not still have access to hosts then most likely one of your antivirus/anti-malware" applications has taken ownership and denied access to the file/path via a registry setting.... to restore/take ownership of the hosts file again, you open regedit from the start run command, then select edit/search, type in hosts
    look for any registry entries related to hosts, then let me know what you find, It may be difficult, but I'll probly need to see the registry entries word for word. if you can get a screenshot /s of the host file registry entries found and use something like image shack to host them, I would be able to find the culprit and suggest the changes "to retake ownership and deny system access, while granting admin full access..
    ~REQUIRED READING.Quotes that don't all fit in my sig..
    Reply With Quote Reply With Quote
  10. 08-31-2009, 02:31 PM #10
    ryan85
    ryan85 is offline Junior Member
    Join Date
    Aug 2006
    Posts
    12
    Something I just noticed when i run msconfig and go to boot.ini i can't click /safeboot unless i click multi(............

    should it read...
    [boot loader]
    timeout=3
    default=multi (0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating system]
    C:\CMDCONs\BOOTSECT.DAT="MicrosoftWindows Recovery Console' /cmdcons ***?
    multi(0)disk(0)rdisk(0)partition(1)Windows="Window s XP Media Center Edition"/fastdetect /NoEecute=OptOut ***?

    I used to be able to run msconfig then boot.ini and select safeboot right away but now i have to click on the multi... as i said.

    Ive tried all of the above mentioned with no success. About the regedit part, I did not have anti virus/malware installed untill i had these host problems, so not being able to edit or delete the hosts file existed before i installed these programs. In safe mode the hosts file attributes cannot be changed from read only it says access denied.

    I did the regedit search but am not familiar with regedit too well. On the left side a lot popped up on the right only one line that said "default" "REG_SZ" "Constructor that allows hosts better control creating scriptlets"
    Last edited by ryan85; 08-31-2009 at 02:45 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules