TexasFilly Posted October 28, 2008 Share Posted October 28, 2008 HELLO EVERYONE AND HAPPY BIRTHDAY TO ALL FOR THE LAST 2 YEARS!!! I screwed my computer today I guess, and this thing came up and I've lost a bunch of stuff on my desktop including my PHOTOSHOOOOOPPPPP! *growling* I've looked everywhere on the internet and tried getting rid of this thing and I'm in need of help please. going to do a hijack this thingy, as I seem to have lost that too. happy trails ya'll *waving* TexasFilly OOOPS it's the "RAPID ANTIVIRUS" THAT I ACCIDENTLY DOWNLOADED SOMEHOW OK, now hijack this won't run because it says "for some reason your system denied write access to the host file" I need to go to RUN and type in..............C:\Windows\System32\drivers\etc\hosts, and how the hell do you get to RUN in VISTA???? Trying to run ccleaner now HIJACK THIS went ahead and worked, I GUESS and this is what it came up with.....FILLY IS GOING TO Logfile of HijackThis v1.99.1 Scan saved at 11:04:48 PM, on 10/27/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Windows\sttray.exe C:\Program Files\Winamp\winampa.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\bfgclient\bfgclient.exe C:\Users\Smuffy\Desktop\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.wildblue.com/wpad.dat R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LPVideoPlugin - {92C6A640-9388-43D0-A499-C7338359D47F} - C:\Windows\system32\LPVideo.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Hidden%20Secrets%20-%20The%20Nightmare/Images/armhelper.ocx O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 28, 2008 Administrator Share Posted October 28, 2008 Welcome back! We'll get you all taken care of. And since you're on Vista you'll already have the .NET Framework! Please download my Anti-Malware Toolkit and get the Professional package. Then follow the directions in the PC Cleanup guide. Repost a log when you're done :jump: Link to comment Share on other sites More sharing options...
TexasFilly Posted October 28, 2008 Author Share Posted October 28, 2008 Ohhhhhhhhh K!!!! Thanks Tarun and will ummmm hopefully see you in awhile. Will be awhile before all this is done! and GOOD TO BE BACK See ya sooon Oh and one more thing, said when I closed everything to get to ccleaner that I wasn't a member here and took me 3 times to get on here. Like I was putting in the right stuff and then I gave my email addy and it said I didn't exist :( I DOOOOOOOOOOOOO lol :jump: Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 28, 2008 Administrator Share Posted October 28, 2008 Good to see you got that much sorted. If there's ever a problem we have the Contact Us form above. :jump: Link to comment Share on other sites More sharing options...
TexasFilly Posted October 28, 2008 Author Share Posted October 28, 2008 Tarun, by the time I got this done it was well after 4 in the morning. But.... below is the hijack report and I had a problems with RogueRemover, but it seemed to work once I got it in safe mode, so I'm not sure. This is the error I got and I tried to download it 5 times and even rebooted in between.... RogueRemover Run-time error '339'; component 'COMCTL32.OCX' or one of its dependencies not correctly registered: a file is missing or invalid MAYBE THE ROGUEREMOVER IS OK NOW, I dunno I'll be in and out today, but will check back later. Thanks Logfile of HijackThis v1.99.1 Scan saved at 3:15:18 AM, on 10/28/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Users\Smuffy\Desktop\LunarSoft Tarun\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.wildblue.com/wpad.dat R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LPVideoPlugin - {92C6A640-9388-43D0-A499-C7338359D47F} - C:\Windows\system32\LPVideo.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Hidden%20Secrets%20-%20The%20Nightmare/Images/armhelper.ocx O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 28, 2008 Administrator Share Posted October 28, 2008 You'll need to run the HijackThis you downloaded from within the Anti-Malware Toolkit, it's the latest version and can produce a better log. :jump: Link to comment Share on other sites More sharing options...
TexasFilly Posted October 28, 2008 Author Share Posted October 28, 2008 says download on this, what do I do? I did it before but don't remember getting a hijack log Sorry Tarun, I know, I'm a pain in the ummm bum LOL Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 28, 2008 Administrator Share Posted October 28, 2008 Check your Download folder on your desktop for HijackThis in it. If it doesn't exist, open the Anti-Malware Toolkit, choose Custom and then select HijackThis and Download. Then run it and paste the log. :jump: Link to comment Share on other sites More sharing options...
TexasFilly Posted October 29, 2008 Author Share Posted October 29, 2008 welp, I clicked on just the Hijack this on that tool kit and hit download, it did something, but gave me no log ! *frowning* What am I doing wrong? Doesn't say RUN, says download, Pause, Skip and Cancel Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 29, 2008 Administrator Share Posted October 29, 2008 It should have downloaded it into a folder called Download on your desktop. :jump: Link to comment Share on other sites More sharing options...
TexasFilly Posted October 29, 2008 Author Share Posted October 29, 2008 WOW well I don't remember seeing that I just put it in Lunarsoft Tarun LOL Anyway, it says.... "For some reason your system denied write access to the Hosts file. if any hijacked domains are in this file, Hijact This may Not be able to fix this. and goes on to say I need to edit this myself. *frowning again* Start RUN and type notep C:\Windows\Suystem32\drivers\etc\hosts press Enter, find the line(s) HijackThis reports and delete them yaddy yaddy I ran as Admin and then it acts like it's not going to run, but then this popped up, hope it's working correctly. Seems to be several programs are doing this to me since this crap happened. Do you know why? Hijack This report if running correctly is as follows.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:18 PM, on 10/28/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Windows\sttray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lunarsoft\Anti-Malware Toolkit\Anti-Malware Toolkit.exe C:\Users\Smuffy\Desktop\Download\HiJackThis.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 1610 bytes Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 29, 2008 Administrator Share Posted October 29, 2008 So far what all have you run? Right click RogueRemover and choose Run as Administrator. Also, right click HijackThis and choose Run as Administrator. Then you won't get the error and can post your log. Link to comment Share on other sites More sharing options...
TexasFilly Posted October 30, 2008 Author Share Posted October 30, 2008 Did what you asked and this is what I came up with this time Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:20:42 PM, on 10/30/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Windows\sttray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Smuffy\Desktop\LunarSoft Tarun\Download\HiJackThis.exe C:\Windows\system32\DllHost.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 1149 bytes Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 30, 2008 Administrator Share Posted October 30, 2008 You may want to rerun the scans in full using Run as Administrator. I'll update the wiki to reflect this for users with Vista and UAC. Link to comment Share on other sites More sharing options...
Recommended Posts