While scanning with Hijack, it came up with a message that Hijack cannot access the host file. Is it because Vista block it or the malware is causing it?
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:12:50 PM, on 2/20/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Veoh Networks\Veoh\VeohClient.exeC:\Windows\ehome\ehtray.exeC:\Windows\system32\taskeng.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\HyperEngines\Turf Battles\Bin\Sep.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Users\splinter\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.com/"]http://google.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: MS Video Control 1.0 - {463F66BC-3B6F-4FDE-969C-94F594FECE07} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [UltraSaver] C:\Program Files\G7PS\VersaJette UltraSaver\UltraSaver.exeO4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHideO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe--End of file - 6138 bytesUninstall List
2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)2007 Microsoft Office Suite Service Pack 1 (SP1)7-Zip 4.57Adobe Acrobat 5.0Adobe Flash Player 9 ActiveXAdobe Flash Player ActiveXAdobe Reader 8.1.2Adobe Shockwave PlayerAOL Instant MessengerApple Software UpdateAQUAZONE OpenWater "CoralSea, BlueOcean, ArcticSea, &DeepSea"AVG 7.5AVG Anti-Spyware 7.5Belltech Business Cards Designer Pro 2.3Belltech Small Business Publisher 3.0Business Contact Manager for Outlook 2007 SP1Business Contact Manager for Outlook 2007 SP1BusinessCards Infinity and ProLabels 8.5CABAL OnlineCheat Engine 5.4DivX CodecDivX PlayerDivX Web PlayerFeistaFLV PlayerGoogle DesktopHigh Impact eMail 4.0ijji - Gunzijji Auto InstallerIntel® Graphics Media Accelerator DriverJava(tm) 6 Update 2Java(tm) 6 Update 3KONICA MINOLTA magicolor 2530DLLabel Factory Deluxe 3.0LimeWire 4.14.10MapleStoryMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB929729)Microsoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Accounting 2007Microsoft Office Accounting 2007Microsoft Office Accounting ADP Payroll AddinMicrosoft Office Accounting Equifax AddinMicrosoft Office Accounting Fixed Asset ManagerMicrosoft Office Accounting PayPal AddinMicrosoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Ultimate 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Web Publishing Wizard 1.52MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 Parser and SDKMyDeluxeInvoices & Estimates 5.5.0.0MyLogo Maker 1.0MyProfessionalBusinessCardsMySoftware FontsNETGEAR WN511T Wireless PC CardNewsflashOutspark LauncherPhotoImpact ProQuickBooks Pro 2007QuickTimeSpybot - Search & DestroySpyHunterSteamTurf BattlesUpdate for Outlook 2007 Junk Email Filter (kb944965)USB Mass Storage ToolboxVeohTV BETAViewpoint Media PlayerVista Codec PackageWeb Easy Professional 7Winamp (remove only)WinRAR archiverWriteExpress Easy LettersEasy LettersI also did a scan with FixIEdef and it also did not remove the problem that I am having.
********************************************************************************* ** FixIEDef Log ** Version 1.2.8.2261 ** *********************************************************************************Created at 12:21:10 on Sunday, February 17, 2008Time Zone : (GMT-08:00) Pacific Time (US & Canada)Operating System : Microsoft® Windows Vista™ Ultimate Service Pack Level: System Langauge : EnglishProcessor : X86Boot State : Normal boot--------------------------------------------------------------------------------!!! Files that have been deleted !!!C:\Windows\AcroIEHelper.dll--------------------------------------------------------------------------------!!! Directories that have been removed !!!No malicious directories to be removed--------------------------------------------------------------------------------!!! Registry entries that have been removed !!!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DateTime================================================================================All Done <img src='http://www.geekstogo.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />ShadowPuterDudeSafe Surfing!!!
It also keep showing this dialog. I already know this is already a fake so I clicked no, I tried to click yes to see what it will come up with but it came up with a download.
Click OK to download the antispyware program to clean your system! (Recommended) _linenums:0'>System Error!Your compter was infcted by unknown trojan. It's dangerous for your system (critical files can be lost)!Click OK to download the antispyware program to clean your system! (Recommended)
While waiting for someone to respond, I am constantly looking for a solution on google but it really difficult because of the malicious malware. I am also downloading new anti malware programs to find the cause of this and get rid of this infuriating malware.
I have scanned w ith Spyhunter 3 (A free version which required me to buy the software to remove the infected objects.) and found 2 infected files. The scanner does not come with a log so I have to type it myself.
Name/Type/Location (I cannot find the HKML in regedit)
Launcher/Registry Key/ HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Launcher
Launcher/Registry Value/ HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Launcher\Displayname
Launcher/Registry Value/ HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Launcher\UninstallString
igfxcui/Registry Key/ HKML\SOFTWARE\MICROSOFT\WINDOWs NT\CURRENT VERSION\WINLOGON\NOTIFY\igfxcui
#
# For example _linenums:0'># This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost::1 localhost# Start of entries inserted by Spybot - Search & Destroy
Edited by collrest, 20 February 2008 - 11:20 PM.