jeff1
2010-03-23, 00:02
When I run Spybot S & D, I get the following error.
Unexpected Error Fixing Problems (Cannot Create File c:\Windows\System32\drivers\etc\hosts Access is denied. I seem to get the same kind of error running HJTinstall as noted in the log below.
The following is a log from HJTInstall.exe:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:30PM, on 03/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Documents and Settings\All Users\Application Data\9d157fa\CU9d15.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BA7B848\bomgar-scc.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoNmSrv.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\eTrustITM\inoweb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.truserv.ca/pls/truserv_pub/truserv.app
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.silkdimensions.ca/
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 84.19.171.6 www.google.com
O1 - Hosts: 84.19.171.6 google.com
O1 - Hosts: 84.19.171.6 google.com.au
O1 - Hosts: 84.19.171.6 www.google.com.au
O1 - Hosts: 84.19.171.6 google.be
O1 - Hosts: 84.19.171.6 www.google.be
O1 - Hosts: 84.19.171.6 google.com.br
O1 - Hosts: 84.19.171.6 www.google.com.br
O1 - Hosts: 84.19.171.6 google.ca
O1 - Hosts: 84.19.171.6 www.google.ca
O1 - Hosts: 84.19.171.6 google.ch
O1 - Hosts: 84.19.171.6 www.google.ch
O1 - Hosts: 84.19.171.6 google.de
O1 - Hosts: 84.19.171.6 www.google.de
O1 - Hosts: 84.19.171.6 google.dk
O1 - Hosts: 84.19.171.6 www.google.dk
O1 - Hosts: 84.19.171.6 google.fr
O1 - Hosts: 84.19.171.6 www.google.fr
O1 - Hosts: 84.19.171.6 google.ie
O1 - Hosts: 84.19.171.6 www.google.ie
O1 - Hosts: 84.19.171.6 google.it
O1 - Hosts: 84.19.171.6 www.google.it
O1 - Hosts: 84.19.171.6 google.co.jp
O1 - Hosts: 84.19.171.6 www.google.co.jp
O1 - Hosts: 84.19.171.6 google.nl
O1 - Hosts: 84.19.171.6 www.google.nl
O1 - Hosts: 84.19.171.6 google.no
O1 - Hosts: 84.19.171.6 www.google.no
O1 - Hosts: 84.19.171.6 google.co.nz
O1 - Hosts: 84.19.171.6 www.google.co.nz
O1 - Hosts: 84.19.171.6 google.pl
O1 - Hosts: 84.19.171.6 www.google.pl
O1 - Hosts: 84.19.171.6 google.se
O1 - Hosts: 84.19.171.6 www.google.se
O1 - Hosts: 84.19.171.6 google.co.uk
O1 - Hosts: 84.19.171.6 www.google.co.uk
O1 - Hosts: 84.19.171.6 google.co.za
O1 - Hosts: 84.19.171.6 www.google.co.za
O1 - Hosts: 84.19.171.6 www.google-analytics.com
O1 - Hosts: 84.19.171.6 www.bing.com
O1 - Hosts: 84.19.171.6 search.yahoo.com
O1 - Hosts: 84.19.171.6 www.search.yahoo.com
O1 - Hosts: 84.19.171.6 uk.search.yahoo.com
O1 - Hosts: 84.19.171.6 ca.search.yahoo.com
O1 - Hosts: 84.19.171.6 de.search.yahoo.com
O1 - Hosts: 84.19.171.6 fr.search.yahoo.com
O1 - Hosts: 84.19.171.6 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [CleanUp Antivirus] "C:\Documents and Settings\All Users\Application Data\9d157fa\CU9d15.exe" /s /d
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Shortcut to set time.bat.lnk = C:\WINDOWS\set time.bat
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128612583296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161962995484
O17 - HKLM\System\CCS\Services\Tcpip\..\{D74C1904-8537-4EC3-802B-1CC0DC7B8BA2}: NameServer = 142.77.2.36,192.168.2.1
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bomgar Support Customer Client [1269282889] (bomgar-scc-1269282889) - Bomgar Corporation - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BA7B848\bomgar-scc.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM Server Service (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access Service (InoWeb) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\inoweb.exe
--
End of file - 7196 bytes
Unexpected Error Fixing Problems (Cannot Create File c:\Windows\System32\drivers\etc\hosts Access is denied. I seem to get the same kind of error running HJTinstall as noted in the log below.
The following is a log from HJTInstall.exe:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:30PM, on 03/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Documents and Settings\All Users\Application Data\9d157fa\CU9d15.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BA7B848\bomgar-scc.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoNmSrv.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\eTrustITM\inoweb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.truserv.ca/pls/truserv_pub/truserv.app
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.silkdimensions.ca/
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 84.19.171.6 www.google.com
O1 - Hosts: 84.19.171.6 google.com
O1 - Hosts: 84.19.171.6 google.com.au
O1 - Hosts: 84.19.171.6 www.google.com.au
O1 - Hosts: 84.19.171.6 google.be
O1 - Hosts: 84.19.171.6 www.google.be
O1 - Hosts: 84.19.171.6 google.com.br
O1 - Hosts: 84.19.171.6 www.google.com.br
O1 - Hosts: 84.19.171.6 google.ca
O1 - Hosts: 84.19.171.6 www.google.ca
O1 - Hosts: 84.19.171.6 google.ch
O1 - Hosts: 84.19.171.6 www.google.ch
O1 - Hosts: 84.19.171.6 google.de
O1 - Hosts: 84.19.171.6 www.google.de
O1 - Hosts: 84.19.171.6 google.dk
O1 - Hosts: 84.19.171.6 www.google.dk
O1 - Hosts: 84.19.171.6 google.fr
O1 - Hosts: 84.19.171.6 www.google.fr
O1 - Hosts: 84.19.171.6 google.ie
O1 - Hosts: 84.19.171.6 www.google.ie
O1 - Hosts: 84.19.171.6 google.it
O1 - Hosts: 84.19.171.6 www.google.it
O1 - Hosts: 84.19.171.6 google.co.jp
O1 - Hosts: 84.19.171.6 www.google.co.jp
O1 - Hosts: 84.19.171.6 google.nl
O1 - Hosts: 84.19.171.6 www.google.nl
O1 - Hosts: 84.19.171.6 google.no
O1 - Hosts: 84.19.171.6 www.google.no
O1 - Hosts: 84.19.171.6 google.co.nz
O1 - Hosts: 84.19.171.6 www.google.co.nz
O1 - Hosts: 84.19.171.6 google.pl
O1 - Hosts: 84.19.171.6 www.google.pl
O1 - Hosts: 84.19.171.6 google.se
O1 - Hosts: 84.19.171.6 www.google.se
O1 - Hosts: 84.19.171.6 google.co.uk
O1 - Hosts: 84.19.171.6 www.google.co.uk
O1 - Hosts: 84.19.171.6 google.co.za
O1 - Hosts: 84.19.171.6 www.google.co.za
O1 - Hosts: 84.19.171.6 www.google-analytics.com
O1 - Hosts: 84.19.171.6 www.bing.com
O1 - Hosts: 84.19.171.6 search.yahoo.com
O1 - Hosts: 84.19.171.6 www.search.yahoo.com
O1 - Hosts: 84.19.171.6 uk.search.yahoo.com
O1 - Hosts: 84.19.171.6 ca.search.yahoo.com
O1 - Hosts: 84.19.171.6 de.search.yahoo.com
O1 - Hosts: 84.19.171.6 fr.search.yahoo.com
O1 - Hosts: 84.19.171.6 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [CleanUp Antivirus] "C:\Documents and Settings\All Users\Application Data\9d157fa\CU9d15.exe" /s /d
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Shortcut to set time.bat.lnk = C:\WINDOWS\set time.bat
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128612583296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161962995484
O17 - HKLM\System\CCS\Services\Tcpip\..\{D74C1904-8537-4EC3-802B-1CC0DC7B8BA2}: NameServer = 142.77.2.36,192.168.2.1
O23 - Service: Apache Tomcat Application Server (ApacheTomcatApplicationServer) - Apache Software Foundation - C:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bomgar Support Customer Client [1269282889] (bomgar-scc-1269282889) - Bomgar Corporation - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BA7B848\bomgar-scc.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM Server Service (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoNmSrv.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: eTrust ITM Web Access Service (InoWeb) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\inoweb.exe
--
End of file - 7196 bytes