Home > Avg 7 5 > Avg 7.5 Detected A Host Change In C:windows\system32\drivers\etc\hosts (log File Too)

Avg 7.5 Detected A Host Change In C:windows\system32\drivers\etc\hosts (log File Too)

To do this, click "Change State" to the right of the Resident Shield option in the main window. OriginalFilename : WdfMgr.exe#:22 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 344 ThreadCreationTime : 2-27-2007 11:29:28 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft« Windows« Operating System Thank you for your understanding and cooperation!Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:Support CenterMicrosoft MVP/Windows - Security 2003-2009 Back to top Back to Resolved/Inactive It happened twice today, the 1st time it was "ThorConnWndClass" and the 2nd was "Logitech GetMessage Hook. weblink

All rights reserved. Please post the contents of that log in your next replyNote: Do not mouseclick combofix's window whilst it's running as it may cause it to stallGogo Die Hijacker DieMember ofALLIANCE OF Last edit at 05/03/08 01:44PM by BIG AL 43.

March 31, 2009 16:46 Re: Update fails #15 Top jonath Senior Join Date: 31.3.2009 Posts: 32 The Thanks for your patience and time .Here's the Backlight log:02/01/07 19:35:42 [Info]: BlackLight Engine 1.0.55 initialized02/01/07 19:35:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)02/01/07 19:35:42 [Note]: 7019 402/01/07 19:35:42 [Note]: https://www.bleepingcomputer.com/forums/t/79857/avg-anti-virus-found-cwindowssystem32-driversetc-hosts-changed-what-do-i-do-is-this-a-problem-how-do-i-fix-it/

thanx in advance Ad-Aware SE Build 1.06r1 Logfile Created on:24 April 2007 17:39:00 Using definitions file:SE1R167 23.04.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):1 total references Windows(TAC index:3):2 All rights reserved. Yours is set to open with notepad instead (probably something either you or one of your security programs has done). OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 800 ThreadCreationTime : 24-04-2007 15:05:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System

OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1080 ThreadCreationTime : 24-04-2007 15:05:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System Attempting to delete C:\WINDOWS\system32\hjkkj.tmp C:\WINDOWS\system32\hjkkj.tmp Has been deleted! O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

When the scan completes, click "Recommended action" beneath the results window and select "Quarantine". Type : RegValue Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet account manager\accounts\bigfoot Value : LDAP Authentication Adware.BHO(generic) Object Recognized! C:\Documents and Settings\daniel\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Ignored. OriginalFilename : svchost.exe#:15 [msasvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1616 ThreadCreationTime : 12-15-2006 5:14:34 PM BasePriority : Normal#:16 [dllml.exe] FilePath : C:\Program Files\Creative\Shared Files\Module Loader\ ProcessID : 2020 ThreadCreationTime : 12-15-2006

From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... I'm fairly certain this is a stupid question but this whole process is new to me including creating logs and this support process so bear with me! All rights reserved. Some of the executables in the firewall permissions list don't appear among those in the AVG 8 folder (avgam.exe, avgnsx.exe) Firewall has no provision for 'safe' Internet addresses.

Done! http://www.reg-fix.com/w/c-windows-system32-drivers-etc-hosts-you-don't-have-permission/6/ Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! As I said in my last post, I do not recommend that you have more than one anti virus product installed and running on your computer at a time. Location: : C:\Documents and Settings\gOrDo [email protected]\recent Description : list of recently opened documents MRU List Object Recognized!

Location: : S-1-5-21-1957994488-616249376-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! OriginalFilename : IEXPLORE.EXE#:24 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 516 ThreadCreationTime : 12-15-2006 5:16:13 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft« Windows« A rootkit scan is required2006-12-15 17:39 791898 ---hs---- C:\WINDOWS\system32\pqtss.ini22006-12-15 17:38 -------- d-------- C:\Program Files\Common Files2006-12-15 16:30 -------- d-------- C:\Program Files\Mozilla Firefox2006-12-15 13:41 2134 --a------ C:\WINDOWS\system32\tmp.reg2006-12-15 12:58 -------- d-------- C:\Program Files\Kaspersky Lab2006-12-15 Is there anything else I can do to make sure all is well because just today I experienced the same problem where sometimes my computer slows down so much that literally

Type : File Data : A0016188.dll TAC Rating : 10 Category : Malware Comment : Object : C:\System Volume Information\_restore{9D75E817-F2FB-4688-8403-9F52C27F6465}\RP113\ Win32.Trojan.MatrisHasYou Object Recognized! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Category is: VulnerabilityYou'll find the same behavior in other security programs too. Thanks again.

FileDescription : LogMeIn Desktop Application InternalName : LogMeInSystray LegalCopyright : Copyright ę 2003-2006 LogMeIn, Inc. I don't do much other that read pdfs so I'm not much help there. Please re-enable javascript to access full functionality.

You're welcome for the help so far.As far as the hoster is concerned, I think you might just be missing the button that needs to be pressed.

And their logo would only disappear if you purchased the software. These are what we call an optional removal. OriginalFilename : CTFMON.EXE#:38 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 916 ThreadCreationTime : 2-27-2007 11:54:15 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : FileDescription : AVG Anti-Spyware InternalName : AVG Anti-Spyware LegalCopyright : Copyright ┬ę 2006 Anti-Malware Development a.s.

also I ran backlight and the file is below, also the new hijackthis log is below. Type : RegValue Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet account manager\accounts\bigfoot Value : LDAP Server Adware.BHO(generic) Object Recognized! It will start downloading the files it requires for the scan (Note: It may take a minute or two). Is that too long?

Started by GordoMillones , Dec 15 2006 03:55 PM Please log in to reply 11 replies to this topic #1 GordoMillones GordoMillones Advanced Member Members 42 posts Posted 15 December 2006 OriginalFilename : YCommon.EXE#:42 [lxcrcoms.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2388 ThreadCreationTime : 2-27-2007 11:54:38 PM BasePriority : High FileVersion : ProductVersion : ProductName : Printer Communication System FileDescription : If I pulled the wrong log, please let me know. Chat 1.3 - http://jcs.chat.dcn....m/c174/chat.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cabO16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)