Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I have done the Hijack this, now what can I trash? 3

Status
Not open for further replies.
orypecos

orypecos

Technical User
Mar 3, 2004
1,923
US
I went to this site
and downloaded, then opened the zipfile and ran it.
While running it I got a message that said
"For some reason the program was unable to write to the notepad for one file. When the scan is finished, go to Start then Run and type in notepad "c:windows\system32\drivers\etc\hosts"
I am running netscape for a ISP and also have spybot, adware, zonealarm,and symatec antivirus and spyblaster.
The problems that I am having it that when I want to run adware, there is only the Adware manual and the uninstall option. There is no longer a option to run Adware. I can run it from the icon on my desktop. With ebays turbolister, when I click in it to run it, it will never run any way that I try it. Generally my computer XP has been running slow, but I don't remember any other problems. I did the anaylze on the website but don't know enough to go farther. I can post that if necessary and/or helpfull.

Here is the whole file

Logfile of HijackThis v1.99.1
Scan saved at 11:38:28 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Computer\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6812A1-9FAE-4E16-A3BA-53816500C958}: NameServer = 205.188.146.145
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - c:\program files\netscape internet service\ncupdatesvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Sort by date Sort by votes
Remove this:

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
I would check for malware as well:

Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:


Update it and run a complete scan.


I would also check it with some other virus scanners just to make sure.



Erik
 
Upvote 0 Downvote
you may want to check your hosts file: "c:windows\system32\drivers\etc\hosts"
just open it in notepad and make sure there aren't any entries that block legitimate sites. i have seen boxes with corrupted hosts files that blocked the sites of antivirus and antimalware companies....

"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut
 
Upvote 0 Downvote
Fix the following aswell:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

The Following are unnecessary and slow the PC down, can be deleted if you do not use them every time you boot the PC:

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
(do you listen to MUSIC everytime you start your PC? if not get rid of it, and start it manually)

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
(can be accessed when you really need it by right clicking on the desktop)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
(Do you need QT running all the TIME?)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
(minimal speedup, not much use...)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
(dito as above, minimal speedup...)


When running HJT, make sure that you are not running it from the ZIP file, but unzip it in a FOLDER, on DESKTOP or where you want, and the error should disappear... reason, HJT writes a TXT file and can not do so within a ZIP folder...

I also suggest that you Uninstall AdAware and reinstall it, just to be on the safe side that the install is not damaged...

advice by ERIK is good and should also be taken note off...

spizotfl advice should also be noted, but you can also view the HOST file through SpyBot or my tip, HOSTER (


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
I am not the good on computers. How do I find the hijack log again that has the options to delete the files? When I do a search on my computer for a file called hijack, I find nothing but the word file I made of suggestions,and Spybot. So I tried to download hijack again and do another sweep and if gives me an error of 'hijack this couldnot be saved, because an unknown error occurred. Try saving to different location." Should I try to download again or just find the log from last night and delete the suggested entries?
If I try to open again last nights zip file, if says that the file no longer exists or has been renamed.
Thanks for the help everyone. Now I know how others feel when asking me questions on telephony, which is what I specialize in.
 
Upvote 0 Downvote
Create a directory on your hard drive called hijack. Then, download the program into the directory. Then, rerun the program and fix the stuff referenced above.

Erik
 
Upvote 0 Downvote
Well, I did most things suggested. I am still working on some of them. And everything is working fine, so I am glad I didn't accidently break something. And now ebay turbo lister is working. I still have to delete and reload Adware among other things. Looking at what I was told to delete everything makes sense to me and the computer seems to be running much faster.

I have a new disk called Spyware Killer Plus 5 in One, by Cosmi. Should I install this too? I bought it at the store and am now leary of installing some anti spyware due to the fact that I have read that some anti spyware software can cause problems, and I have never seen this brand name mentioned in this forum.
 
Upvote 0 Downvote
I suggest, that you DO NOT install this DISK, it was a waste of money...

I suggest that what Erik mentioned, Ewido, 30 day free trial (after trial the main program still functions and you can update manually...)

1.) You should have an active AV program running... always update (Symantec may not be my first choice but it is better than none (My Opinion))

2.) a Firewall (software if you do not have a ROUTER) should also be actively running, ie. Kerio Personal, Tiny Firewall, or ZoneAlarm Free... I see that you have that ZA, if you have the AntiViral version of ZA, I suggest you turn it off since you are using Norton already, and these two may clash.

3.) use a third party Browser, such as FireFox or Opera, when you surf, as these are still safer than IE, (good that you already are using FF)... in FF you have the options to turn of JavaScripting and a PopUp Blocker that is very good, use them...

4.) use good judgment, do not open attachments in eMails that you do not know the sender and then still be wary... also do not surf websites that are dubious...

I have the following running on my PC:

BitDefender AntiVirus (Active)
Kerio Personal Firewall (Active - Free version)
Ewido AntiMalware (Active)
SpyBot S&D (Manual updates and scans)
AdAware SE (Manual updates and Scans)
FireFox v1.5.0.3 with JavaScript turned off and PopUp Blocker active...

That is it... and I haven't had a Spy/Adware/Malware problem in quite awhile...

I hope this is helpful, and if you have any question, do not be afraid to ask... we help where we can...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
MalwareBytes may have been hacked
Replies
0
Views
173
2ffat
2ffat
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
248
Mike Lewis
Mike Lewis
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
237
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
769
Yoko Littner
Yoko Littner

Part and Inventory Search

Sponsor

Back
Top