I have just downloaded Hijack This. My computer has been running soooo slow. I have all types of problems with it. I downloaded Noadware. It has removed some items, but there is about 10 items that will not remove. It says the items will be completely removed once I reboot system, but, they are still there, and wont't go away. What do I do? I would sure appreciate some help as I am clueless about computers. Thanks!!! I have a logfile. I just don't know how to put it on here. Thanks!!

Hi Help me please!!!


Check HERE

Angoid has a tutorial in the link, on how to post your Hijack This Log...

Just click on the word (HERE) above.

If you have the log already, just Highlight the whole log and past it here in a reply, and someone will check it out for you...

If you're still not sure how to do it, let us know.

Lorraine

P.S. Have a look at some of the other post, and you will see how it will look, when you past your log in a reply.

Uninstall NoAdware. It uses false malware reports as a goad to purchase the product.

After uninstalling NoAdware and rebooting, install AdAware SE Personal. There's a tutorial on how to use it here.

Post a HijackThis log after running it.

Hi Hked,
Help me please!!! has posted her HJT log on a new topic... as I think you are tracking this, I am posting a reply with her post quoted below:

QUOTE

Hello, I was finally able to get my hijack this logfile. Now what do I do? How do I fix it? How do I delete or fix the bad? Why am I always getting messenger service notices? I get one about every minute. Thanks!!! Here it is: Logfile of HijackThis v1.99.1 Scan saved at 5:20:48 PM, on 6/1/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\syshelper.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Falhz\Wunvvky.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NoAdware3\NoAdware3.exe C:\Program Files\NetZero\exec.exe C:\Program Files\NetZero\qsacc\x1exec.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\lah.exe C:\WINDOWS\System32\smsss.exe C:\Documents and Settings\Patricia\Local Settings\Temp\Temporary Directory 2 for hijackthis_199[1].zip\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Patricia\Local Settings\Temp\Temporary Directory 3 for hijackthis_199[1].zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1; localhost;*windowsupdate.microsoft.com;*windowsupdate.com; *wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com; *symantec.com;*.nai.com;*.networkassociates.com;<local> R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\eegtoxb.exe O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [Cdoel] C:\Program Files\Aery\Txrgoxu.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Norton Personal Firewall] lah.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [start uploading] smsss.exe O4 - HKLM\..\Run: [Euosckc] C:\Program Files\Falhz\Wunvvky.exe O4 - HKLM\..\Run: [System Services] svcsenes32a.exe O4 - HKLM\..\Run: [Windows Micro Drivers] wupdates32.exe O4 - HKLM\..\Run: [Windows Media Player] msa.exe O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE O4 - HKLM\..\RunServices: [Norton Personal Firewall] lah.exe O4 - HKLM\..\RunServices: [start uploading] smsss.exe O4 - HKLM\..\RunServices: [System Services] svcsenes32a.exe O4 - HKLM\..\RunServices: [Windows Micro Drivers] wupdates32.exe O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe O4 - HKCU\..\Run: [Windows Media Player] msa.exe O4 - HKCU\..\Run: [Norton Personal Firewall] lah.exe O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [start uploading] smsss.exe O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\Run: [System Services] svcsenes32a.exe O4 - HKCU\..\Run: [NoAdware3] "C:\Program Files\NoAdware3\NoAdware3.exe" /s O4 - HKCU\..\Run: [Windows Micro Drivers] wupdates32.exe O4 - HKCU\..\RunServices: [start uploading] smsss.exe O4 - HKCU\..\RunServices: [Windows Micro Drivers] wupdates32.exe O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4FD27064-9F0F-4851-9D8C-E4B289B562E4}: NameServer = 64.136.20.121 64.136.28.121 O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Mnfkiigm.dll O21 - SSODL: mtklefa - {D3490E54-0233-4A8A-94A6-A8EF5504F29B} - C:\WINDOWS\System32\qejxuh32.dll O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Chris

Thanks Ironbender.

Hi Help me please!!!...there are many infections showing. I'm not confident we can fix them all with HijackThis initially.

You have no antivirus program showing. Is there one installed?

To start the cleanup, download and run this virus cleaner:

http://www.trendmicro.com/ftp/products/tsc...sc/sysclean.com

There's a readme file included that tells you how to use it.

After running it and rebooting, post a fresh HijackThis log.

HijackThis is running from a Temp directory, which is not good. It's best if you just delete that copy and download this one:

http://degs.cybertechhelp.com/files/hijackthis.exe

This version will install and will be available in the All Programs menu under Start.

Hello Hked,

Thank you so much for your help!! I tried to download the cleanup, but my computer comes back saying that the system cleanup is not a valid win32 application. What do I do?

Thanks,
helpmeplease!!!

Hi Help me please!!!...can you please let us know if you already have an antivirus program installed.

Can you run an online virus scan? Try both of these:

http://housecall.trendmicro.com/housecall/.../start_corp.asp

http://www.pandasoftware.es/activescan/act...ivescan-com.asp

Let us know what they report. You have the Agobot worm, but there are some others that cannot be identified.