hijack this

**pummel** · 05-01-2005

Logfile of HijackThis v1.99.0
Scan saved at 20

08, on 05/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Winamp\Winampa.exe
C:\program files\KMaestro\KMaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\BT Yahoo! Internet\DialBTYahoo.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Richard Miles\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btinternet.com/DiallerChe...rld.com?duser=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [KeyMaestro] c:\program files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Real-time Monitor.lnk = C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9784E6B8-137C-492D-8409-678724CE4D7D}: NameServer = 213.1.119.98 213.1.119.97
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

**owen** · 06-01-2005

Yes Hijack This is a program and that is a log. You haven't described your problem in the thread name or the actual post.

**pummel** · 08-01-2005

Sorry I'm a bit new to all this, I was following instructions on your help page.
I've already downloaded both spybot and adware and run both these. They did find some popups but I am still geting loads and wonder if there was anything you can do. Iam still getting them from adware-nuker.com; nixad.com; premsms.da.ru; antieye.com; errorfixer.com; patcgnow.net.
Some of these appear to be new since downloading both of the programs above. Aditionally I have just installed iTunes but it always crashes when it is downloading last song.
Any ideas? Thanks for help.

**owen** · 08-01-2005

Thanks for the description, that helps me a lot more

Its a clean log that, not sure if thats good news for you or not.

What I can suggest is fixing these two entries in Hijack This (Put a checkmark next to them and then click Fix Checked):

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Then follow these steps to disable Real Scheduler which is a major resource hog:

To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK.

Then Uninstall both ITunes and Quicktime and then reinstall both. See how that goes.

**pummel** · 09-01-2005

Thanks Owen the help is much appreciated especially when I don't have a clue what I am doin!
As always nothing is ever simple. Followed your instructions on hijack log no problem.
When I try to uninstall Quicktime I get the choice to 'Uninstall everything' whihc it then says is 'not recommended', should I still do this? Doing just the 'uninstall' it still appears as a program.
ITunes is unistalled I'll wait on answer to this before i re-install.
Couple of other queries:
My pc appears dead slow to start up and load any program. Is there anything else I can do to speed it up or is it just my pc? although it never used to be this slow.
Do i need 'WinAmp' what is it? does it add anything?
As I've got Real one player can I uninstall windows media player (whihc needs updating)? or do you think one is better than the other?
Whenever I load up iTunes I get the licence agreement to agree or save - how can I get rid of this? iTunes also seems to want to connect to internet - can I disable this?
That's aside from my issues downloading songs from CD to iTunes, where iTunes always crashes on the last song (with CPU usage at 100%). Any ideas? maybe the fix above may help.
Incidentally why do i need to uninstall then re-install those 2 programs? just interested.

Apologies for the Q's but I really am stuck! and need some help.
Appreciate your help.

**owen** · 12-01-2005

Remove the whole of QuickTime and ITunes. I generally ignore the not recommended, just an excuse to leave it on your machine.

I'm not sure whether you can get rid of Windows Media Player if you no longer want it in Windows 2000. Personally I prefer Windows Media Player to Real Player because Real did have a bit of a dodgy privacy policy at one time, not sure about that matter now. Real is also a bit of a resource hog. Its down to personal preference.

WinAmp is a program you downloaded and installed, which is a Media Player similar to Windows Media Player. Its just smaller (to the eye) and easily skinable (change the appearance). Nothing special, its always caused me problems and crashed my PC.

I think this should fix ITunes accessing the Internet, go to Edit> Preferences. Under the General tab, remove the checkmark from "Check for ITunes Updates Automatically" and "Connect To Internet When Needed".

I'm not sure about the license agreements.

I recommended uninstall then reinstall because you having problems. Sometimes reinstalling a program helps you solve troublesome issues.

**pummel** · 14-01-2005

Cheers for all the help Owen. Really appreciate it.
I've followed all instructions and re-installed - I'll let you know if all goes well now with iTunes!
I've also noted all your other advice - I'll probably get rid of Real and just use WMP.
Quick query - I've got Interactual Player on my PC - not quite sure how. May have been when I got my DVD-rom. Is this free software? is it any good? or can I use WMP or one of the others for viewing DVDs?

Also I've got USB on my pc but it will be old version (1.1?) Is probably best to upgrade to 2.0 for my ipod. The usb ports currently on front of pc and sit one above the other. Does this have to be completely replaced? and if so any ideas where you can get something similar? (everything i've found so far is the new panel that fits into back of pc with usb side by side.
OR
can you just get an external USB 2.0 which i just plug into the current usb port? (guess not but worth the ask!)
cheers

**owen** · 17-01-2005

When putting some DVDs in your PC, including Harry Potter just to show a famous one (I think) it asks to install InterActual player. Its only really needed for the special features and you've probably agreed to the installation. I always deny the installation. Remove it if you don't need it.

USB 2.0 is the latest standard so thats probably a yes to offer faster transfer rates, etc. I don't think it will be possible to replace the Front Panel Connector, short of buying a new PC Case, which I'm sure you don't want to do. You can buy a USB Hub (For example see this). Many of the peripherals now are quite demanding so if you think about it, this hub is splitting up the power of 1 USB port into 4 so the performance is not going to be very good. If I were you, I'd go for something like this. I bought one similar to this. Its as simple as removing the side of your PC case and slotting the card into a spare PCI slot and putting one screw in at the top. Then putting your PC case back on.

This will give you an additional 4 USB 2.0 Ports at the back of your PC.

hijack this

hijack this

Similar Threads

Browser Hijack - Localhost Hijack

about:blank hijack - Hijack this log