Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Well . . . this is Interesting


  • Please log in to reply
1 reply to this topic

#1 Rachiela100

Rachiela100

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 10 July 2005 - 07:26 PM

I am home for the summer and having to put up with dial-up. This might have been tolerable if it wasn't dial-up and infected with dozens of pop-ups. I've run ad-aware and spybot to no avail and just today downloaded and ran HijackThis.

However, a few interesting error messages came up that I thought I should at least bring to your attention before I copied the log to this post. The first message stated:

For some reason your system denied write access to the Hosts file.
If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run
and type:
notepad "C:\WINDOWS\System32\drivers\etc\hosts"

and press Enter. Find the line(s) HijackThis reports and delete them. Save the
file as "hosts" (with quotes), and reboot.

Not understanding any of this I wrote it down and clicked OK only to happen upon another error message. So being really confused now I wrote this one down too:

An unexpected error has occured at procedure:
modMain_CheckOther1Item() Error #75-Path/File access error.

Please email me at merijn@spywareinfo.com, reporing the following:
*What you were trying to fix when the error occured, if applicable
*How you can reproduce the error
*A complete HijackThis scan log, if possible.

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

Once again I clicked OK and then the HijackThis log popped up. I don't know if the above two messages have any effect on anything and, if not, I apologize for wasting your time with them. However, if may be important to note that my brother is an "aspiring" computer programmer and our computer has been the innocent victim of various failed C++ attempts and the like...

So, without further ado I will post the HijackThis log and pray it makes more sense to you than it did to me...

Logfile of HijackThis v1.99.1
Scan saved at 7:07:13 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Racheal\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [kpnk] C:\WINDOWS\System32\kpnk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD0812D9-C544-47C2-8CD8-0D44D9E41DBD}: NameServer = 207.69.188.187 207.69.188.186

Thank you so very much.
Rachiela

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:10 PM

Posted 11 July 2005 - 11:43 PM

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.

For a tutorial on how to use HijackThis please see the following link:

Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
O4 - HKLM\..\Run: [kpnk] C:\WINDOWS\System32\kpnk.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\WinStat12.dll
C:\WINDOWS\System32\kpnk.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users