Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sham1313 on June 26, 2009, 04:52:58 PM

Title: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 26, 2009, 04:52:58 PM
Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>;*.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
I just did a HJ and I am almost sure the 2 above I can delete but i am not sure at all about the ones below. i just remember on some times when i have been help with HJ that I deleted a couple of the ones that had no file and no names in it. how wrong or right am I?
Sharon


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)


O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - (no file)
;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>;*.local

End of file - 8769 bytes
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Spiritsongs on June 26, 2009, 07:52:52 PM
 :)  Hi :

 The "fact" that a HijackThis log entry has "no file" and/or "no name" does NOT
 mean it should be "deleted", but further "research" should be done . For
 example, a Google "Search" of "5C255C8A-E604-49b4-9D64-90988571CECB"
 shows "Location: %ProgramFiles%\Windows Live\Messenger" which means it is
 part of the Windows Live Messenger program . For HijackThis log "02" Entries,
 it is recommended to use www.systemlookup.com as part of the Research
 "process" .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 26, 2009, 09:41:27 PM
I do understand in away and would be willing to do research, but really not sure what to look for and what would be the next step. i think i would be looking for some thing that would tell me if the file should be kept or deleted.
thanks Sharon
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: polonus on June 26, 2009, 09:56:09 PM
Hi sham1313,

I checked the orphaned entries and qwave,dll and see no suspicious entries there,

polonus
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 26, 2009, 10:14:01 PM
you say  the orphaned entries and qwave,dll is that the name of the no name file?  i am glad there is no suspicious entries there.  i will still do some reading and see if i can understand any of it. should i delete any of the ones i posted from the scan?
thanks Sharon
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: polonus on June 26, 2009, 10:53:41 PM
Hi sham1312.

As always google is your best friend here. An example from your posting, just give in the CLSID of the entry like: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} and then check what information you get on the B.H.O. Orphaned means you might have deleted it and an empty remnant is there, if it is secure you can either choose to restore the original Browser Helper Object, actually it is a dll module for which the dll is not there anymore or if you have no need of it further tag it in HJT and fix it giving an enter.
So I got the info here:
http://www.systemlookup.com/CLSID/39866-LinkScannerIE_dll_avgssie_dll.html

Do this with all the other entries and you can make up a calculated guess what you have there.
Malware fighting is also teaching users/victims to fish for themselves so they can have a meal everyday, not just giving them a fish once,

Stay safe and secure online, is the wish and command of,

polonus (malware fighter)
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 26, 2009, 11:42:23 PM
can these be deleted? should i post the full log
Sharon

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 26, 2009, 11:45:30 PM
i wished i would have red the above before i posted the last post and i well save your last post to help me. thanks Sharon
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: polonus on June 27, 2009, 12:20:42 AM
Hi Sharon,

You could do this and fix these, another manual routine to remove NetZero. if you have the software there is to follow the following 12 steps:

Please follow the below steps to uninstall NetZero software from your
computer:

1. Click on the Windows "Start" button, point to "Settings" and
select "Control Panel."
2. Double-click on the "Add/Remove Programs" icon.
3. Click once on "NetZero" to highlight it and click on the
"Add/Remove" button.
4. Click "OK" then "OK" again and close the "Control Panel."
5. Click on the Windows "Start" button, point to "Programs" and
select "Windows Explorer."
6. Double-click the "Program Files" folder in the left-side window.
7. If you see a "NetZero" folder, highlight it and press the
"Delete" key on your keyboard to remove it.

NOTE: If a "NetZero" folder does not exist, you can skip to step 12.

8. Close Windows Explorer.
9. Double-click the "My Computer" icon on your desktop.
10. Double-click the "Dial-Up Networking" icon.
11. Click once on the "NetZero" icon to highlight it and press the
"Delete" key on your keyboard to remove it.
12. Restart the computer.

This will uninstall NetZero software from your computer.

polonus

Did you find this information helpfull?


Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 27, 2009, 12:36:24 AM
       netzero use to be my ISP. now I have att. netzero is and has been unstalled four a few weeks. and the removal tool use as well. with help from here and unstalling all the way in safe mode. i have bluelight email address and they send me netzero ads from time to time. i also had trouble getting rid of nortin witch the computer came with and i did use there removal tool also. plus a lot more other troubles in this same kind of way that is going on now. i hope i have not confused you..

           the above is what i had went thew and was pertty sure i could put a checkmark by and let HJ delete it. i need to re read your last post a few times to see how much of it i can understand.
thanks for your help. Sharon
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 27, 2009, 12:41:51 AM
i thought you should know it would not unstall the normal way. i had to do it in safemode. sense the netzero i have in the hj is just from the ads that bluelight send me. that is why i thought it would be ok just to delete them.
thanks Sharon
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Spiritsongs on June 27, 2009, 04:34:25 AM
 :)  Hi :

 In order to determine IF certain portions of a HijackThis log should be "fixed"
 ( what HijackThis generally would be considered "Deleted" ), the entire Log
 should be Posted so all Items can be viewed in context .
 Years ago, when I switched ISPs, I did a Windows "Search" and based on its
 Findings, I "deleted" ( right-clicked on the Entry ) all that the 'search" found.
 In my case, that was AOL, so I did a Windows "Search" using "AOL" and later
 "America Online" and "deleted" all "Items" found"; in your case, it MAY mean
 doing a Windows "Search" using the terms "Netzero" and later "bluelight" and
 right-clicking on all "Items" found !?

 A "Begineer's Guide" on interpreting a HijackThis log can be found at
 www.bleepingcomputer.com/tutorials/tutorial42.html .

 To go further, you would enroll in a "Malware Removal Course" and
 "Malware University" would be my Choice .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: spg SCOTT on June 27, 2009, 10:53:49 AM
A "Begineer's Guide" on interpreting a HijackThis log can be found at
 www.bleepingcomputer.com/tutorials/tutorial42.html .


Thanks for the link Spiritsongs, will be an interesting read :)

-Scott-
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 27, 2009, 04:44:25 PM
      when i 1st posted  i did not think any thing was wrong with the log. i just thought that because i no longer used netzero and use there removal tool. got a lot of help from this forum.and beelpingcomputer,com.when it was over my computer got a good bill of health. i just thought sense the 3 lines of the log had to deal with netzero had to do with just the advertisements bluelight sends from time to time. one person here maybe more said not to worry about it. every thing was OK. once again i am confused. but i will do another HJ and post it. it will take a few min.
Sharon

:)  Hi :

 In order to determine IF certain portions of a HijackThis log should be "fixed"
 ( what HijackThis generally would be considered "Deleted" ), the entire Log
 should be Posted so all Items can be viewed in context .
 Years ago, when I switched ISPs, I did a Windows "Search" and based on its
 Findings, I "deleted" ( right-clicked on the Entry ) all that the 'search" found.
 In my case, that was AOL, so I did a Windows "Search" using "AOL" and later
 "America Online" and "deleted" all "Items" found"; in your case, it MAY mean
 doing a Windows "Search" using the terms "Netzero" and later "bluelight" and
 right-clicking on all "Items" found !?

 A "Begineer's Guide" on interpreting a HijackThis log can be found at
 www.bleepingcomputer.com/tutorials/tutorial42.html .

 To go further, you would enroll in a "Malware Removal Course" and
 "Malware University" would be my Choice .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 27, 2009, 04:44:52 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:50 AM, on 6/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.mybluelight.com
O15 - Trusted Zone: *.mybluelight.net
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9cb4226c992a0) (gupdate1c9cb4226c992a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - (no file)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8423 bytes
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 27, 2009, 05:59:08 PM
i am going back and rereading every thing. i do this every time. it take awhile for me to remember what i am reading and learn how to use it.
the url you sent i get almost every question i have ask and i do spend a lot of time there reading and trying to understanding.
      i did not thing there was any thing any thing was wrong with the log that i sent a few line only to try to learn what i can and canot delete. if i though there might be trouble i would have posted a full log at the begining. i  was surpized that every one thought i was having trouble. like i said before i did not think there was a problem. do you see someting i missed that might be trouble?
thanks Sharon



:)  Hi :

 In order to determine IF certain portions of a HijackThis log should be "fixed"
 ( what HijackThis generally would be considered "Deleted" ), the entire Log
 should be Posted so all Items can be viewed in context .
 Years ago, when I switched ISPs, I did a Windows "Search" and based on its
 Findings, I "deleted" ( right-clicked on the Entry ) all that the 'search" found.
 In my case, that was AOL, so I did a Windows "Search" using "AOL" and later
 "America Online" and "deleted" all "Items" found"; in your case, it MAY mean
 doing a Windows "Search" using the terms "Netzero" and later "bluelight" and
 right-clicking on all "Items" found !?

 A "Begineer's Guide" on interpreting a HijackThis log can be found at
 www.bleepingcomputer.com/tutorials/tutorial42.html .

 To go further, you would enroll in a "Malware Removal Course" and
 "Malware University" would be my Choice .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Spiritsongs on June 27, 2009, 09:56:46 PM
 :)  Hi Sharon :

 You do NOT post a "full" HijackThis log ONLY if you think there may be
 "trouble" or something "wrong", but to provide a more through look at what is
 on a computer ; when you post a HijackThis log on a Malware Removal Forum
 such as Bleepingcomputer, their Experts FOCUS their attention on the
 portions that lead to malware removal and leave the more optional portions
 for someone else. By posting the "full" log now, what caught my attention is :
 "O15 - Trusted Zone: *.mybluelight.com
O15 - Trusted Zone: *.mybluelight.net "

 This shows at least one of the "areas" that you spoke about ; the "Begineer's
 Guide" I spoke about says the following about the "Trusted Zone" portion of
 a Log :
"There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone.. "

 and later on, it says :
"I personally remove all entries from the Trusted Zone as they are ultimately unnecessary to be there. "

 I am of the computer "philosophy" of having NOTHING in the "Trusted Zone"
 section of a computer and would recommend you do likewise, either by having
 HijackThis "Fix" those 2 "Lines" or by going to the "Trusted Zone" section of
 your computer and "Deleting/Removing" those 2 Listings .

 In you Log, I also saw the unnecessary "Bonjour/mDNSResponder" Service
 which you could read about in some of my Posts on this Forum IF you use
 the "search" function !?

 This is about making minor "adjustments" to your computer, to make it more
 secure and less troublesome .



Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 28, 2009, 05:50:22 AM
with the opera browser i am not sure where to fine that setting. i can fine it in the IE 7 my husband user's. it is set on the half way mark saying medium. that is the only place i see the trusted sites. should i mover it higher to restrick more site to view. bluelight is my main e-mail. there should be no more bluelight on this computer. next time i ask a question about the log i will post it all because common sense Say's it would be the right way to ask and get prober help.
 :) thanks Sharon
Title: "Trusted Zone"
Post by: Spiritsongs on June 28, 2009, 09:49:49 PM
 :)  Hi Sharon :

 You will notice that near the top of the HijackThis Log, it says :
 "MSIE: Internet Explorer v8.00", so that means the "Trusted Zone" Info in the
 Log ONLY pertains to IE . I would recommend you move the slider from
 "Medium" to "Medium High", which is the One I use . It still would be wise to
 go into IE's "Trusted Sites" and remove those 2 Bluelight Entries . I use Yahoo
 and Hotmail for my email and neither "Yahoo" or "Hotmail/MSN" are in my
 "Trusted Sites" and "Bluelight" should NOT be in yours either .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on June 30, 2009, 03:00:17 PM
most of the time i use opera to check my mail at bluelight.  does opera have a setting like that. and thank you i will delete the bluelight in hj. can I delete the netzero in the HJ too.
 I did not have a chance to get on the computer yesterday.
thanks Sharon
Title: Re: "Trusted Zone"
Post by: sham1313 on June 30, 2009, 05:57:52 PM
        I don't remember witch one to click on to delete the bluelight and the netzero from the HJ I see where to click to fix but not delete. also  the IE 7  was on med and I moved it to med high. where do I click to delete in the HJ?
Thanks Sharon

:)  Hi Sharon :

 You will notice that near the top of the HijackThis Log, it says :
 "MSIE: Internet Explorer v8.00", so that means the "Trusted Zone" Info in the
 Log ONLY pertains to IE . I would recommend you move the slider from
 "Medium" to "Medium High", which is the One I use . It still would be wise to
 go into IE's "Trusted Sites" and remove those 2 Bluelight Entries . I use Yahoo
 and Hotmail for my email and neither "Yahoo" or "Hotmail/MSN" are in my
 "Trusted Sites" and "Bluelight" should NOT be in yours either .
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Spiritsongs on June 30, 2009, 08:17:17 PM
 :)  Hi Sharon :

 To use HJT to "fix"/"delete" Items in the Log, you follow what it says in the
 "Beginner's Guide" :

 "Once you have selected the items you would like to remove, press the Fix Checked button, designated by the blue arrow, in Figure 6. HijackThis will then prompt you to confirm if you would like to remove those items. Press Yes or No depending on your choice. "
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on July 01, 2009, 03:59:14 PM
in my last post I type that I click fixed. it did it thing very quick but no promp came up. I have done the HJ a few times in the last couple of month and thought I was right when I click fixed but no promp came up. I  just did it again and the promp came up this time. I wander why it did not do the promp the last time. now  the bluelight and the netzero our gone. thanks for your help.
Sharon  :)
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Abraxas on July 01, 2009, 05:13:23 PM
I must poke my nose in here sham1313 and say, "If in doubt do nothing" :)

Before doing anything further it would be wise to make a backup of your registry with  ERUNT (http://www.larshederer.homepage.t-online.de/erunt/)
sham1313 if your seriously wanting your HijackThis log to be checked may I suggest a thorough analysis .
HijackThis Logs and Virus/Trojan/Spyware/Malware Removal (http://www.bleepingcomputer.com/forums/forum22.html)

HijackThis is not the ultimate Malware removal tool, or a tweak tool, it is a general guide to certain important locations on your computer. There are further programs a Malware Expert would most likely use once reading your INITIAL HJT log .




Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on July 01, 2009, 07:08:25 PM
      at the beginning I thought I ask a simple question witch was there was a couple of things in the HJ that were netzero witch had to come from my bluelight mail sending me ads from netzero witch use to be my ISP. now I am glad to say I have ATT. I had just posted the netzero  sites and and the ones that had no file and no names. I ask if those could be deleted witch in the other HJ I had got help with from here and bleepingcomputers.com had deleted all the netzero and some that had no names and no files. I did not thing I had any problems and still don't. the responce I got I thought maybe in the few lines I posted they might have seen some thing I did not. then I was explain I should even with the question I ask that I should have posted the full HJ. so I  did them I was told I should fix and or delete the bluelight that  was in my trusted zone and it would be best not to have any thing in my trusted zone. witch I don't now as will as I deleted the netzero ads as well.
         when I had netzero and at the time was using AVG virus scanner. I was having all kinds of trouble. when I unstalled them and went to using ATT as a ISP an avast virus scanner. it took a while getting rid of all the netzero and  AVG even with  using both the removal tools for both OF them I. I thought I had every working right and going fine. I was just wanting to stay on top of things by fining out if I should delete the netzero from the HJ when bluelight sent me one of there ads. I can't report it as junk because it is being sent by my main mail witch is bluelight.
        if you care to look at HJ it is on pg 1 or I could post a new one sense I deleted the bluelight and the netzero I will. if you think I should get it check out better I would either go back too bleepingcomputers.com where they have help me before when I made a big mistake and downloaded not 1 but 4 rogue programs that I thought were suppose to help with the computer. when I found out they were rouge of course I had to go threw all the necessary things to do to get rids of them that is what i have been doing for the last couple of month. I could also try the site you suggested.
     I am telling you this so you or any one can tell me if I have any thing I need to worry about or not. I will state one more time because some times people have a very hard time understanding me. I am could at explane when I  talk to people but in writing it down on paper it just does not always come out the same way. I did not thing I was having any trouble just wanted to try to stay on top of things by getting rid of some things like netzero that has cause me problems in the past.
 all advice I am willing to listen to. so i can try to learn more in the prober way about computers.
thanks Sharon please also let me know if I explane it right and clear enough thanks again :) :)
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: Abraxas on July 02, 2009, 09:27:05 PM
Quote
I can't report it as junk because it is being sent by my main mail witch is bluelight.
You can "Unsubscribe" to any email .  ;)
Quote
I did not thing I was having any trouble just wanted to try to stay on top of things by getting rid of some things like netzero that has cause me problems in the past.
If your not having any trouble leave well enough alone  ;)

Run a Avast! scan and if it says all is o.k. great.  :)
Title: Re: Logfile of Trend Micro HijackThis v2.0.2
Post by: sham1313 on July 03, 2009, 01:38:29 AM
there is no place in the email they send to unscribe. my husband says on the junk mail he gets he  don't unscribe because he things  if you do they will even send you more junk mail.
thanks for your help and other then deleting the netzero and the bluelight in the trusted zone and don't plan on doing any thong els.
thanks Sharon