Home > Hijackthis Log > HijackThis Log - Xtgoj6119471.exe

HijackThis Log - Xtgoj6119471.exe

scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C9105BA6-C63D-8078-8AD5-A411EBAFF012}] "iadecgcialcbjokbbi"=hex:6a,61,64,6c,69,6d,63,67,61,68,64,64,6b,6b,62,68,70,70,68,6b,00,.. "hajeimnhpjbeddmh"=hex:6a,61,64,6c,69,6d,62,68,64,69,6f,68,69,6a,6b,6a,6f,6d,69,70,00,.. That is the same log as you first posted. earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local Completion time: 2008-12-21 16:15:56 - machine was rebooted [Justin] ComboFix-quarantined-files.txt 2008-12-21 21:14:32 Pre-Run: 2,308,452,352 bytes free Post-Run: 2,508,197,888 bytes free 237 --- E O F --- 2008-12-18 06:01:44 Logfile of Trend

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. My Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:20:23 PM, on 12/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal With the help of this automatic analyzer you are able to get some additional support. scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ .

Thank you Thank you Thank you! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. I greatly appreciate what you volunteers do.

Visit this webpage for instructions for downloading and running ComboFix. Internet Explorer will work untill you search for something that would help you get rid of the problem, then it too just closes. Register now! scanning hidden files ...

I believe I am in safe mode with networking right now cuz that annoying fake shield is gone, and it looks like Im running Windows 1975, but anways..... Sry this is a huge post. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: http://www.hijackthis.de/ Look for these lines and place a checkmark against each of the following, if still present Code: Select allO4 - HKLM\..\Run: [{90BF8224-CD63-4081-A4C7-EF9A2CF6596F}] "C:\Documents and Settings\All Users\Application Data\065E7536.exe"
O4 - HKLM\..\Run: [vhostcheck]

FT Server" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\\Program Files\\A4Proxy\\A4Proxy.exe"="C:\\Program Files\\A4Proxy\\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application" "C:\\Program Files\\ProxyPlus\\ProxyPlus.exe"="C:\\Program Files\\ProxyPlus\\ProxyPlus.exe:*:Enabledroxy server & cache for Windows95, 98, NT" "C:\\Documents and Settings\\Justin\\Desktop\\MProxy.exe"="C:\\Documents and Settings\\Justin\\Desktop\\MProxy.exe:*:Enabled:MultiProxy personal proxy server" "C:\\Program Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove. Start a new discussion instead. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup,

Last Post 12 Hours Ago What does Google have from serving us with Google Fonts? https://forums.techguy.org/threads/i-have-the-sinowal-trojan-here-is-my-hijackthis-log.775953/ Instead of Windows loading as normal, a menu should appear. Error code: 2S136/C Contact Us Existing user? Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo!

If yours is not listed and you don't know how to disable it, please ask. iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Several functions may not work. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".

scanning hidden services & system hive ... earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please I did run "sfc /scannow" which found errors but could not fix them.

Click here to join today! If there is some abnormality detected on your computer HijackThis will save them into a logfile. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess -

I'd like to figure out what is causing these problems and I suspect some sort of malware, since I found and eliminated some threats using MBAM, AdwCleaner and JRT.

Also, browsing to secure sites (mostly governmental) such as irs.gov and ssa.gov is not possible on Firefox or Chrome. Please let me know if there is still something wrong. c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Canon\IJPLM\ijplmsvc.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Dell Support Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap

Alternative to Windows Indexing Last Post 2 Weeks Ago I frequently find myself looking for files on my computer. 99.9% of the time I am looking for a file by name Click on this link to see a list of programs that should be disabled. I have the Sinowal.trojan....here is my HijackThis log Discussion in 'Virus & Other Malware Removal' started by hennise87, Dec 4, 2008. That way, we will be able to see if/what it deleted.

All rights reserved.) HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.) HKLM\...\Run: [Display] => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 Here are my logs, but it appears I'm all clean. Please let me know how your pc is now. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the

Um, I'm not the best at explaining but I will try. hennise87, Dec 4, 2008 #2 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Download SDFix and save it to your Desktop. Anything related to "anti" spyware on the internet will NOT open, and I tried to download MalwareBytes, but it won't open setup at all. Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017

scanning hidden autostart entries ... Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Click here to Register a free account now!

olfsol.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab O20 - AppInit_DLLs: rukbiy.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Your system will take longer that normal to restart as the fixtool will be running and removing files. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.

I ran it before when I saw it mentions as a possible fix for the problem - here is the previous log. Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Superantispyware will not open, it says it's encountered a problem and needs to close, and asks me if I want to send a report to Microsoft or not. cybertech, Dec 6, 2008 #3 hennise87 Thread Starter Joined: May 2, 2004 Messages: 19 SDFix: Version 1.240 Run by Justin on Sun 12/21/2008 at 02:40 AM Microsoft Windows XP [Version 5.1.2600]

Removed them through Ad-Aware, deleted all browsing stuff but still this thing is still there!! Windows Updates not cooperating, secure browsing sometimes not possible Started by Montana Mad Dog , Yesterday, 04:49 PM Please log in to reply 3 replies to this topic #1 Montana Mad