Home > Hijackthis Log > HijackThis Log - Xtgoj6119471.exe

HijackThis Log - Xtgoj6119471.exe

Waiting for things to happen. 0 OPDiscussion Starter AnimePhantasm 8 Years Ago Sry again thanks for the help. hennise87, Dec 21, 2008 #6 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 cybertech, Dec 21, 2008 #7 hennise87 Thread Starter Joined: May 2, 2004 Messages: 19 Before I post Waiting for things to happen. Internet Explorer will work untill you search for something that would help you get rid of the problem, then it too just closes. check over here

It wouldn't let me put them in the "chest", so I clicked "repair", and it said it was successful, but none of that has helped anything at all. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" Here's my FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2017 Ran by Harold (administrator) on HBSRV1 (03-02-2017 14:10:35) Running from C:\Users\Harold\Downloads Loaded Profiles: Harold (Available http://www.bleepingcomputer.com/forums/t/183909/hijackthis-log-need-help-re-spywareispynow/

This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. patrik Site Admin Posts: 9290Joined: Sun Jan 08, 2006 1:11 pm Top by tinahannem » Fri Dec 05, 2008 5:32 pm Patrik, Thank you so much for the help, but Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged hennise87, Dec 4, 2008 #2 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Download SDFix and save it to your Desktop. or read our Welcome Guide to learn how to use this site. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

I also tried a suggestion on this forum which told me to kill the process C:\WINDOWS\system32\svchost.exe but it will not let me - even on safe mode. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local http://www.hijackthis.de/ ProxyServer: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375 AutoConfigURL: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{FA7AB9DF-C605-4284-97DB-AABCFF07552F}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

Please let me know how your pc is now. They say, Page Load error, OR will reroute me to the most random sites no matter what I do, OR say "Failed to Connect, Firefox can't establish a connection to the I greatly appreciate what you volunteers do. Screenshot: http://i68.photobucket.com/albums/i13/thedynamix/spyware.jpg Attached is my HJT report.

ComboFix 08-12-21.01 - Justin 2008-12-21 15:52:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.177 [GMT -5:00] Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT Check This Out Please note that many features won't work unless you enable it. scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - scanning hidden autostart entries ...

scanning hidden files ... check my blog All rights reserved.) HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.) HKLM\...\Run: [Display] => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Choose your usual account.

The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] () R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows Codename Longhorn DDK provider) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [152512 Anything related to "anti" spyware on the internet will NOT open, and I tried to download MalwareBytes, but it won't open setup at all. I'll do what you said though. this content uStart Page = hxxp://www.google.com/ IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

Thanks again. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DW6] "C:\Program

Message Insert Code Snippet Alt+I Code Inline Code Link H1 H2 Preview Submit your Reply Alt+S Related Articles iSpyNOW and other malware - 11 replies Wierd case of Ispynow - 23

earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. How does "real time collaborative coding" work Last Post 2 Weeks Ago Hey can anybody explain me how "real time collaborative coding" works and how to code something like that Thank C:\Documents and Settings\Justin\Application Data\Google\xtgoj6119471.exe - Note that some of these file(s)/folder(s) may or may not be present.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - I'm not sure how to delete my post, so you can now if you want. Instead of Windows loading as normal, a menu should appear. http://splodgy.org/hijackthis-log/hijackthis-log-for-my-pc.php Go to add/remove programs and remove all P2P programs from your machine!

The file will not be moved unless listed separately.) R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results". Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Since I have tried several of the suggestions on here I have deleted several TDSS files.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Click here to join today! O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program

Superantispyware will not open, it says it's encountered a problem and needs to close, and asks me if I want to send a report to Microsoft or not. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. with no help yet, when I get a helper I will remove my posts from the other sites immediatley. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start

Thanks, Cohen Cohenl.com - ColoRanks - Host 4 Post Do not PM me for support!!! 0 OPDiscussion Starter AnimePhantasm 8 Years Ago Sorry about that - here you go Logfile of Typically there are two ... Open the c:\SDFix folder and double click RunThis.cmd to start the script. scanning hidden files ...

Thank you. Just paste your complete logfile into the textbox at the bottom of this page. I have a log from HijackThis, here it is. Javascript You have disabled Javascript in your browser.

Please download RSIT by random/random from here and save it to your desktop. * Double click on RSIT.exe to run RSIT. * Click Continue at the disclaimer screen. * Once it