Home > Hijackthis Log > HijackThis Log For XP With Bolenja

HijackThis Log For XP With Bolenja

C:\WINDOWS\Spyware Remover.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Alohboh\Local Settings\Temp\serverpower.exe (Trojan.Alphabet) -> Quarantined and deleted successfully. Also, I think I mentioned this before, but BartPE is very helpful if you want to start that PC in a clean environment; there are all kinds of situations where you C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\HR1KCDWF\CAH8IHTB (Trojan.Vundo) -> Quarantined and deleted successfully. have a peek here

C:\WINDOWS\SYSTEM32\wowfx.dll (Trojan.QHost) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e8e367a1-57d1-49cb-b1b0-192b95bd5e6a} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully. I support enough equipment at work I don't want to go home and do it. what's the 'other' thing?

I think the default for the previous version was a database size that was about 5% of what the DB with updates was... HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully. Ao pressionar qualquer tecla, o computador será reiniciado automaticamenteApós reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer.

C:\Documents and Settings\Alohboh\Desktop\Temp probably spyware pulled from docnsettings alohaboh appdata\sysfixer.exe (Rogue.Installer) -> Quarantined and deleted successfully. line for author of this thread: stupidest questions from PC users http://forums.macrumors.com/showthread.php?t=229887 3. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. So, without further adieu, the problems I'm having:Windows XP ComputerThis is the Back of House computer for my store which Runs the AlohaQS Software (Basically a Cash Register Program) for my

HKEY_CLASSES_ROOT\CLSID\{e0dca13e-41d3-5d2f-895d-3be6738708ec} (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WebBuying (Adware.WebBuying) -> Quarantined and deleted successfully. C:\Program Files\MSN\niqyrezim4444.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Alohboh\Local Settings\Temporary Internet Files\Content.IE5\I12RSBID\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Alohboh\Local Settings\Temp\hostsys.exe (Trojan.Alphabet) -> Quarantined and deleted successfully. O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: kszz.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0800290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\SpyGuardPro (Rogue.SpyGuardPro) -> Delete on reboot. outer info ...typical fix does not work Started by one800thekiller , Jan 20 2008 07:27 PM This topic is locked #1 one800thekiller Posted 20 January 2008 - 07:27 PM one800thekiller New iGary, Nov 11, 2007 #6 Tannin New Member Mercutio said: ↑ Those three programs are the primary tools I teach people to use in my classes. I don't know what they've done to it, and unlike other companies it never seems to get any cheaper, but it's seriously quick.

You can't even right click on my computer and bring up the properties. navigate here They are all admins. I don't know who the hell *that* iGary is, but it certainly ain't me! Even if it was on USB there would be a process involved.Click to expand...

Choose "compatws.inf" Right Click. It seems to behave in safe mode for the most part, but spybot will not launch, nor will hijack this (in safe mode or standard bootup). Any ideas? (other than re-installing)Click to expand... Check This Out HKEY_CLASSES_ROOT\Interface\{89107b18-d3d4-46cb-8045-1af57b8c4535} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.

And, even in safe mode applications that have "spy" in their name refuse to run. HKEY_CLASSES_ROOT\Interface\{e779dc78-51e9-4630-a8d4-c9ae3548c6c7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{26ab4ac4-23d3-4004-b9d8-bff54166503c} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fecb6f44-0b53-43c3-b5e8-aa03ece60aa9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.

Anyway, if you look on the torrent sites, you will find that such tools do exist, usually as BartPE distributions... Root Kit maybe? C:\WINDOWS\SYSTEM32\hel9\pozpwb23.exe (Adware.WebBuying) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\kckryigt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8c4e45a4-fdbc-4de0-8d1f-4ec38d4f3023} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully. this contact form Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

C:\Documents and Settings\Alohboh\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully. I did a full virus scan of the drive in another PC using Avira Antivir, but there's obviously something still running, even in safe mode. Spybot just upgraded to version 1.5 and introduced a simplified update process. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

They are all admins. The computer that is having difficulties is actually my Back of House Computer for a store that I own, and I just happened to have HijackThis with me, so I ran This tool creates a report or log file containing the results of the scan. C:\Documents and Settings\Alohboh\Application Data\printer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. If you have an existing case, attach the log as a reply to the engineer who handles it. HKEY_CLASSES_ROOT\Interface\{605196d3-a6cc-43ac-8104-e8cdca25ef58} (Rogue.Spy-Rid) -> Quarantined and deleted successfully. Anyway, the reason I am necro-posting here is to ask if anyone has tried out [http://www.threatfire.com/download/]ThreatFire[/url], which has a real time antispyware component and as an honest to goodness free version.

Sincerely, GRBrown Back to top #4 GRBrown GRBrown Topic Starter Members 21 posts OFFLINE Local time:06:09 PM Posted 14 January 2009 - 06:45 PM Here is the Malwarebytes Log: Malwarebytes' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ff64059d-4d2a-4d6b-aa0f-2ee4a2fe3856} (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Alohboh\Local Settings\Temp\agent16.exe (Trojan.Alphabet) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:00:40 AM, on 1/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe

You can always compare a directory listing of that folder from a clean machine to yours if need be. Also, Tannin... I then installed and ran both RSIT and GMER, which installed without difficulty and ran fine with a normal Windows XP bootup. Mercutio, Jan 25, 2008 #39 Stereodude Not really a Mercutio said: ↑ OK...