1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP!!! Hijackthis Log

Discussion in 'Virus & Other Malware Removal' started by jester7378, Mar 12, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    I checked the lan settings in ie. Proxy is not checked off. I even checked the settings in firefox and the proxy is not activated either. I rebooted. The override is still there. Attached is a fresh hijackthis log.

    My firefox seems to be affected. I tried to use the onlie scanner from kaspersky and was unable to launch it. Also, my gmail is being affected as well. I get error messages whenever my email is loading when using firefox. This never happened before.
     

    Attached Files:

  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    To enable the viewing of Hidden files follow these steps:

    1.Close all programs so that you are at your desktop.
    2.Double-click on the My Computer icon.
    3.Select the Tools menu and click Folder Options.
    4.After the new window appears select the View tab.
    5.Put a checkmark in the checkbox labeled Display the contents of system folders.
    6.Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    7.Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    8.Remove the checkmark from the checkbox labeled Hide protected operating system files.
    9.Press the Apply button and then the OK button and shutdown My Computer.
    10.Now your computer is configured to show all hidden files.




    You have a file i would like you to get anaylzed. Please go to VirusTotal. On the very top of the Website, you will see a Browse button. Use that to search for this file c:\winroot\Winroot2.exe. Then Click on Send. This could take between 30 Second-a couple of minutes. When you get the Results, Open Notepad, please highlight the results, copy them to Notepad and save it as "Scan.txt". Save the text file "Scan.txt" to your desktop. Please include the file in your next post.
     
  3. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    Here is the virus total scan log.
     

    Attached Files:

  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download the attached file CFScript.txt to your Desktop


    [​IMG]


    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
     

    Attached Files:

  5. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    Attached is the combofix log.
     

    Attached Files:

  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please post the following located in your C:\ drive
    ComboFix-quarantined-files.txt . Thanks
     
  7. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    This was the only file I found on my c: drive.
     

    Attached Files:

  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
  9. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    I still see the same things whenever I run hijackthis. I still have to remove the proxy override.
     

    Attached Files:

  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please save CFScript.txt to your desktop, drag CFScript.txt into ComboFix. You will be prompted to access the internet to upload a file, please Ok the prompt. In your next reply, please include a the ComboFix log. Thanks
     

    Attached Files:

  11. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    Here is my combofix log.
     

    Attached Files:

  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    please post a fresh hIjackthis log. Thanks
     
  13. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    Attached is a new hijackthis log. Seems like the proxyoverride is still there.
     

    Attached Files:

  14. jester7378

    jester7378 Thread Starter

    Joined:
    Mar 12, 2009
    Messages:
    25
    Hi,

    Sorry to keep bothering you about this, but I was just wondering if my computer is clean. It is running ok, but it is a bit slower than usual when compared to other people with the same exact settings. I ran hijackthis again this morning, and that proxyoverride is still showing up. Not only that, but there are three lines in my registry showing as my default internet page is http://go.microsoft.com/fwlink... Is this normal, especially when I set my default page to be google.com?
     

    Attached Files:

  15. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Open HIjackthis

    Check the following

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    Click on Fix Checked, close HIjackthis and reboot your pc.



    i don't see anything else in your log. We can do an online scan if you want though.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/808868

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice