A HiJack log to check.

Discussion in 'adware, spyware & hijack cleaning' started by Ispoof6270, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. Ispoof6270

    Ispoof6270 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    3
    Hi,

    I've recently been getting pop up adds that hide themselves off to the bottom right unviewable portion of my screen, the only reason I am aware of their existence is their showing up on my active items area at the bottom of my screen next to start menu. I have AdSubtract filtering enabled, blocking pop-ups and ads, but these few seem to get through. My home page is Yahoo! Fantasy Sports and I will get a pop-up here when opening IE almost everytime. It is an internet explorer type window, but just hidden. Sometimes I can tell that it is from TrafficMarketplace.com. I've ran and followed the intsructions for both Spyware S & D and AdAware 6.0, ran them several times and I am still getting these few random pop-up's that hide themselves - with one here and there that will show its face to me. Windows ME is my OS. Here is my HijackThis log - thankyou in advance for taking the time to review my log.

    - Matt
     
  2. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello Ispoof6270,

    Run Hijackthis again with all browsers closed and check these items and then on Fix:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

    O4 - HKLM\..\Run: [vzhyndeguqd] C:\WINDOWS\SYSTEM\xkljmljy.exe

    Reboot the computer into safe mode

    Make sure you can view all hidden files and folders

    Find and delete these files/folders:

    C:\WINDOWS\SYSTEM\xkljmljy.exe

    Reboot and post a new log here.
     
  3. Ispoof6270

    Ispoof6270 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    3
    Thankyou, Taz71498 for the attention. Instructions have been followed and completed succesfully and HiJack this ran again and here is my new log...I am still getting the usual 1 pop-up when I load IE to my homepage of Yahoo! Fantasy Sports. The most recent was from GuardYourPC.com offering me free Norton Software...I could actually see this add as opposed to before, if that makes any difference. Here is the log!

    **Edit: It seems that I overlooked a file in my original hijack fixing. The file overlooked was:
    I noticed it as I posted the update log here for you. As I went back and removed that, my initial opinion is that I seem to be fixed. The log that you see here is the most recent log.

     
    Last edited: Jun 22, 2004
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Ispoof6270,

    Are you sure you closed all browsers as Taz71498 advised?

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [vzhyndeguqd] C:\WINDOWS\SYSTEM\xkljmljy.exe

    Then reboot into safe mode and delete:
    C:\WINDOWS\SYSTEM\xkljmljy.exe

    Regards,

    Pieter
     
  5. Ispoof6270

    Ispoof6270 Registered Member

    Joined:
    Jun 20, 2004
    Posts:
    3
    All browser windows should be closed this time around. There was one file that could not be fixed: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html, it was not in my hijackthis scanned list to have the option to fix. And, I could not delete C:\WINDOWS\SYSTEM\xkljmljy.exe in safe mode, I searched drive C and found no file xkljmljy.exe, and to double check I went to explore C:\WINDOWS\SYSTEM, it was not there. Here is the new log.

     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
Thread Status:
Not open for further replies.