Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need help with a-d-w-a-r-e and muon

Status
Not open for further replies.
rocketbballer

rocketbballer

Vendor
May 15, 2006
5
US
Ok I don't really know how, but I was searching on google one day, then the next I had all these wierd things on my desktop. So I knew it was spyware. So I delete them all and use adaware. That didn't help. I still got popups galore. So I installed McAfee and that started to help. Now there's only 2 problems. It won't stop with the pop-ups from muon and a-d-w-a-r-e, and everyday something is created. It's in the c drive under windows/system 32/guard. I delete it, but everyday it's some how created again. So can anyone help me? There's only one thing I don't want to do it RESTART my computer. I've got too much info and work on there to do that. So that can't be an option. Please I need help quickly! Thanks a lot!
 
Sort by date Sort by votes
hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:


to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Ok here you go, the only one i know that has to be kept is the zango thing. Other than that,I guess you guys and girls can figure out! Thanks a lot!

Logfile of HijackThis v1.99.1
Scan saved at 6:30:02 PM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zango\zango.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yukhjen.exe
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D87B5C754E2A3EC7 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKCU\..\Run: [zzwq] C:\PROGRA~1\COMMON~1\zzwq\zzwqm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\winupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: RaptisoftGameLoader - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: iniwin32.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hcacyat - Unknown owner - C:\WINDOWS\system32\hcacyat.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 
Upvote 0 Downvote
Remove the following:

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yukhjen.exe

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe

O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKCU\..\Run: [zzwq] C:\PROGRA~1\COMMON~1\zzwq\zzwqm.exe

O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"

O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\winupd.exe

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

O15 - Trusted Zone: *.mmohsix.com

O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -
O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: iniwin32.dll

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\guard.tmp (file missing)

O20 - Winlogon Notify: Setup - C:\WINDOWS\

O23 - Service: hcacyat - Unknown owner - C:\WINDOWS\system32\hcacyat.exe (file missing)

Then, do this:

Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:


Update it and run a complete scan.


I would also check it with some other virus scanners just to make sure.



Best regards.

Erik
 
Upvote 0 Downvote
you had smitfraud at some time did you get it all cleaned off?


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
[URL unfurl="true"]http://www.beyondlogic.org/consulting/proc...processutil.htm[/url]




go to add/remove and uninstall bearshare and zango, delete their folders from c:\program files if there!


Click Start > Run > and type in:

services.msc

Click OK.

In the services window find hcacyat - Unknown owner
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.




Download DelDomains.inf from here:


Rightclick DelDomains.inf and choose install.



Download the pocket killbox




First make a folder In C:\ & call it BFU then

please download BFU from



and save it to the folder you have just made
Open the folder & double click BFU.exe to run it


Run the program and click the Web button.


Use this URL below and copy it into the address bar of the Download script
window:




Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:




have hijack this fix these!


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u


Double-click on Killbox.exe to run it. Now put a tick by Delete on
Reboot. In the "Full Path of File to Delete" box, copy and paste each
of the following lines one at a time then click on the button that has
the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file on next reboot. Click
Yes. It will then ask if you want to reboot now. Click No. Continue
with that same procedure until you have copied and pasted all of
these in the "Paste Full Path of File to Delete" box.Then click yes
to reboot after you entered the last one.


Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


C:\WINDOWS\system32\yukhjen.exe
C:\WINDOWS\system32\guarnset.exe
C:\WINDOWS\system32\desktop.exe
C:\PROGRA~1\COMMON~1\zzwq\zzwqm.exe
C:\PROGRA~1\COMMON~1\zzwq
C:\Program Files\System Files\System.exe
C:\Program Files\System Files
C:\WINDOWS\system32\winupd.exe



post the logs from erik's instructions, the ewido, spysweeper, and the panda scan logs plus the smitfraud log!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
that's ok I fixed this problem thanks a lot! But I need help with my other problem please!
 
Upvote 0 Downvote
post the logs I asked you two including the hijack this log and the smitfraud! Simply ticking hijack this to fix these pests won't clean them all off!



Click here to download Look2Me-Destroyer.exe and save it to your desktop.




* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.


If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.




post a hijack this log, the smitfraud frm my last post and the l2me!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Hi all ... I'm new here but i see that you can help people so I join ... I have the same problem (muon) so i did a HiJack
Here is it:
Logfile of HijackThis v1.99.1
Scan saved at 18:24:03, on 2006-05-30
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\RED CHAIR SOFTWARE\ANAPOD EXPLORER\ANAMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\WINDOWS\DOWNLO~1\MINICL~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (Miniclip) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
P.S: I know about the miniclip toolbars ... but theres no real problem with this toolbars anyway ... you know your stuff !
 
Upvote 0 Downvote
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):



* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.



* Click here to download ATF Cleaner by Atribune and save it to your desktop.



* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.



Run ActiveScan online virus scan here


When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



post another hijack this log, the spysweeper and active scan logs




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
287
Oorde
Oorde
DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
283
DrB0b
DrB0b
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
236
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
769
Yoko Littner
Yoko Littner

Part and Inventory Search

Sponsor

Back
Top