TechSpot

HJT Log....Guarduptodate

By maree464
May 14, 2006
  1. I have ran online virus scans along with numerous other programs and am still being hijacked by Guarduptodate....It has taken over my home page....anyone know how to get rid of this? Here are my log file. Thanks so much.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
     
  3. maree464

    maree464 TS Rookie Topic Starter

    I did all the virus scan ect....I forgot to upload the hjt log. Here it is. Thanks again.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    PartyGaming\PartyPoker

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    RunApp.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD+LDHhd+DajGAr hJaRMx2ltVeJSLDFWGL5HYL1hszYs+VgGmSegP4DOp4ibZ2YVJ9B70Jx9P6iNh1i85xay2/+Nhdp9ueM s46RXk/kQgUrFEwnBlx2mpAAM+4lvsN5T8VfetgweqvqbXyX7QRwRZC1Q==

    R3 - URLSearchHook: (no name) - {B8043BC8-F12F-D3F1-0175-8E3AF55377C3} - (no file)

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp695B.tmp

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    Fix all 016-DPF entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\system32\hp695B.tmp
    C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  5. maree464

    maree464 TS Rookie Topic Starter

    Thanks Howard...I will be trying that in a few.. Does that mean that party poker isn't a good program to have on my pc?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  7. maree464

    maree464 TS Rookie Topic Starter

    Thank you so much Howard........I got my home page back and my pc is running great. I can't thank you enough. Thank You....
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Glad your problem is solved.

    Thanks for letting us know.

    Regards Howard :)
     
  9. maree464

    maree464 TS Rookie Topic Starter

    Hi Howare...

    I have one more question for you......should I have done all this in each persons name? I noticed when I went on my son's name and looked at msconfig to see what was starting up when I start my pc....some of his start up options were different than mine. He had lockbar.exe.....vcmain....vcclient...which I believe are some of sort of spyware that was starting up on his name but were never on mine. His home page is back also...which means your advice did work wonders, just wondering about this lockbar.exe that was checked in his msconfig. Thanks again.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, lockbar.exe is nasty.

    Go HERE and follow the instructions in the order they are given, for each account on your system.

    Then Post a fresh HJT log for each account.

    If you wish to do only one account at a time, that`s not a problem.

    Regards Howard :)
     
  11. maree464

    maree464 TS Rookie Topic Starter

    I followed the directions and am posting hjt logs for all 3 accounts on my pc. Thanks Howard.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok. I`ll do each log in order and make a separate reply for each one.

    Number 1.

    This HJT log is clean.

    Regards Howard :)
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Number 2.

    This HJT log is also clean.

    Regards Howard :)
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Number 3.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in the control panel and uninstall anything to do with(if there).

    aol toolbar 2.0

    Close control panel.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://popgoesthewizzle/

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  15. mnx34

    mnx34 TS Rookie

    hello guys. anybody can help me regarding the "your computer is infected." winreanimator insist to install.
     
  16. kritius

    kritius TS Guru Posts: 2,084

    mnx34, can you start your own thread please and post your symptoms and we'll get back to you with instructions, this thread is over 2 years old.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...