Yesterday I picked up Spyware Quake, which I think I took care of but it left some residuals. ismon.exe and ishost.exe and several other things I've never seen before like javaw.exe which, according to a few sites, is not malicious but it's also never popped up before, win2a.tmp.exe. In addition, it seems to randomly open Internet Explorer (which I don't use) but the window is hidden. Here's the log.
Spyware Quake plus more
- Thread starter koolan
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your system is infected with some real nasties.
Download and run these three tools. Follow the instructions for each tool.
Tool1. Tool2. Tool3.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your system is infected with some real nasties.
Download and run these three tools. Follow the instructions for each tool.
Tool1. Tool2. Tool3.
Post a fresh HJT log into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You must run the three tools. Post a fresh HJT log, only after you`ve run the tools.
The tools will kill most of the infections you have.
Regards Howard
The tools will kill most of the infections you have.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Ok, we`ve got rid of some of your nasties. However you still have a whole lot more that needs to be got rid of.
Download the Pocket Killbox programme from HERE. Extract it, but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
??pPatch The two question marks can be any random letter or number etc.
ToolBar888
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
dd8da8b4.exe
n?tepad.exe Again the question mark can be any random letter/number.
javaw.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {BB67EE85-7C48-20C6-4E56-2A10E6247FC6} - C:\WINDOWS\system32\lqzu.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [dd8da8b4.exe] C:\WINDOWS\system32\dd8da8b4.exe
O4 - HKCU\..\Run: [dd8da8b4.exe] C:\Documents and Settings\Ryan\Local Settings\Application Data\dd8da8b4.exe
O4 - HKCU\..\Run: [Snet] "C:\DOCUME~1\Ryan\MYDOCU~1\FNTS~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Udovj] C:\Program Files\??pPatch\n?tepad.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\??pPatch
C:\Documents and Settings\Ryan\Local Settings\Application Data\dd8da8b4.exe
C:\WINDOWS\system32\dd8da8b4.exe
C:\Program Files\ToolBar888
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
These are the filepaths you need to enter into kill box.
C:\WINDOWS\SYSTEM32\winrid32.dll
C:\WINDOWS\system32\notepad.dll
C:\WINDOWS\system32\rundll.dll
Once your system has rebooted, turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the Pocket Killbox programme from HERE. Extract it, but don`t run it yet.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programme in your control panel and uninstall anything to do with(if there).
??pPatch The two question marks can be any random letter or number etc.
ToolBar888
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
dd8da8b4.exe
n?tepad.exe Again the question mark can be any random letter/number.
javaw.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {BB67EE85-7C48-20C6-4E56-2A10E6247FC6} - C:\WINDOWS\system32\lqzu.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [dd8da8b4.exe] C:\WINDOWS\system32\dd8da8b4.exe
O4 - HKCU\..\Run: [dd8da8b4.exe] C:\Documents and Settings\Ryan\Local Settings\Application Data\dd8da8b4.exe
O4 - HKCU\..\Run: [Snet] "C:\DOCUME~1\Ryan\MYDOCU~1\FNTS~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Udovj] C:\Program Files\??pPatch\n?tepad.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\??pPatch
C:\Documents and Settings\Ryan\Local Settings\Application Data\dd8da8b4.exe
C:\WINDOWS\system32\dd8da8b4.exe
C:\Program Files\ToolBar888
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.
These are the filepaths you need to enter into kill box.
C:\WINDOWS\SYSTEM32\winrid32.dll
C:\WINDOWS\system32\notepad.dll
C:\WINDOWS\system32\rundll.dll
Once your system has rebooted, turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Try this.
Download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).
Right click on this link http://metallica.geekstogo.com/EGDACCESS.bfu and choose 'Save As' (or 'Save Target As) in order to download EGDACCESS Remover. Save it in the folder you made earlier (c:\BFU).
Start the Brute Force Uninstaller by double clicking BFU.exe
In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
Press execute and let it do its job.
Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.
Once that's done, post a fresh HJT log.
Regards Howard
Download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).
Right click on this link http://metallica.geekstogo.com/EGDACCESS.bfu and choose 'Save As' (or 'Save Target As) in order to download EGDACCESS Remover. Save it in the folder you made earlier (c:\BFU).
Start the Brute Force Uninstaller by double clicking BFU.exe
In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
Press execute and let it do its job.
Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.
Once that's done, post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Damn the nasty entries are still there.
Try This.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\SYSTEM32\winrid32.dll
C:\WINDOWS\system32\rundll.dll
C:\WINDOWS\system32\notepad.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Try This.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\SYSTEM32\winrid32.dll
C:\WINDOWS\system32\rundll.dll
C:\WINDOWS\system32\notepad.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I`ve just been reading back trough this thread and noticed you said you had an entry for Yazzle in your add remove programme. I`d like you to uninstall it. Then, delete any reference for Yazzel you find on your system.
Regards Howard
Regards Howard
The two entries in HJT were successfully removed, however i got this message upon fixing them:
"An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll)
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan."
As for the dlls, I got an error message when trying to delete winrid32.dll saying access denied, rundll.dll was not there although there was rundll32.exe, and notepad.dll was not there although notepad.exe was. In addition, I saw a file called nslookup.exe in the system32 folder. Here is a fresh HJT. As you can see, O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll is now back.
"An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll C:\WINDOWS\system32\notepad.dll)
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan."
As for the dlls, I got an error message when trying to delete winrid32.dll saying access denied, rundll.dll was not there although there was rundll32.exe, and notepad.dll was not there although notepad.exe was. In addition, I saw a file called nslookup.exe in the system32 folder. Here is a fresh HJT. As you can see, O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll is now back.
howard_hopkinso
Posts: 21,238 +17
This sure is one hell of a stubborn mother to get rid of.
I`m not sure what the error message means, I`ve never seen that before. Maybe it`s a bug in HJT?
My main concern is that nasty entry in your HJT log is still there.
Did you uninstall Yazzle from add remove programmes? If not you should do so.
Dowan load and run the Look2Medestroyer.exe from HERE. Run it as per the instructions. However, if it doesn`t reopen after 1 minute, please be patient and wait for at least 5 minutes.
I`d also like you to download and run teh vundofix tool from HERE. This is not the same vundo removal tool you used before.
Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
* Select “[7b]Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\winrid32.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Post a fresh HJT log and let me know the outcome.
Regards Howard
I`m not sure what the error message means, I`ve never seen that before. Maybe it`s a bug in HJT?
My main concern is that nasty entry in your HJT log is still there.
Did you uninstall Yazzle from add remove programmes? If not you should do so.
Dowan load and run the Look2Medestroyer.exe from HERE. Run it as per the instructions. However, if it doesn`t reopen after 1 minute, please be patient and wait for at least 5 minutes.
I`d also like you to download and run teh vundofix tool from HERE. This is not the same vundo removal tool you used before.
Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.
* Select “[7b]Add More Files?” from the menu that comes up. This will open a new VundoFix window.
In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\winrid32.dll
Click the “Add Files” button.
Click the "Close Window" button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Post a fresh HJT log and let me know the outcome.
Regards Howard
I can tell you that after all the various fixes we've done so far my system is booting much faster, lol. Look2Me-Destroyer worked this time. Nothing came up in the little window but it did not give me a message saying no infected files were found so I clicked remove and it appeared to remove something. Vundo gave me a message saying no infections were found. Here is the Look2Me log and an updated HJT.
howard_hopkinso
Posts: 21,238 +17
Nope, the nasty is still there.
I`m running out of things to try here. I`ve not come across this particular infection before. Maybe it`s some kind of new variant or something.
Please tell me if you uninstalled Yazzle.
Try this.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
when it reboots, post a fresh HJT log.
Regards Howard
I`m running out of things to try here. I`ve not come across this particular infection before. Maybe it`s some kind of new variant or something.
Please tell me if you uninstalled Yazzle.
Try this.
1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.
2. Download the attached avengerscript.txt and save it desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
when it reboots, post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
You`re not using any antivirus software or firewall.
Download the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.
Install Zonealarm, followed by AVG. reboot your system the required number of times and run the AVG updates.
Boot into safe mode and turn system restore off.
Run a full system scan with AVG and delete anything it finds.
Boot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.
Install Zonealarm, followed by AVG. reboot your system the required number of times and run the AVG updates.
Boot into safe mode and turn system restore off.
Run a full system scan with AVG and delete anything it finds.
Boot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That`s fantastic news.
Have HJT fix these two entries.
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O20 - Winlogon Notify: winrid32 - winrid32.dll (file missing)
Other than that, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Have HJT fix these two entries.
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O20 - Winlogon Notify: winrid32 - winrid32.dll (file missing)
Other than that, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
For safety's sake, here's another HJT. Also, is there anyway of preventing ctfmon from running? I've read it's non-essential (though I don't know for sure) and I believe it's conflicting with an anti-cheat program used by some games called Punkbuster. Also, an S&SD search today found more smitfraud which i had it fix. Thank you so much for all your help.
howard_hopkinso
Posts: 21,238 +17
If you want to stop ctfmon from running, that`s not a problem.
Have HJT fix the following entries.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
Your HJT log is still clean.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Have HJT fix the following entries.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
Your HJT log is still clean.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
koolan said:
Yes, yes and yes lol.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of koolan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
