tcpipmon.exe :( HJT file attached

[m0nkey]

Hi , I Have got that stupid tcpipmon.exe thing that is supposed to look like the windows security center shield and gives the message "spyware infection has detected ! " and i can't seem to get rid of it.

My antivirus (nod 32) detects trojans from a site h*tp://xathzesocc.com/progs/muexhe/ (probably not a good idea to visit the site so i changed a t to *), my guess is that this has to do with the tcpipmon crap since they both started yesterday.

I have looked at other tcpipmon posts on this forum where they all go some kick *** help but i still havent got rid of my problem :/.

I have done most of the stuff in Viruses/Spyware/Malware, preliminary removal instructions. the AVG programs does not work since im on xp64 but the rest i have done.

i have attached my hjt log.

any help is apprichiated.

I think it's fixed now,since i got all the troubles in one day i tried a system restore from a couple of days earlier and it seems to have worked.

any help or suggestions is still welcome since, i dont really know i the win system restore is a sloid solution

 

[howard_hopkinso]

Hello and welcome to Techspot.

Since you`ve done a system restore, please post a fresh HJT log.

Regards Howard :wave: :wave:

This thread is for the use of m0nkey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[m0nkey]

Ok here is the new HJT log

 

[howard_hopkinso]

You`re running an outdated version of HijackThis. See HERE for the latest version and post a fresh HJT log.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: UserInit=userinit

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh updated HJT log.

Regards Howard

This thread is for the use of m0nkey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[m0nkey]

Thanks for all the help

Now i've fixed F2 - REG:system.ini: UserInit=userinit
and got the latest version of HJT (hopefully the latest ).
The latest Log is attached.

 

[howard_hopkinso]

Have HJT fix the following entries.

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard

This thread is for the use of m0nkey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[m0nkey]

Here comes the latest HJT log, hopefulle a bit cleaner this time

 

[howard_hopkinso]

Your HJT log is now clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of m0nkey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[m0nkey]

Tnx for all the awsome help, feels great to have a clean restore point