I was told to repost here after i completed all the steps from the other thread. Well i was doing the online internet scan and i get an error report after i use the delete option. It doesn't delete really any of the detected files however, but it gives the option to view more information on the viruses. I get the error report before i can view all the details of the viruses. Here is my hijack now report though after following the other instructions. try to direct me from here. Should i do the other two steps posted by RBS?
yyy65 popus seem to be gone. have tagasaurus
- Thread starter cmheinley
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).
SYSC00.exe
twmtsrwA.exe
Close task manager.
Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\msupdate32.dll and press the enter key.
Run HJT with no other programmes open and have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [twmtsrwA] C:\WINDOWS\twmtsrwA.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ljimcphl.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\twmtsrwA.exe
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).
SYSC00.exe
twmtsrwA.exe
Close task manager.
Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\msupdate32.dll and press the enter key.
Run HJT with no other programmes open and have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [twmtsrwA] C:\WINDOWS\twmtsrwA.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ljimcphl.dll (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\twmtsrwA.exe
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT.
Regards Howard
okay. the only problem i came across was unregistering the msupdate32.dll. It said that there was no acess point for /u i believe. I had already deleted SYSC00.exe and twmtsrwA, and there was no msupdate.dll that i saw. I did however use hjt to fix the three problems and my new report is as follows.
howard_hopkinso
Posts: 21,238 +17
Something`s not quite right here.
Go HERE and follow all the instructions again in reply #17
Regards Howard
Go HERE and follow all the instructions again in reply #17
Regards Howard
- Status
