HJT Log....Guarduptodate

[maree464]

I have ran online virus scans along with numerous other programs and am still being hijacked by Guarduptodate....It has taken over my home page....anyone know how to get rid of this? Here are my log file. Thanks so much.

 

[howard_hopkinso]

Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard

 

[maree464]

I did all the virus scan ect....I forgot to upload the hjt log. Here it is. Thanks again.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

PartyGaming\PartyPoker

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

RunApp.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD+LDHhd+DajGAr hJaRMx2ltVeJSLDFWGL5HYL1hszYs+VgGmSegP4DOp4ibZ2YVJ9B70Jx9P6iNh1i85xay2/+Nhdp9ueM s46RXk/kQgUrFEwnBlx2mpAAM+4lvsN5T8VfetgweqvqbXyX7QRwRZC1Q==

R3 - URLSearchHook: (no name) - {B8043BC8-F12F-D3F1-0175-8E3AF55377C3} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp695B.tmp

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Fix all 016-DPF entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\hp695B.tmp
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

Reboot into normal mode and turn system restore back on.


Regards Howard

 

[maree464]

Thanks Howard...I will be trying that in a few.. Does that mean that party poker isn't a good program to have on my pc?

 

[howard_hopkinso]

Thanks Howard...I will be trying that in a few.. Does that mean that party poker isn't a good program to have on my pc?

Yes that`s exactly what I mean.

Here`s some info on Partypoker.

http://www.spywaredata.com/spyware/threat_list/PARTY POKER/result.php

Regards Howard

 

[maree464]

Thank you so much Howard........I got my home page back and my pc is running great. I can't thank you enough. Thank You....

 

[howard_hopkinso]

Thank you so much Howard........I got my home page back and my pc is running great. I can't thank you enough. Thank You....

Glad your problem is solved.

Thanks for letting us know.

Regards Howard

 

[maree464]

Hi Howare...

I have one more question for you......should I have done all this in each persons name? I noticed when I went on my son's name and looked at msconfig to see what was starting up when I start my pc....some of his start up options were different than mine. He had lockbar.exe.....vcmain....vcclient...which I believe are some of sort of spyware that was starting up on his name but were never on mine. His home page is back also...which means your advice did work wonders, just wondering about this lockbar.exe that was checked in his msconfig. Thanks again.

 

[howard_hopkinso]

Yes, lockbar.exe is nasty.

Go HERE and follow the instructions in the order they are given, for each account on your system.

Then Post a fresh HJT log for each account.

If you wish to do only one account at a time, that`s not a problem.

Regards Howard

 

[maree464]

I followed the directions and am posting hjt logs for all 3 accounts on my pc. Thanks Howard.

 

[howard_hopkinso]

Ok. I`ll do each log in order and make a separate reply for each one.

Number 1.

This HJT log is clean.

Regards Howard

 

[howard_hopkinso]

Number 2.

This HJT log is also clean.

Regards Howard

 

[howard_hopkinso]

Number 3.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in the control panel and uninstall anything to do with(if there).

aol toolbar 2.0

Close control panel.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://popgoesthewizzle/

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

Reboot into normal mode and turn system restore back on.


Regards Howard

 

[mnx34]

hello guys. anybody can help me regarding the "your computer is infected." winreanimator insist to install.

 

[kritius]

mnx34, can you start your own thread please and post your symptoms and we'll get back to you with instructions, this thread is over 2 years old.