heres the log...
Please Read My Hijack This Log...Having major problems with yyy65 and other spyware
- Thread starter SpaceMonkey
- Start date
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go HERE and follow the instructions.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then post a fresh HJT log. Only after doing the above.
Regards Howard :wave: :wave:
Go HERE and follow the instructions.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Then post a fresh HJT log. Only after doing the above.
Regards Howard :wave: :wave:
the look2me virus scanner did not work...it loaded then I pressed run task and ok, but it never came back up. I did the other things you said though. Heres my new log.
Thanks
Thanks
Tedster
Posts: 5,746 +14
yyy65 fix (newer) - thanks howard.....
Please download Look2Me-Destroyer.exe to your desktop.
* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Please download Look2Me-Destroyer.exe to your desktop.
* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
I have done all that and still it won't work...
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager and end process for(if there).
ptsnoop.exe
winupdates.exe
SYSC00.exe
zkrgcc.exe
KEYBOARD1.exe
MOUSEPAD.exe
ibm00003.exe
ONCEJUGS.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [zkrgcc] C:\WINDOWS\SYSTEM\zkrgcc.exe
O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe
O4 - HKLM\..\Run: [mousepad] C:\\MOUSEPAD.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"
O4 - HKCU\..\Run: [book blah] C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
Click the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\ptsnoop.exe
winupdates.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\SYSTEM\zkrgcc.exe
C:\\KEYBOARD1.exe
C:\\MOUSEPAD.exe
C:\WINDOWS\SYSTEM\ibm00003.exe
C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe
Reboot into normal mode.
Regards Howard
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager and end process for(if there).
ptsnoop.exe
winupdates.exe
SYSC00.exe
zkrgcc.exe
KEYBOARD1.exe
MOUSEPAD.exe
ibm00003.exe
ONCEJUGS.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [zkrgcc] C:\WINDOWS\SYSTEM\zkrgcc.exe
O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe
O4 - HKLM\..\Run: [mousepad] C:\\MOUSEPAD.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"
O4 - HKCU\..\Run: [book blah] C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
Click the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\WINDOWS\ptsnoop.exe
winupdates.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\SYSTEM\zkrgcc.exe
C:\\KEYBOARD1.exe
C:\\MOUSEPAD.exe
C:\WINDOWS\SYSTEM\ibm00003.exe
C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe
Reboot into normal mode.
Regards Howard
Similar threads
Latest posts
-
Sandisk's Stargate SSD architecture targets 512TB drives by 2027- TheBigT42 replied
-
Nvidia's RTX 5060 Ti 8GB is Even Slower than the Intel Arc B580- Eldritch replied
