1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Please Read My Hijack This Log...Having major problems with yyy65 and other spyware

By SpaceMonkey ยท 5 replies
Mar 7, 2006
  1. heres the log...
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  3. SpaceMonkey

    SpaceMonkey TS Rookie Topic Starter

    the look2me virus scanner did not work...it loaded then I pressed run task and ok, but it never came back up. I did the other things you said though. Heres my new log.

  4. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    yyy65 fix (newer) - thanks howard.....

    Please download Look2Me-Destroyer.exe to your desktop.

    * Close all windows before continuing.
    * Double-click Look2Me-Destroyer.exe to run it.
    * Put a check next to Run this program as a task.
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the Remove L2M button.
    * You will receive a Done Scanning message, click OK.
    * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
  5. SpaceMonkey

    SpaceMonkey TS Rookie Topic Starter

    I have done all that and still it won't work...
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager and end process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband

    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [zkrgcc] C:\WINDOWS\SYSTEM\zkrgcc.exe
    O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe
    O4 - HKLM\..\Run: [mousepad] C:\\MOUSEPAD.exe
    O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"
    O4 - HKCU\..\Run: [book blah] C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com

    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

    Click the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).


    Reboot into normal mode.

    Regards Howard :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...