Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

removing security iguard from my pc


  • This topic is locked This topic is locked

#1
oz615

oz615

    Member

  • Member
  • PipPip
  • 14 posts
I've tried the uninstall link,Ad-Aware SE,Spybot S&D,I've even tried removing this on safe mode,but everytime i restart the pc the program is right back up hope anyone can find anything suspicious in this log so i can do something about,thank in adavance

Logfile of HijackThis v1.98.2
Scan saved at 12:44:39 PM, on 3/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\ADVANCED INTERNET ERASER\AIE.EXE
C:\WINDOWS\SYSTEM\RNOJHJS.EXE
C:\WINDOWS\APPLICATION DATA\NSAC.EXE
C:\WINDOWS\SYSTEM\MSMFILTER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\BOOTMINDER.EXE
C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lotteryamerica.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mensactivism.org/
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.mensactivism.org/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9d2gywgv.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\9d2gywgv.slt\prefs.js)
O2 - BHO: (no name) - {263BC1E9-2B03-29FC-28D4-2287EAF1E9C9} - C:\WINDOWS\SYSTEM\HMTNHMT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN8\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - (no file)
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [AIE] C:\PROGRAM FILES\ADVANCED INTERNET ERASER\AIE.exe
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
O4 - HKCU\..\Run: [Fuyjco] C:\WINDOWS\SYSTEM\rnojhjs.exe
O4 - HKCU\..\Run: [Acuu] C:\WINDOWS\Application Data\nsac.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [bBrnRWYnR] MSMFILTER.EXE
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Bootminder 2.lnk = C:\WINDOWS\bootminder.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &Anonymization - C:\WINDOWS\SYSTEM\sys32.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Anonymization.Net - {8B466019-1E6E-4552-A096-7C0A2876E50E} - C:\WINDOWS\SYSTEM\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1F564000-95AC-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1F564000-95AC-11D9-BAEC-00E006FC779B} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {3BC7E100-9569-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3BC7E100-9569-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8D370F60-9592-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8D370F60-9592-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E5A0060-9598-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E5A0060-9598-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7F884A0-959E-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBFCEB20-959F-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7061BDA0-95A0-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B2F43220-95A9-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B2F43220-95A9-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B67F1120-95AA-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B67F1120-95AA-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1F564000-95AC-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1F564000-95AC-11D9-BAEC-00E006FC779B} - (no file) (HKCU)
O12 - Plugin for .cfm: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppl3260.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azese...l/azesearch.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
First we'll need you to download the latest version of HiJack This. Click Here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:

1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.

Make sure you are disconnected from the Internet and all windows and programs are closed. Run HiJack This and post your new log here.

[edit] As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 12 April 2005 - 11:47 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP