Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log - mazzereth


  • Please log in to reply
1 reply to this topic

#1 mazzereth

mazzereth

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 29 December 2004 - 01:43 PM

My computer seems to be a rotting pool of viruses...so help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 10:42:27 AM, on 29/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\msc32.exe
C:\WINDOWS\System32\WinxPupd.exe
C:\WINDOWS\System32\wuaruclt.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svhost33.exe
C:\temp\salm.exe
C:\WINDOWS\System32\scguard.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\spsdqew.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Services Startup] svhost33.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [cnyhsxql] C:\WINDOWS\cnyhsxql.exe
O4 - HKLM\..\Run: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [p9nX8bFx] C:\WINDOWS\spsdqew.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [*windows update] wuaruclt.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\RunServices: [Services Startup] svhost33.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [*windows update] wuaruclt.exe
O4 - HKLM\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] WinxPupd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Network Controller] WinxPupd.exe
O4 - HKCU\..\Run: [*windows update] wuaruclt.exe
O4 - HKCU\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] WinxPupd.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101259446839
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:17 AM

Posted 30 December 2004 - 02:57 PM

Can you please zip and email the following files to grinler@yahoo.com:

C:\WINDOWS\System32\wuaruclt.exe

When you email me, please include a link to this topic. In your reply let us know if you sent the files.

Thanks

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Admilli Service
Windows Adtools
IST SVC


Print out these instructions and then close all windows including Internet Explorer.

Reboot your computer into Safe Mode

Press control-alt-delete, and click on the processes tab. Then look for a process called c:\windows\system32\wuaruclt.exe and click on it once to select and then click on the end task button.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Services Startup] svhost33.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [cnyhsxql] C:\WINDOWS\cnyhsxql.exe
O4 - HKLM\..\Run: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\Run: [MS Windows Update] scguard.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [p9nX8bFx] C:\WINDOWS\spsdqew.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [*windows update] wuaruclt.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\RunServices: [Services Startup] svhost33.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] WinxPupd.exe
O4 - HKLM\..\RunServices: [MS Windows Update] scguard.exe
O4 - HKLM\..\RunServices: [*windows update] wuaruclt.exe
O4 - HKLM\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] WinxPupd.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Network Controller] WinxPupd.exe
O4 - HKCU\..\Run: [*windows update] wuaruclt.exe
O4 - HKCU\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] WinxPupd.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -


Then delete these files or directories (Do not be concerned if they do not exist)

C:\PROGRAM FILES\PERFEC~1\
C:\Program Files\MyWay\
C:\PROGRAM FILES\ISTbar\
C:\Program Files\Common files\SearchUpgrader\
C:\Program Files\Common Files\CMEII\
c:\program files\altnet\
C:\WINDOWS\System32\P2P Networking\
c:\windows\system32\msc32.exe
c:\temp\salm.exe
C:\WINDOWS\cnyhsxql.exe
C:\Program Files\Windows ServeAd\
C:\Program Files\Admilli Service\
C:\WINDOWS\System32\
C:\Program Files\ISTsvc\
C:\WINDOWS\spsdqew.exe
C:\PROGRAM FILES\COMMON FILES\tsa\
C:\Program Files\Power Scan\powerscan.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
c:\windows\system32\svhost33.exe
c:\windows\system32\scguard.exe
c:\windows\system32\WinxPupd.exe
c:\windows\system32\wuaruclt.exe
c:\windows\system32\msc32.exe
c:\windows\system32\WinxPupd.exe
C:\Program Files\Common Files\GMT\
C:\Program Files\Web_Rebates\
c:\counter.cab

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users