Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help...computer all jacked up!


  • Please log in to reply
5 replies to this topic

#1 pattonjb

pattonjb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 January 2005 - 06:13 AM

Help wanted.

My computer is all jacked up. I get pop-ups that keep coming back. My personal firewall is detecting several things like: GnsDj.exe, WebRebates0.exe, CoolWWWSearch.* , csrss.exe, svchost.exe, Nub7i0h.exe.

Spybot isnt's cutting it, CWShredder didn't find anything, and two "unistallers" didn't seem to work.
My computer is slowing down very rapidly. How can I get rid of all the things that are jacking my system up. I'm running XP Pro.

Any help is appreciated...

---Jason

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:41 PM

Posted 03 January 2005 - 09:26 PM

Hi Jason! We will need to get a better look at what's going on in your computer before we can help you. Please follow the instructions at this link for posting a Hijackthis log.

http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 pattonjb

pattonjb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 04 January 2005 - 02:29 PM

B_S:

Thanks for dropping a line.

Last night I tried downloading the HJT file. I saved it and unzipped it into a HJT folder that I created under C:// Program Files...

Everytime I attempted to open, it would initiate the scan, but as soon as the results would be displayed...a Windows Error HJT problem---"Do you want to send..." and then HJT would close. This occured in SAFE mode as well...with or without any other windows open. Additionally...shortly afterwards it occured so that I cannot view web pages. My connection settings are good, and I can verify my connection to my ISP...but no go.

Suggestions?

---Jason

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:41 PM

Posted 04 January 2005 - 03:40 PM

Trojans are getting smarter by the day. Try this version.

http://www.merijn.org/files/hijackthis1982.zip
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 pattonjb

pattonjb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 07 January 2005 - 03:10 AM

B_S:

Sorry it took so long to post this. I reloaded Windows and had to reconfigure my connection.
Okay...HJT log posted. Hopefully there isn't as much going on now.

Logfile of HijackThis v1.98.2
Scan saved at 9:06:15 AM, on 1/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\pupdate.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason.DRAGHI-8NE3UELV\Local Settings\Temp\Temporary Directory 1 for hijackthis1982.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.draghicycling.com/Draghi%20Home.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Microoft Timing] pupdate.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microoft Timing] pupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microoft Timing] pupdate.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105083936481
O17 - HKLM\System\CCS\Services\Tcpip\..\{E525106E-5D81-4D39-9B8B-D53E95BF1CE8}: NameServer = 195.31.14.211 151.99.125.1

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:41 PM

Posted 07 January 2005 - 05:18 PM

Not too bad. Since you reinstalled Windows make sure you get to Windows Update right away and install all critical updates found for your computer.

http://windowsupdate.microsoft.com/


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [Microoft Timing] pupdate.exe
O4 - HKCU\..\Run: [Microoft Timing] pupdate.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\pupdate.exe

Reboot your computer to go back to normal mode and post a new log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users