Could you please have a look at my log?

Status
Not open for further replies.
hello everyone my name is marco and i am an archaeologist student.
i accidentally came across a trojan virus that is not deleting from my pc. I stumbled acrooss your forums and followed/downloaded all the info and programs you give.
So after failing to remove the virus i got hijack this and this is my log

i would be very gratefull if you could have a look at it
thanks in advance

marco
 
Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

w?auclt.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O4 - HKCU\..\Run: [Calpjwih] C:\WINDOWS\?dobe\w?auclt.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\?dobe\w?auclt.exe

Reboot into safe mode and turn system restore back on.

Regards Howard :wave: :wave:
 
Thank you for the swift reply, Do i have to fix all the files you listed or just the bold/udnerlined one?

also by locate the file do you mean manually locating and deleting?


thanks for welcome too = )


marco
 
I mean you should go to the following directory and delete the bold entries.

C:\WINDOWS\?dobe\w?auclt.exe

Follow all the instructions I posted. In the order they are given.

Regards Howard :)
 
Ok i have followed the instruction to the word, some of the things didnt match like I could not find the process to end it, nor find the folders in C drive. However everything seemed fine, As i booted up no virus warning came up, and i decided to run Avg. Avg detects 2 viruses still : !update.exe and !update-3595(1),00000.


Any advide or action on this please


Marco Scourtis
 
Status
Not open for further replies.
Back