HighJackThis log and info

Status
Not open for further replies.
A

ADTeagu

Currently, this messed up computer is supposed to be the server for the LAN at home.

I'm getting a rasautou.exe prompt asking to connect to various sites. It is on a DSL system that uses dial-up for back-up which appears to be more of a floodgate than anything else at the momment.

I'm aware of the nvsc32.exe virus on the computer, yet don't know how to fix it, yet I'm pretty sure that it came through with DyFuCa, and DyFuCa.Internet.Optimizer. I'm pretty sure that there are at least 2-3 viruses on this computer including nvsc32.exe.

If there is anything else that you need to know, tell me, and please help me putting the server back into commission.

As for the log file, it is attached
 
To get rid of this trojan nvsc32.exe follow the instructions in this link:
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.ED

After that, go to my post and do exactly what it says.
https://www.techspot.com/vb/topic17297.html

Only then, run HJT on its own in safe mode and let it "fix": (some might be gone already)

C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\hllcxpa.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\WINDOWS\System32\rasautou.exe

O4 - HKLM\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\Run: [q] C:\documents and settings\stephen teague\local settings\temp\q.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100828903609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Delete all those files that were "fixed",
incl. this lot: C:\Program Files\Admilli Service\
 
Status
Not open for further replies.

Similar threads

Mickey1
PC Freezes & won't open anything
Replies
3
Views
509
info12345
info12345
losdavos
Malware removal help, please and thank you!
Replies
1
Views
803
losdavos
losdavos
Shawn Knight
FPS and your eyes: Some people can process visual information faster than others
Replies
22
Views
238
RudyBob
RudyBob

Latest posts

Back