TechSpot

HJT log for the possessed PC

By glowingnissan07
Jun 5, 2006
  1. told to post this here from Howard Hopkinso



    Keep in mind this is on Safemode (Windows Domain Controllers only)
    and that on Normal Mode, i got an INS application error on bootup that I traced to "winupdates.exe". apparently it didn't show up here, and ive been told its a worm.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is out of date.

    The latest version of HJT is 1.99.1.

    Obtain the latest version and post a fresh HJT log into this thread as an attachment please.

    Regards Howard :)
     
  3. glowingnissan07

    glowingnissan07 TS Enthusiast Topic Starter Posts: 94

    yea yea yea...its attachd

    HJT 1.99
     

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and this time follow the instructions.

    Then, post a fresh HJT log.

    Regards Howard :)
     
  5. glowingnissan07

    glowingnissan07 TS Enthusiast Topic Starter Posts: 94

    ok ok howard, i followed ur instructions EXACTLY. As you will see, even though Eqido cleaned certain threats, my HJT log still has the same apps on the list. I'm assuming thats not supposed to happen.

    If its worth knowing, I had to install Ewido on THIS PC to get the update package, and then installed Ewido on my PC and then pasted the extra signatures in the Signature Folder, so i had the same update package as this one.

    After running Ewido the first time, I couldn't run a number of apps, including HJT. I kept getting the annoying illegal operation error that asks u to send an error to report to Microsoft. I Decided to reset, but apparantly logonui.exe was illegal too. I noticed in all the apps errors this in Error Signature:

    szModName: clbcatq.dll

    I'm not sure if thats relevant...but what the heck, the more info the better i guess.

    Anyway i got it log off, but it got stuck on Saving Settings, and never finished, so it never shut off. My only option was to go a manual reset. Everything booted up normaly and ran normally, all the apps. But I got to Windows and got one of those errors, suprisingly not a Run-time Error:

    isactiveguard:RegOpenKeyEx failed 2 0

    im almost positive that has to do with the newly installed Ewido though.

    Anyway, the reports are attached, so have urself a look. The scan report is from Ewido which will show u what it cleaned. Compare with HJT log after the reset.
     

    Attached Files:

  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    winupdate
    winupdates

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    p2pnetworking
    winupdates
    winupdate

    close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    PowerReg Scheduler V3.exe
    p2pnetworking.exe
    winupdates.exe
    winupdate.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto

    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    PowerReg Scheduler V3.exe
    C:\Program Files\winupdates\winupdates.exe
    C:\Program Files\winupdate\winupdate.exe
    p2pnetworking.exe

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  7. glowingnissan07

    glowingnissan07 TS Enthusiast Topic Starter Posts: 94

    suprisingly this pass went perfectly smooth. :approve:

    I went on in Safe Mode (NOT Windows Domain Controllers Only) and did everything you said.

    winupdates.exe and p2pnetworking.exe was nowhere to be found except on HijackTHis, so i fixed them, now they're gone.So far, not a single crash, but im running a defrag cuz so far everytime its crashed on that. Ill let you know if i still have the problem.

    Im posting 3 HJT's, #3 = HJT before fix in safemode
    #4 = HJT after the fix in safemode
    #5 = HJT after the fix in normal mode
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is now clean.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...