HJT log attached.

By JSapit ยท 4 replies
Mar 12, 2007
  1. Hey all. I stumbled across this website while searching for online computer help forums. This is my first time posting here, so I hope you all will receive me well :)

    I'll get right to the problems. First off, on start-up, I get this error
    (it's a RUNDLL error)
    "Error Loading C:\WINDOWS\system32\sruusxm.dll

    The specified module could not be found."

    I don't know how to get rid of that error, but it seems to cause no major problems.

    Second, I've been having some popup problems, so I was wondering if there was a good, on-line virus scan that could take care of any malicious programs running on my computer? (I heard of this HijackThis! thing, but I don't know about it.)

    Third, after long use, or just turning my monitor off and turning it back on, my computer slows down drastically, and I don't know why. What could be the problem of this?

    Thanks in advance.
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hi, welcome to TechSpot.

    We always receive new members, so no need to worry ;)

    It does sound like a malware problem. Please go and read this thread and then post a HijackThis log as an attachment into this thread.

    Regards :)
  3. JSapit

    JSapit TS Rookie Topic Starter

    My HijackThis! log.

    Here it is, posted as an attachement.
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    There are some infections present, but we should be able to get rid of them.

    First of all, download VundoFix from here.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do its stuff.

    These are the filepaths you need to enter into Vundofix.


    Now search your computer for the filenames above and delete all instances found.

    Go into Add/Remove Programs in your Control Panel and remove anything having to do with:


    Search your computer for bar888.dll and alcmtr.exe and delete all instances found. Go into C:\Program Files, and delete the entire "SafetyBar" directory.

    Now have HJT fix these entries:
    O2 - BHO: (no name) - {26B61245-2471-3859-3126-04487DAC7F8A} - C:\WINDOWS\system32\ipnydgh.dll (file missing)
    O2 - BHO: (no name) - {2C1CB100-1E1B-4BF3-A027-B8EF1CDB73C6} - C:\WINDOWS\msagent\actsvs.dll (file missing)
    O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
    O2 - BHO: (no name) - {9BBA408A-A125-4E0D-9CBF-AE3621E0D006} - C:\WINDOWS\system32\yayyvtt.dll (file missing)
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3843F~1\Bar888.dll
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\lwdwnnlc.dll
    O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3843F~1\Bar888.dll
    O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\OWNER~1.JUS\LOCALS~1\Temp\2006115211352_mcinfo.exe /insfin
    O4 - HKLM\..\Run: [sruusxm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sruusxm.dll,nsrxhv
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab
    O20 - Winlogon Notify: actsvs - C:\WINDOWS\msagent\actsvs.dll (file missing)
    O20 - Winlogon Notify: winuyw32 - winuyw32.dll (file missing)
    O20 - Winlogon Notify: yayyvtt - yayyvtt.dll (file missing)

    Finally, go into C:\Documents and Settings\%your user name%\Local Settings\Temp and delete the file 2006115211352_mcinfo.exe. (where %your user name% is your current user name).

    Now read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, Combofix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of JSapit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Threads merged.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...