help with winupd.exe

Discussion in 'adware, spyware & hijack cleaning' started by noirsommeil, May 5, 2004.

Thread Status:
Not open for further replies.
  1. noirsommeil

    noirsommeil Registered Member

    Joined:
    May 5, 2004
    Posts:
    6
    Logfile of HijackThis v1.97.7
    Scan saved at 20:37:24, on 2004-05-05
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\program files\Gadu-G\gg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\m\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis1977.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "D:\program files\Gadu-G\gg.exe" /tray
    O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

    it's such a stupid virus, can you help me?
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Hello,

    First, is that the entire HijackLog? Anyway You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop. Post a fresh log.

    Regards
     
Thread Status:
Not open for further replies.