All hell broke loose on my computer- log

T

TRD_Celica

New Member
Logfile of HijackThis v1.99.1
Scan saved at 6:08:17 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\next06.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\win3207352177844.exe
C:\WINDOWS\cfg32.exe
C:\dfndrff_e32.exe
C:\nwnmff_e32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\ojdsregr.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\win3208521778443.exe
C:\WINDOWS\system32\PPATCH~1\wuaclt.exe
C:\WINDOWS\system32\s?stem\scanregw.exe
C:\WINDOWS\system32\swinkpes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\TOMMYT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wlox.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {624AB432-0F82-6323-85AE-77B59BB0DFB6} - C:\WINDOWS\system32\xfb.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kqqut.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vlxxerr.exe
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [utlf3caf] RUNDLL32.EXE w013952f.dll,n 005f3caa00000003013952f
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\swinkpes.exe GEN001
O4 - HKLM\..\Run: [win3207352177844] C:\WINDOWS\win3207352177844.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e32.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e32.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e32.exe
O4 - HKLM\..\Run: [sys09217784435] C:\WINDOWS\sys09217784435.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{B2-20-07-73-ZN}] C:\windows\system32\ojdsregr.exe GEN001
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [win3208521778443] C:\WINDOWS\win3208521778443.exe
O4 - HKCU\..\Run: [Peae] "C:\WINDOWS\system32\PPATCH~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Bkh] C:\WINDOWS\system32\s?stem\scanregw.exe
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swinkpes.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-motor.net/cabs/motorsix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1161137389643
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\TOMMYT~1\LOCALS~1\Temp\w
infix.chm::/SystemDoctor2006FreeInstall.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



I use:

NOD32
BitDeffender
Ashampoo
Spy Ferret

i ran all these but still have a problem
 
First thing i notice is that your running 2 Antiviruses which is a no-no. Go to ADD/REMOVE Programs and uninstall NOD32 or BitDefender. While there, you'll have to uninstall anything suspicious- (google them)- i'll give you these to start-'PowerStrip' and 'Spy Ferret'. Once done, reboot your computer and go to C/Program Files and delete any of the above folders if still present.

You have HJT in a temp folder- another no-no. Create a folder in C/Program Files called HijackThis and install 'HijackThis.exe' there. Incase malware is hiding from HijackThis, navigate to 'C:\Program Files\Hijackthis\HijackThis.exe' and right click on 'HijackThis.exe'.Select Rename and type in 'Show.exe' Hit enter.

Now, go here and follow these removal instructions - http://forums.majorgeeks.com/showthread.php?t=74338 Once completed, post a new 'Show.exe' log along with the 'Look2Me-Destroyer log'.
 
You must log in or register to reply here.
Back
Top