2 replies to this topic

[Rhonda7]

Hi guys. I need some help. My cousin didnt know how to do all this so im doing it for her. I was wondering if someone could please respond to this and help her out. Thanks. She has Winxp and she keeps getting an error to check her disk. I told her about 7 different things to do but they didnt help so this is last resort. I already see TONS of things with "missing file" that shouldnt be missing! Heres her log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:05 PM, on 11/24/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\winload.exe
C:\Program Files\PLUS!\nigoqo77798.exe
C:\WINDOWS\TEMP\avydtlfg.exe
C:\WINDOWS\System32\wbem\csrss.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\avp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Insider\Insider.exe
C:\Documents and Settings\user\Application Data\cjj.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\wmconnects\wwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscapeconnect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30321~1\Bar888.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\user\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [nigoqo] C:\Program Files\PLUS!\nigoqo77798.exe
O4 - HKLM\..\Run: [Panicware] C:\WINDOWS\TEMP\avydtlfg.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\dcbcg.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\System32\wbem\csrss.exe
O4 - HKLM\..\Run: [khmjqbaf] rundll32.exe "C:\Program Files\axmrwnct\ctkfwtav.dll",Init
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\user\LOCALS~1\Temp\18550\gm.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Teoc] "C:\WINDOWS\PPPATC~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Ddils] C:\WINDOWS\SYSTEM32\F?nts\s?anregw.exe
O4 - HKCU\..\Run: [moir] C:\PROGRA~1\COMMON~1\moir\moirm.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Microsoft Webcam Enhance V2.1] C:\WINDOWS\runtfs32.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\System32\drivers\smss.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\user\smss.exe
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Windows Rescue System] C:\DOCUME~1\user\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\user\Application Data\jekz.exe
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [default] C:\Documents and Settings\LocalService\scvhost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnectd\wmtray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150864645269
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150864538235
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/c...::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9D3B82-326D-402E-AF5F-68865795B6D0}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD98A9F-4104-43E4-A0B5-7AD7F54921AC}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8C50378-66DF-4226-854C-D03B8B137E49}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O20 - AppInit_DLLs:
O21 - SSODL: nGvkNqF - {10321411-BA98-BEBB-4832-97F251AF0CDA} - C:\WINDOWS\System32\lzh.dll
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\cppnlz.dll
O21 - SSODL: E404Helper - {72d06f3a-774f-4584-8a90-da11a3380a76} - e404d.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\jkd845jg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - C:\WINDOWS\System32\d4ghggf4g.dll
O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\cppnlz.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

--
End of file - 10999 bytes


Thanks

[MrCharlie]

Welcome to the forum.

This computer is loaded with malware.......I would suggest that you reformat and reinstall XP so you can start clean.

Let me know, MrC

[MrCharlie]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.