MasterMind's dead computer (Hijack this)

  1. 04-11-2004  #1
    xmastermindx
    xmastermindx is offline Newbie

    MasterMind's dead computer (Hijack this)

    My computer has been worse than ever before. Whenever I start Internet Explorer and type in a website name, it will freeze, so I must end program, and now I have been using FireFox for everything. When I am playing a game or working on something, out of nowhere, a window will pop up, and it will annoy the crap out of me.
    And worst of all, just today, when I started my computer, it would show a black screen about 10 minutes after startup (I was watching TV while it started up), and when I restarted, it said something about 'software was changed', so I had to select 'restart with last successful startup options' or something like that. Here is my hijack this log:

    Thanks.

    Logfile of HijackThis v1.98.2
    Scan saved at 3:32:52 PM, on 11/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Administrator\Application Data\mmta.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\WINDOWS\System32\w?nlogon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\-\HijackThis.exe

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\AltDesk\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Sttr] C:\Documents and Settings\Administrator\Application Data\mmta.exe
    O4 - HKCU\..\Run: [Svcmxvkv] C:\WINDOWS\System32\w?nlogon.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.lgc.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.lgc.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.lgc.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.lgc.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.lgc.com
  2. 04-11-2004  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Might help if you responded to other posts, this then we can help you protect your PC.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKCU\..\Run: [Sttr] C:\Documents and Settings\Administrator\Application Data\mmta.exe
    O4 - HKCU\..\Run: [Svcmxvkv] C:\WINDOWS\System32\w?nlogon.exe
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Go to the Control Panel, double click Add/Remove programs and uninstall the following programs:
    VBouncer
    WindUpdates

    Delete the following files and folders:
    C:\WINDOWS\wupdt.exe
    C:\windows\system32\taskmgn.exe
    C:\Program Files\VBouncer
    C:\Program Files\WindUpdates
    C:\Documents and Settings\Administrator\Application Data\mmta.exe
    C:\WINDOWS\System32\w?nlogon.exe

    Reboot and post a fresh log
+ Reply to Thread
« need help with hijack this log | HiJack Log »