Mom's comp,32 virus's,lots of problems

Discussion in 'adware, spyware & hijack cleaning' started by Relexano, May 29, 2004.

Thread Status:
Not open for further replies.
  1. Relexano

    Relexano Registered Member

    Joined:
    May 28, 2004
    Posts:
    14
    Ok my mother's computer is completely messed up,it hardly even runs. I know Hijack this blasts spyware and such,but does it remove virus's,and even if it doesn't could someone examine this log to maybe get rid of anything else that could be messing up here computer?

    Logfile of HijackThis v1.97.7
    Scan saved at 3:47:58 PM, on 5/29/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\PRINTRAY.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\TEMP\VJZHP.EXE
    C:\WINDOWS\SYSTEM\CON4DMOD.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
    C:\WINDOWS\DHBRWSR.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\PSD TOOLS\BLENGINE.EXE
    C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
    C:\WINDOWS\APPLICATION DATA\OSEP.EXE
    C:\PROGRAM FILES\GHOSTSURF\GHOSTSURF.EXE
    C:\PROGRAM FILES\VCOM\SYSTEMSUITE\MXTASK.EXE
    C:\PROGRAM FILES\SYSAI\SYSAI.EXE
    C:\WINDOWS\DHSVR.EXE
    C:\PROGRAM FILES\VCOM\FIX-IT\MXTASK.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\VCOM\SYSTEMSUITE\SSUITE.EXE
    C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\WINDOWS\TEMP\~~PDTEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50082
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50082
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50082
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com."); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\jimdd7rz.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\jimdd7rz.slt\prefs.js)
    O1 - Hosts: 193.125.201.50 ie.search.msn.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {1510FA7A-916D-4264-A4ED-AA063A78F490} - C:\WINDOWS\SYSTEM\IEPDEERS.DLL
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - (no file)
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\SYSRM\MSIESH.DLL
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
    O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
    O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: (no name) - {6612FF4A-8DBE-442C-8CA4-CF99AB20EA30} - (no file)
    O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {8E8AA793-D85C-43B4-BC0B-8C9243BE1704} - (no file)
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\DEALHLPR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\FIX-IT\MEMCHECK.EXE
    O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [VJZHP.EXE] C:\WINDOWS\TEMP\VJZHP.EXE
    O4 - HKLM\..\Run: [r72f37j] CON4DMOD.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [DealHelperUpdate] C:\WINDOWS\DHUpdt.exe
    O4 - HKLM\..\Run: [DealHelperBrwsr] C:\WINDOWS\dhbrwsr.exe
    O4 - HKLM\..\Run: [mvstytct] C:\WINDOWS\mvstytct.exe
    O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.EXE -CHECK
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Taar] C:\WINDOWS\Application Data\erea.exe
    O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
    O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\SYSTEM\wnsintsv.exe
    O4 - HKCU\..\Run: [PC 1Click Daily Scan] C:\PROGRAM FILES\PC 1CLICK\PC 1CLICK 2.0 FREE AUTOSCAN\PC1CLICK.EXE /background
    O4 - HKCU\..\Run: [Ibso] C:\WINDOWS\Application Data\osep.exe
    O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\RunServices: [Taar] C:\WINDOWS\Application Data\erea.exe
    O4 - HKCU\..\RunServices: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
    O4 - HKCU\..\RunServices: [WNSC] C:\WINDOWS\SYSTEM\wnsintsv.exe
    O4 - HKCU\..\RunServices: [PC 1Click Daily Scan] C:\PROGRAM FILES\PC 1CLICK\PC 1CLICK 2.0 FREE AUTOSCAN\PC1CLICK.EXE /background
    O4 - HKCU\..\RunServices: [Ibso] C:\WINDOWS\Application Data\osep.exe
    O4 - HKCU\..\RunServices: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q
    O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Fix-It.lnk = C:\Program Files\VCOM\Fix-It\mxtask.exe
    O4 - Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
    O4 - Startup: SystemSuite.lnk = C:\Program Files\VCOM\SystemSuite\MXTask.exe
    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Block this advertisement - file://C:\PROGRAM FILES\GHOSTSURF\menu.blockimg.html
    O8 - Extra context menu item: Allow this advertisement - file://C:\PROGRAM FILES\GHOSTSURF\menu.allowimg.html
    O8 - Extra context menu item: Block popups on this site - file://C:\PROGRAM FILES\GHOSTSURF\popup.block.html
    O8 - Extra context menu item: Allow popups on this site - file://C:\PROGRAM FILES\GHOSTSURF\popup.allow.html
    O8 - Extra context menu item: Block personal info from this site - file://C:\PROGRAM FILES\GHOSTSURF\info.block.html
    O8 - Extra context menu item: Allow personal info to reach this site - file://C:\PROGRAM FILES\GHOSTSURF\info.allow.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: GhostSurf Privacy Center (HKLM)
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.319224537
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://cashgames.skilljam.com/ssp/SSP.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Relexano,

    No offense, but that is one big load of garbage.
    Fisrt follow instructions here: HOW TO? Read here about how to post your log!! I would advise AdAware in this case.

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Then reboot and post the hopefully much shorter log.

    Although we can find and remove some viruses with HijackThis, if you don´t have a Antivirusprogram an online scan works much better.
    You will find several listed here: http://www.wilders.org/free_services_m.htm

    Regards,

    Pieter
     
  3. Relexano

    Relexano Registered Member

    Joined:
    May 28, 2004
    Posts:
    14
    We have tried anti-virus programs,they just wont remove the virus's,and when they do....the virus's come right back a second later,so I will post the new log after getting cwshredder for my mom's computer....She has been considering completely restarting her computer completely but she has alot of valuable files on it at the moment.
     
Thread Status:
Not open for further replies.