Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cleaning friends old computer


  • Please log in to reply

#1
scar69

scar69

    New Member

  • Member
  • Pip
  • 2 posts
Hello,
Yesterday a friend brought her computer to me to try and clean up all the spyware and viruses. I don't know how old this thing is but it is running Windows ME and only has a 850mhz celeron cpu and 128mb of ram. Once I checked things out I noticed that she didn't have any spyware programs and her Norton Anti-Virus was expired. I installed Avast 4.7 Home Edition and Ad-Aware SE Personal and Spy-Bot S&D. I've run 2 or 3 scans with each program and am still getting unwanted spyware. I have done most of the stuff here except create a new system restore point. Every time I try to make one I get an error message saying "System Restore cannot run until you restart the computer. Please restart the computer, and then run system restore again". I tried re-booting a few times and still get the same message.

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 7:46:46 PM, on 06/11/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\CPQMLDET.EXE
C:\COMPAQ\EAKDRV\STARTDRV.EXE
C:\COMPAQ\EAKDRV\EAKDRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\COMPAQ\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...e...C01&lc=1009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pccode.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TELUS Internet Service
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE" "+b1"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co....cab?10,0,910,0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...w_schematic.asp
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab



ActiveScan report


Incident Status Location

Adware:Adware/WinTools Not disinfected C:\WINDOWS\TEMP\CAB70760\toolbar.dll
Adware:Adware/WinTools Not disinfected C:\WINDOWS\TEMP\CAB85412\toolbar.dll
Dialer:Dialer.DW Not disinfected C:\WINDOWS\TEMP\fastdown.upd.exe
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\TEMP\common.dll
Possible Virus. Not disinfected C:\WINDOWS\TEMP\dinst.exe
Adware:Adware/WinTools Not disinfected C:\WINDOWS\TEMP\msiein\CAB37998.8028765046\toolbar.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\TEMP\msiein\CAB38030.4346971065\toolbar.dll
Adware:Adware/WinTools Not disinfected C:\WINDOWS\TEMP\msiein\CAB38129.965434375\toolbar.dll
Adware:Adware/Transponder Not disinfected C:\WINDOWS\TEMP\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\TEMP\zserv.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\TEMP\ceres.inf
Adware:Adware/MSView Not disinfected C:\WINDOWS\TEMP\MSView.inf
Spyware:Cookie/Adtech Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Toplist Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\wy68gy0w.default\cookies.txt[.toplist.cz/]
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\flash.inf
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@master.mx-targeting[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@master.mx-targeting[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@servlet[2].txt
Spyware:Cookie/Toplist Not disinfected C:\WINDOWS\Cookies\default@toplist[1].txt
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\default@888[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\default@offeroptimizer[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@cliks[4].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\default@ad.yieldmanager[1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\WINDOWS\Cookies\default@bestoffersnetworks[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@servlet[3].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@master.mx-targeting[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\default@offeroptimizer[2].txt
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\default@888[5].txt
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\default@888[4].txt
Spyware:Cookie/Cassava Not disinfected C:\WINDOWS\Cookies\default@cassava[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@cliks[5].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\anyuser@cliks[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@cliks[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\default@rn11[2].txt
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\default@888[2].txt
Spyware:Cookie/Cassava Not disinfected C:\WINDOWS\Cookies\default@cassava[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\anyuser@www.burstbeacon[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\anyuser@cliks[3].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\default@www.burstbeacon[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\Cookies\default@adultfriendfinder[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\Cookies\default@azjmp[2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@cliks[2].txt
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\default@888[3].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\WINDOWS\Cookies\default@bestoffersnetworks[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\default@burstnet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@terra.com[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\default@ad.yieldmanager[3].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\default@microsofteup.112.2o7[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@servlet[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\default@offeroptimizer[4].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@cliks[3].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\WINDOWS\Cookies\default@bestoffersnetworks[6].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\default@master.mx-targeting[4].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\default@microsofteup.112.2o7[2].txt
Possible Virus. Not disinfected C:\WINDOWS\Buddy.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_34.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_80.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall4_94.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall5_40.exe
Possible Virus. Not disinfected C:\WINDOWS\dinst.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_22.exe



Uninstall report

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
avast! Antivirus
BJ Printer Driver
COLOREAL
Compaq Automatic Updating for Windows
Compaq Diagnostics for Windows
Compaq Digital Dashboard
Cool Edit Pro 2.1
Cosmi's Photo Editor
Deer Hunter 3
Deer Hunter 5
EA Network Play System
Easy Access Button Support
Easy Access Button Support (Drivers)
Flight For Windows95
Free Natural text to speech reader
Greeting Card Creator 32
HijackThis 1.99.1
HP DeskJet 610C Series (Remove only)
HP Photo and Imaging 1.0 - Scanjet 3500c Series
HP Photo and Imaging 1.1 - Photosmart Cameras
IE5 Custom
InCD (ahead software)
InCDUDF Reader(ahead software)
Industryplayer 4.0
Internet Explorer Q891781
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 9
Lavasoft VX2 Cleaner
LimeWire 4.12.6
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft Connection Manager
Microsoft Encarta Interactive World Atlas 2001
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Links 2003 Demo
Microsoft Money 2001
Microsoft Outlook Express 6
Microsoft Smart Card Base Components
Microsoft VGX Q833989
Microsoft Works 6.0
Mozilla Firefox (2.0)
MSN Messenger 7.0
Musicmatch® Jukebox
Nero - Burning Rom
NeroMediaPlayer
Netscape Communicator 4.7
Outlook Express Q887797
Panda ActiveScan
PCTEL Platinum V.90 Modem Drivers
Photosmart 140,240,7200,7600,7700,7900 Series
PokerStars
Shockwave
SimCoaster
Spybot - Search & Destroy 1.3
SureThing CD Labeler - Stomper Edition 32 bit
telus.net Starter Kit
The Sims Deluxe Edition
Tweak-SE plug-in for Ad-Aware SE
Universal Media Player
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Weather tool
Windows Millennium Edition KB891711 Update
Windows Millennium Edition Q823559 Update
WOWpapers utility
  • 0

Advertisements


#2
scar69

scar69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Please delete this thread. I talked to my friend and we decided to do a format and fresh reinstall of the OS.

Edited by scar69, 08 November 2006 - 04:18 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP