Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Multiple viruses - Bookedspace, now flashenhancer

  • Please log in to reply




  • Member
  • PipPip
  • 42 posts
Computer was given to my wife's aunt and I'm trying to fix - Before she got it no anti-virus or spyware tools were loaded. Machine is a real mess - I've unloaded about 800 adwares and 100 viruses.

The internal modem is not working, but this may not be related - I was able to install an old external 33.6 modemand this one is working, but slow.

The machine has lost its wallpaper, very unstable, and when I get onto the internet will eventually lock-up. I'm having to go to this forum from my own computer and copied the text files over. In normal mode, programs related to virus protection will not execute.

I have done the prep work - I think. Ran the winsockfix, which helped me get on to the internet and also ran the clean-up program to delete temp files.

AD-Aware se is loaded and removed a bunch of things, but it will only run in Safe-mode. When I try to execute in normal mode, it only blinks at me.

Ran SWShredder and found nothing.

Ran Sbybot S&D - This will only execute in Safe-mode also. Found many problems the first time, but nothing happens in normal mode.

Loaded Ewido Security Suite - Took several trys to get the updates, as I would get a timeout. When I ran my first scans it abended two times. I finally got it to run it has problems if I've opened IE.

Tried to run trend housecall, but would abend each time I tried to get load. I have also been run with AntiVir, another freeware virus protection.

I was not able to get the updates for XP sp1 - It appears I'm being blocked out when I get to the update screen - blank screen and does not load.

Machine will eventually lock up and I can do nothing.

Below is the Hijack This log before the last time the machine froze:

Logfile of HijackThis v1.99.1
Scan saved at 6:56:06 PM, on 6/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Works\WkDetect.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O2 - BHO: (no name) - {D9333278-7B51-CBE4-85E1-DAEA90A585C8} - C:\WINDOWS\System32\cdmdownld\qsniehgcic.dll
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [u00cukgs] C:\Program Files\u00cukgs\u00cukgs.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [ms0520810-4576] C:\WINDOWS\ms0520810-4576.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [43sO33U] selsn1.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [Update Connection] C:\WINDOWS\System32\msinswch.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [qkefbc] C:\WINDOWS\System32\qkefbc.exe
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [IPOT Service Drivers] itune.exe
O4 - HKLM\..\RunServices: [IPOT Service Drivers] itune.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [IPOT Service Drivers] itune.exe
O4 - HKCU\..\RunServices: [IPOT Service Drivers] itune.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Support - {7D4E996C-7732-40A6-8BF3-1CD5E0D791F0} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A417C414-2A0D-4FC0-A121-AD3D53C73DDD}: NameServer =
O21 - SSODL: Remote Media - {0BD1839E-CBFE-484B-8A22-33A9650B8F5B} - C:\WINDOWS\System32\avta0000.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: hhacyae - Unknown owner - C:\WINDOWS\system32\hhacyae.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Once I clean everything up in safe mode, the bad stuff comes back as soon as I go to normal mode. My wife's Aunt is getting impatient with me - Wish I hadn't bragged that I could fix this, but too late now.
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP