1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Purge viruses, trojans, worms, etc.

Discussion in 'Virus & Other Malware Removal' started by helenof_troy, Jul 30, 2004.

Thread Status:
Not open for further replies.
  1. helenof_troy

    helenof_troy Thread Starter

    Joined:
    Jul 30, 2004
    Messages:
    1
    I have been trying to get rid of 180solutions and its counterparts and have found wininit, alchem, and others repeatedly on my system. I have been using Ad-aware and Avast, but have finally resorted to Hijackthis.

    Below is the current H/T log file for my system. Can someone please tell me what to delete? Your help is appreciated.

    Sincerley,
    Helenof_troy

    Logfile of HijackThis v1.97.7
    Scan saved at 3:06:46 PM, on 7/30/04
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\PROGRAM FILES\EFAX MESSENGER PLUS\DLLCMD32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (8394abfc1be196a62c9f532511936df7, 37808 bytes)
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file) (file missing)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file) (file missing)
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) (file missing)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD-1.DLL (e97e567a42f1144268a03318cd829b2c, 14848 bytes)
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.2.1P.DLL (eaaf59a97d1a951d6d5958921e95dde1, 139264 bytes)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX (d3d8b0684ed7a88ffce4956880907827, 1676800 bytes)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun (661d6dc4707b0110bfd7d4da4ccb86cc, 86016 bytes)
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe (e3638df27264132f18b43802c96efbba, 28672 bytes)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (9ef36c1b50cb6f80deb943c622604fda, 24576 bytes)
    O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE (294b88270ba5e751da5d0476e6c94248, 11808 bytes)
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe (69d7217f9d7f49d6706baf90f52b472b, 7536 bytes)
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE (0613611d2c79751238dea0aef83f6303, 114688 bytes)
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (6d2cfded7fc72a87cf49c1ea545ff267, 28672 bytes)
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup (047d008c28818ff85cd77daede62bc3e, 131072 bytes)
    O4 - HKLM\..\Run: [wpwxurcj] C:\WINDOWS\wpwxurcj.exe
    O4 - HKLM\..\Run: [lcx] C:\WINDOWS\lcx.exe
    O4 - HKLM\..\Run: [xyjudwr] C:\WINDOWS\xyjudwr.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe (992c1e16d0693b9e359721445b1889f5, 200752 bytes)
    O4 - HKLM\..\Run: [zusgdo] C:\WINDOWS\SYSTEM\xarrzmz.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (9ef36c1b50cb6f80deb943c622604fda, 24576 bytes)
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MOSearch] c:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE (a69add8bb038cefb7c6c32ee9f48f33d, 69632 bytes)
    O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe (9371e690105409b26bc987c36653ef8e, 77872 bytes)
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe (23bfca6064bbba3f423c910b495c8f2e, 18944 bytes)
    O4 - Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe (b4a61d2ffeb8060ff94e7e1132649503, 28672 bytes)
    O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm (8997583ae1f7e252c4061b012b520148, 660 bytes)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll (9d63f257e9cc6367692b92da4cb4ddac, 270336 bytes)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/256274

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice