Results 1 to 6 of 6
  1. #1
    WPL
    WPL is offline
    Member WPL's Avatar
    Join Date
    Jun 2004
    Location
    Old Saybrook, Connecticut, USA
    Posts
    78
    Points
    5

    Default this computer is a mess

    i am getting hugeeee amounts of alerts and error messages....despite having done numerous scans and fixes......could somebody please take a look at this hijack this log???

    Logfile of HijackThis v1.98.2
    Scan saved at 6:15:36 PM, on 8/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\TJXOKN.EXE
    C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    C:\WINDOWS\SYSTEM\AVHCDBW.EXE
    C:\WINDOWS\SYSTEM\HASSOLW.EXE
    C:\WINDOWS\SYSTEM\HPDLLHOST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PFHID07H.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\RXYRB.EXE
    C:\WINDOWS\SYSTEM\HFRR.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638DB} - C:\WINDOWS\SYSTEM\IEL2CDE8.DLL
    O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - C:\WINDOWS\SYSTEM\ICDD7EE6.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: (no name) - {223405EC-01F9-48a2-BDBB-D519913E2765} - C:\WINDOWS\SYSTEM\LI01F948.DLL
    O3 - Toolbar: (no name) - {EFEE6B59-ADDB-40eb-BA2C-AF860F5B42B5} - C:\WINDOWS\SYSTEM\READDB40.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
    O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
    O4 - HKLM\..\Run: [fxqsdm] C:\WINDOWS\SYSTEM\tjxokn.exe
    O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
    O4 - HKLM\..\Run: [NE2RLLD55] C:\WINDOWS\TEMP\NE2RLLD55.EXE
    O4 - HKLM\..\Run: [4KTWY2J5WYLGFK] C:\WINDOWS\SYSTEM\Doub.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
    O4 - HKLM\..\Run: [AutoLoadertzq11IIlONIO] "C:\WINDOWS\SYSTEM\DINCONFG.EXE" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\SYSTEM\avhcdbw.exe
    O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\SYSTEM\hassolw.exe
    O4 - HKLM\..\Run: [li01f948] rundll32.exe C:\WINDOWS\SYSTEM\LI01F948.DLL,EnableRunDLL32
    O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\WINDOWS\SYSTEM\IEL2CDE8.DLL,EnableRunDLL32
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\WINDOWS\SYSTEM\ICDD7EE6.DLL,EnableRunDLL32
    O4 - HKLM\..\Run: [000hpdllhost] C:\WINDOWS\SYSTEM\hpdllhost.exe
    O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\WINDOWS\SYSTEM\READDB40.DLL,EnableRunDLL32
    O4 - HKLM\..\Run: [t49j36V] DINCONFG.EXE
    O4 - HKLM\..\Run: [AutoLoadertzqN1IIlONIO] "C:\WINDOWS\SYSTEM\DINCONFG.EXE"
    O4 - HKLM\..\Run: [spl] C:\WINDOWS\SYSTEM\spl.exe
    O4 - HKLM\..\Run: [PFHID07H] C:\WINDOWS\SYSTEM\PFHID07H.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKCU\..\RunServices: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
    O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\TVM.EXE
    O4 - HKCU\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O12 - Plugin for .com/servlet/ViewPdfForm?isPrintPaycheck=true&paycheckIdList=489737,489738: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll


    thanks for any help
    chris

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    One thing you have is a Peper Trojan:

    First download and run THIS<<<< click here
    to remove the peper trojan from your computer ( Remain connected to the internet when you run this uninstall program)

    Run these programs here:

    http://www.help2go.com/postt8026.html

    Post another log by using the "Post Reply" button at the bottom of this page. Please make sure that it is a complete log.

    Cheers

  3. #3
    WPL
    WPL is offline
    Member WPL's Avatar
    Join Date
    Jun 2004
    Location
    Old Saybrook, Connecticut, USA
    Posts
    78
    Points
    5

    Default

    the infected pc isnt connected to our network.....it was at one time but it no longer has an ethernet card.....could i use win rare to bring theprogram to that machine via a floppy disk or is the internet connection crucial for the program to work??

  4. #4
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    By chance does it still have a modem ?

    Peper Trojan is an online scan.

    If you are in the USA you can down load /try free ISP's like Juno or Netzero to run all the on line scans. Either one of them give 10 hours a month free.

    The Peper Trojan scan is quick. The Pandasoft and Housecall scans will take quite awhile each and you could get shut off with these free ISP's.
    But again there are free.

    Cheers

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    I agree ... it is a mess

    Go to Add/Remove in the Control Panel and uninstall Wintools and TV Mediaand reboot

    I can tell you how to clean everything out of your log (which is the visable part) but there will be a lot of files left on your computer (both viral and malware) which are not shown in hijackthis ... looking at your log I suspect hundreds of files.

    We can even remove the peper trojan manualy...

    I see you have Adaware ... it needs to be updated .. in fact you MUST have an internet connection if you want to clean it out properly.

    The other alternative ... if you don't intend to use it on the net, would be to get all your important stuff off it ... then reformat and reinstall.

    A quick look through your log shows just over a dozen legitimate entries ... all the rest are malware.


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member Help2Go Moderator whoozhe's Avatar
    Join Date
    Jan 2001
    Location
    Wallaroo South Australia
    Posts
    8,567
    Points
    801

    Default

    My suggestion is back up your data, reformat and reinstall. It may be faster than cleaning out the two ton of junk you have plus the time spent will bring your system back to it's full potential.
    Take control of your life. Leave others to control their own.