My mom's computer is very very sick...please help

[raggafran]

20 viruses that cannot be removed or moved to the virus vault. I'll let the AVG and Hijack This logs tell the story. Thanks in advance

AVG

Results of Complete Test, date and time 6/28/2004 11:28:23 :
Testing C:\ serial 115D-18E1
C:\GOBACKIO.BIN Cannot open; not checked!
C:\_RESTORE\TEMP\A0160155.CPY Trojan horse Downloader.Wintrim.P
C:\_RESTORE\TEMP\A0160158.CPY Virus identified Worm/Sddrop
C:\_RESTORE\TEMP\A0160159.CPY Trojan horse Dialer
C:\_RESTORE\TEMP\A0160160.CPY Trojan horse BackDoor.Magicon.J
C:\_RESTORE\TEMP\A0160162.CPY Trojan horse Downloader.Wintrim.2.K
C:\_RESTORE\TEMP\A0160163.CPY Trojan horse Downloader.Wintrim.2.E
C:\_RESTORE\TEMP\A0160164.CPY Trojan horse Downloader.Wintrim.AX
C:\_RESTORE\TEMP\A0160165.CPY Trojan horse Downloader.Wintrim.AC
C:\_RESTORE\TEMP\A0160166.CPY Trojan horse Downloader.Wintrim.AN
C:\_RESTORE\TEMP\A0160167.CPY Trojan horse Downloader.Wintrim.2.K
C:\_RESTORE\TEMP\A0160169.CPY Trojan horse Downloader.Wintrim.AC
C:\_RESTORE\TEMP\A0160170.CPY Trojan horse Downloader.Wintrim.AC
C:\_RESTORE\TEMP\A0160171.CPY Trojan horse Downloader.Wintrim.AC
C:\_RESTORE\TEMP\A0160172.CPY Trojan horse Downloader.Agent.AP
C:\_RESTORE\TEMP\A0160173.CPY Trojan horse Downloader.Agent.AQ
C:\_RESTORE\TEMP\A0160174.CPY Trojan horse Downloader.Wintrim.2.D
C:\_RESTORE\TEMP\A0160175.CPY Trojan horse Downloader.Realtens.C
C:\_RESTORE\TEMP\A0160176.CPY Trojan horse Downloader.Realtens.D
C:\_RESTORE\TEMP\A0160177.CPY Virus identified Win32/Hantaner.A
C:\_RESTORE\TEMP\A0160178.CPY Virus identified Win32/Hantaner.A
Test finished, duration 00:09:48.8 s
19248 objects tested, 20 found infected


Hijack This

Logfile of HijackThis v1.97.7
Scan saved at 1:24:31 PM, on 6/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETWORD\NWAGNT33.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.usefulware.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.caribsurf.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT_.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Netword Agent.lnk = C:\Program Files\Netword\nwagnt33.exe
O4 - Startup: Gateway.net 5.0 Tray Icon.lnk = C:\Gateway.net 5.0\gwtray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Run DAP (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.zing.com/common/classes/b...on=1,0,2,12011
O16 - DPF: {B5AC24C2-1B3B-11D4-80FD-005004993CCA} - http://toolbar.excite.com/download/exbar.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/O...d/MSSurVid.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/O...or/Outside.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/mail/ymmapi.cab
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binarie...ML/EGDHTML.cab