My computer's back, thanks to you..but--Hijackthis log for interpretation please?!

Hello everybody. I'm a new user here.

About three weeks ago my computer (running Windows ME) became seriously infected with many nasties. After several days of dealing with extreme pop ups, a hijacked browser, and various other garbage, I contracted the obnoxious Wtoolsa problem with which so many here were contending. My computer was so bad that I couldn't even get to the Internet; my browser would simply not load. I did a search on Wtoolsa on my boyfriend's computer and I found this forum. As we were about to go on vacation, I decided to shut my computer down and deal with the mess when we came back, which is why I am just working on these issues now, 1-2 weeks after most of the others have gotten rid of Wtoolsa and related garbage.

So....back to the real world: I read many threads here, printed off many responses and downloaded hijackthis to a diskette. Using some of the info I found here, I was able to mess around (yep, that's what it felt like to me) with both msconfig and regedit just enough to get rid of a few things so that I could finally get online. Hijackthis showed me that I did have the nasty Coolwebsearch, and I was able to download CWShredder to get rid of that. Yesterday I downloaded both Spybot and AdAware and they both found a bunch of stuff that I got rid of. I let both Spybot and Adaware run at startup and I think I've run both about 3-4 times now. I also installed a critical Windows ME update somewhere along the way.

My computer is functioning reasonably now but there was one item that Spybot couldn't get rid of.

Anyway...here is my latest Hijackthis log. I'd love some thoughts on what still needs to be dealt with and what else I need to do to keep this from happening again.

Again, thanks to everyone here, especially noahdfear, Lonny Jones, Johanna, and one or two other names that I can't recall at present.

Logfile of HijackThis v1.97.7
Scan saved at 7:36:31 PM, on 6/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
A:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_5.DLL
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_5.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [xBrotherMeCom] C:\BRME\BrMeCom.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37861.892337963
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe

 

Welcome JoannaK, to WindowsBBS!

And you are welcome. I'm glad to have been assistance to you. Looks like you've done well here. Just a few things I recommend left to do. First, you need to copy HijackThis to your harddrive. Place it in a new folder such as C:\HJT. This will place backups of whatever gets fixed in the folder also, in case anything was ever removed that shouldn't be, and needed to be restored. Then open HJT, scan and place a check next to the following entries. Close all other windows and fix.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE


Go to msconfig and recheck anything you have unchecked.
Reboot.
Open C:\PROGRAM FILES and delete the folder TV MEDIA.
Scan again and post a new log.

What was the one item that Spybot couldn't deal with?

You really need to install Antivirus/Firewall software. You can get a one year free trial of eTrust EZ Armor here. It gets my vote. Alternatives here. You should not even be connected to the internet without an active Firewall and up-to-date AV installed and running. You should also run some online scans just to make sure. RAV and Housecall.

To help protect your PC from aquiring this junk, first make sure you are using version 1.3 of Spybot by clicking info and license button. If not, download it from my signature and install. I recommend uninstalling the previous version first. Click the Spybot-S&D button, then click immunize, then immunize again (with the green + beside it this time) from above. Then click the link below in the status box for SpywareBlaster, download, install and update. Also click the tools button, then Resident and check the box for SD Helper. Then click IE Tweaks and lock homepage and hosts file. Then download and install IESpyads.

 

Thank you so much, Dave--- I was away and busy most of today but I will get back to the computer and to your suggestions tomorrow. I inherited this computer a few months back and I knew I was pushing it by not protecting it, so I really appreciated your suggestions for AV and firewall software.

More tomorrow!!

 

I'll watch for ya.