Is this worth fixing or should I reload

[froehle]

A friend brought me her computer. It wouldn't boot.
From safe mode, I reloaded the video drivers.
Added 512MB ram because the system was toooooo slow to do anything.
Ran Trend Housecall using the Java version,
the ActiveX version hung
it deleted bunches of viruses
Ran Adaware SE from safe mode and it deleted 152 more things
rebooted to regular mode Norton 2005 found Vundo in ssttr.dll
what good is this it can't get rid of it.
I did by looking on the boards and found a message telling me to download
something that got rid of it.
Norton found 4 other adware files... it couldn't get rid of them either.
I installed spybot 1.4 and it found lots of other things which I deleted.

I updated the video drivers from Microsoft update and nothing worked again...
I went to ndivia and got their drivers ... turned off Norton Antivirus before loading ... now the video seems to work.

Ran HiJack this and think it still has lots of stuff on it.

Is it worth fixing ... if so how

Thanks in advance,
Paul

 

[Mictlantecuhtli]

I'd say it is worth fixing, if only to learn from the process. Of course the "simpler" method would be to reinstall the whole OS.

I'd uninstall unneeded applications and disable unneeded services, for starters. But to be honest, it's been years since I've personally dealt with a virus-filled computer.

You could start by posting the HijackThis log here.

 

[PanicX]

While I like Mictlantecuhtli's point of view. It's really in the end users best interest to reinstall the machine. At that level of (Norton ) infestation, its unlikely that any amount of repairs will put the machine on par with a fresh install.

The only advantage of fixing this machine would be to maintain current user settings and prevent possible loss of data in the reinstall. However if you make a good backup, then it shouldn't really be an issue.

 

[froehle]

I thought I included the hijackthis.txt

Sory, I forgot to hit the upload button after setting the file name?

 

[Mictlantecuhtli]

Kill this:

C:\WINDOWS\system32\8E8B8E9191939.exe

Fix these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O2 - BHO: BHO Class - {FE6A3E85-0F6C-49AD-8843-68FF44E7EEAA} - C:\WINDOWS\system32\SecureServicePack2.dll

O4 - HKLM\..\Run: [T] C:\documents and settings\lori jachec\local settings\temp\T.exe
O4 - HKLM\..\Run: [o0AeRDN1] C:\windows\system32\o0AeRDN1.exe
O4 - HKLM\..\Run: [nkl.exe] c:\windows\system32\nkl.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Cyf0o.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\etb\pokapoka67.exe
O4 - HKLM\..\Run: [DDDADDE0E0E2DFE] 8E8B8E9191939.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)

 

[froehle]

Do you think the system is OK now

I followed your instructions, rebooted, and here are the results.

Where can I find out how to decide what to delete on my own?

Does Hijackthis eliminate the files when it does the fix?

Do you know if it is safe to eliminate AOL version 9 from an XP home system?
I have had to reload several windows 98 machines when someone eliminated AOL. It took out IExplorer but doesn't clean the registry. I couldn't reload IE or Netscape because they were there, but I couldn't start them because they weren't.

Should I delete the items in O9 that say (no file)? Were they deleted by Adaware or spybot?

Thanks for your help,
Paul

 

[Mictlantecuhtli]

Where can I find out how to decide what to delete on my own?

Do a web search on the dll / application names if they don't look familiar to you. I can't really give any specific advice on how to learn which files are legitimate and which aren't. You might learn it over the years...

Does Hijackthis eliminate the files when it does the fix?

No, as far as I know.

Do you know if it is safe to eliminate AOL version 9 from an XP home system?
I have had to reload several windows 98 machines when someone eliminated AOL. It took out IExplorer but doesn't clean the registry. I couldn't reload IE or Netscape because they were there, but I couldn't start them because they weren't.

I don't know anything about AOL.

Should I delete the items in O9 that say (no file)? Were they deleted by Adaware or spybot?

Most likely they were.

Here is a little HJT tutorial.