Re: Another Virus/Hijack Removal Problem

Author	All Replies
hgratt join:2003-12-09 Plano, TX	reply to CalamityJane Re: Another Virus/Hijack Removal Problem All right! The de-registration seems to have done it and allowed me to proceed successfully with your instructions. Here is the latest HJT log: Thanks for all the help. Hopefully this will last. Logfile of HijackThis v1.99.0 Scan saved at 5:04:28 PM, on 1/20/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ATI2PLXX.EXE C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATIPTAXX.EXE C:\WINDOWS\SYSTEM\ATI2CWXX.EXE C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE C:\TOSHIBA\IVP\ISM\PINGER.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE C:\PROGRAM FILES\TECH\WHEEL MOUSE\5.0\MOUSE32A.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\A2\A2GUARD.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\INTERSIL\PRISM 802.11 WIRELESS LAN\CONFIG.EXE C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\HJT\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »my.iwon.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F1 - win.ini: run=hpfsched O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global" O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna" O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe O4 - HKLM\..\Run: [mgavrtclexe] c:\windows\MCBin\AV\Rt\mgavrtcl.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: Configuration Utility.lnk = C:\Program Files\Intersil\PRISM 802.11 Wireless LAN\Config.exe O4 - Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/MsnMe···ader.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - »www2.incredimail.com/contents/se···ader.cab
	to forum · permalink · · 2005-01-20 17:58:09 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	Ok, good job. The log looks clean I assume you are getting some prevention programs and extra security in place for them
	to forum · permalink · · 2005-01-20 18:52:06 ·
hgratt join:2003-12-09 Plano, TX	You bet! I've loaded Ad-Aware, Spybot, CWShredder and SpywareBlaster onto his system. Also installed AVAST anti-virus and a2 anti-trojan on his system. Hopefully, this will give him adequate automatic protection and manual scanning/checking capabilities. Thanks again for your help.
	to forum · permalink · · 2005-01-21 12:00:24 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL 1 edit	Great! I figured you would fix him up Another really must get free tool is Eric Howe's IESPYAD. That will put over 5,000 known malicious and/or dangerous sites into his restricted zone. It needs to be updated periodically (see our Updates list at the top of this forum each day for the latest) but installing that tool will help stop reinfections and increase his protection without using any memory resources -- It takes a disaster to make a woman out of a female Gladiator Security Forum Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-01-21 12:07:37 ·
hgratt join:2003-12-09 Plano, TX	Does IESPYAD do anything for Mozilla? Also, will it conflict with SpywareBlaster and/or SpyBot's immunization procedures?
	to forum · permalink · · 2005-01-21 13:07:43 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	Oh, no...doesn't work for Mozilla just IE, but also no - it doesn't interfere with SpywareBlaster or Spybot or any other security programs for those using IE.
	to forum · permalink · · 2005-01-21 13:09:30 ·


Thursday, 26-Nov 01:17:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF