Inactive [InActive] Recommended Follow up from Win Me Forum

This is a follow up from win me forum regarding removing virus, trojan, adware from _restore/archive/cab files. I disconnected System restore.

The following is result from Hijack this scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:29 PM, on 2/13/2009
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\ASUSTEK\ASUSDVD\PDVDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\RAM IDLE LE\RAM_ME.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\GCC.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-G NOTEBOOK ADAPTER\ODHOST.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\TECHNICAL\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [R-Firewall1] C:\Program Files\R-TT\R-Firewall\CRCService\RTT_CRC_Service.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_04\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0_04\BIN\SSV.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O24 - Desktop Component 0: (no name) - http://media.salemwebnetwork.com/oneplace/images/faithtalk/FT_VisitMinistryPage.gif
O24 - Desktop Component 2: Oneplace.com - Listen For Life - http://oneplace.com/

--
End of file - 3996 bytes

______________________________________________

Thanks for any info, much apreciated

 

Hi recoverybound

OK please re-enable System Restore.

What program was telling you you have a virus? Avast?

Please run a scan again after re-enabling system restore with what ever program was warning of a virus.

Let me know what it comes up with and a file path it it has one.

Do you know what these are?
O24 - Desktop Component 0: (no name) - http://media.salemwebnetwork.com/one...nistryPage.gif
O24 - Desktop Component 2: Oneplace.com - Listen For Life - http://oneplace.com/

Thanks
Geri

 

Thanks for the response. I will restart System Restore. As for those urls etc. I don't know where they came from for sure. Can't find any files/folders etc with them. It is possible they may be left over from some past web activity. However I don't recall them.
Will get back with virus scan result, probably tomorrow sometime.

Again thanks for the interest in my pickle.

 

Geri
I reran System Restore, and reran Avast, did a hard move of affected files found to Avasts' move folder then deleted them. I also did a couple of other things based on a couple of articles referenced to by the sticky posts in this forum. Am pleased to say that it appears for the moment i am virus and spyware free. Yippee.

Thanks for your help.

 

Hi
OK that's good to hear.

I would do a reboot of your computer and then check again for infections.

Geri

 

Geri
Sorry it took so long getting back to u. I rebooted ran another session of AVAST and it came up clean. Thank u all for your interest and suggestions. I will definately be using this site in the future.

 

Glad things are working.

Surf Safely
Geri