MP_handler parents log(2)

[Monkey Proof]

some more infections that i cant cleanup. the desktop got hijacked with some popup from a anti-malware website that will not leave. there were lots of java exploits that i pretty much cleaned up but obviously some others still exist. all this from my stepdad visiting a poker website so he says, but the history says otherwise

Logfile of HijackThis v1.99.1

Scan saved at 10:01:41 PM, on 5/14/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE

C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE

C:\WINDOWS\SYSTEM\E_S4I2G1.EXE

C:\WINDOWS\S3JHBWVY\COMMAND.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE

O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "LPT1:" /M "Stylus CX5400"

O4 - HKLM\..\Run: [Command] C:\WINDOWS\S3JhbWVy\command.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.91,85.255.112.102

O21 - SSODL: oGkpHcZyPWNnN - {08361909-A29C-B3A3-64D8-9B624DB10F56} - C:\WINDOWS\SYSTEM\SPJ.DLL

here is what i found to delete but i want to confirm first

C:\WINDOWS\SYSTEM\E_S4I2G1.EXE

C:\WINDOWS\S3JHBWVY\COMMAND.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.91,85.255.112.102

O21 - SSODL: oGkpHcZyPWNnN - {08361909-A29C-B3A3-64D8-9B624DB10F56} - C:\WINDOWS\SYSTEM\SPJ.DLL

[Tarun]

What you've posted to remove is pretty good. A few things can stay though.

Radio is clean, it lets you listen to music online.

Hidserv is clean. Link.

Messenger is clean too, that just gives you a button in IE.

The rest can definitely go. If you feel e-trust is missing viruses, try avast!.

[Monkey Proof]

i deleted Etrust from the machine and downloaded Avast. so far i'm impressed with Avast. it's a little slow scanning on thier machine but i figure it's becouse they are still running WindowsME. i'll test it out on their machine for a few days but i think i'm going to install it on my laptop. now all i have to do is talk them into using Firefox instead of IE.