Jump to content


Photo

homepage to dubolom


  • Please log in to reply
12 replies to this topic

#1 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 20 May 2004 - 10:52 PM

Help!
Homepage is changed to dubolom, 4 items added to favorites. Ad-aware only finds cookies. Antivirus scans find nothing. CWShredder said removed but still a problem. I followed the directions as at merijn. Internet options is present in browser and control panel but slow after hitting ok. Windows media player has problems. Scandisk and defragmenter take forever unless in safe mode.

#2 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 23 May 2004 - 01:37 PM

I have now also used spybot. The computer freezes on restart. IE usually stops responding. Outlook stops reponding. When hitting Ctrl + Alt +Del these are shown as not responding at various freezes: msgvr32, Win min, mmtask. I haven't deleted anything but the problems persist. I have downloaded hijackthis. Help please.

#3 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 24 May 2004 - 08:57 AM

bump

#4 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 24 May 2004 - 08:29 PM

Hi Boston
Please post your HJT log.

#5 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 25 May 2004 - 08:58 AM

Thank you

Logfile of HijackThis v1.97.7
Scan saved at 11:52:27 AM, on 5/24/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\CVCHOST.EXE
C:\PROGRAM FILES\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dubolom.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dubolom.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dubolom.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID:*PNP0320 /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Geek Superhero] C:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - Startup: Reminder-hpc41003.lnk = C:\Program Files\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7935.5642592593
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB

#6 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 25 May 2004 - 06:06 PM

Hi
Do not run Shredder yet.
First download CWShredder by Merijn Bellekom
Check for an update just to make sure you have the latest version. Click fix and let it delete whatever it finds. Be sure you click fix and not scan only.
Then you need to place HiJack This into a folder of itís own.
Go into your documents and make a new folder and name it HJT or something you like. Then unzip HJT into your new folder. If you ever need to restore an item you may not have that option, or be able to find them from a temp dir.
Close all browsers and rerun HJT. Check and click fix checked for the following-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dubolom.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dubolom.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dubolom.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\ClearSearch\Loader.exe
Did you pay for this?
O4 - HKLM\..\Run: [Geek Superhero] C:\Program Files\Geek Superhero\GeekSuperhero.exe
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

Restart your computer in safe mode and delete-
C:\WINDOWS\SYSUPD.EXE <=File
C:\WINDOWS\winppr32.exe <=This is SoBig virus
c:\windows\cvchost.exe <=File
While still in safe mode now run Shredder. Reboot.
I realize you have an AV but it missed at least one.Run a scan at one or all of these sites-
http://housecall.tre.../start_corp.asp
http://www.wilders.o...ee_services.htm
http://www.pandasoft...n_principal.htm
http://www.bitdefend...can/licence.php
Empty out your recycle bin. Let me know what the scan(s) find.

Edited by OlTramp, 25 May 2004 - 06:08 PM.


#7 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 26 May 2004 - 08:19 PM

Thank you again.
Geek Superhero was free.
I did not find C:\WINDOWS\SYSUPD.EXE or C:\WINDOWS\winppr32.exe
I did the rest .
I ran the pandasoftware scan yielding:
Incident Status Location

Virus:Trj/Virtumonde.A Disinfected C:\WINDOWS\TEMP\_update.dat
Virus:Trj/Small.P Disinfected C:\WINDOWS\Downloaded Program Files\ad.exe
Virus:Trj/Small.AG Disinfected C:\Recycled\1.exe
Virus:Trj/Zerolin.A Disinfected C:\m.exe

I also ran housecall which found:
TROJ ISTBAR.DH C:\ RESTORE\TEMP\A0176869.CPY
TROJ ISTBAR.AG C:\ RESTORE\TEMP\A0176880.CPY
TROJ REVOP.A C:\ RESTORE\ARCHIVE\FS94.CAB*A0175829.CPY*
TROJ ISTBAR.DC C:\ RESTORE\ARCHIVE\FS92.CAB*A0175816.CPY*
BKDR RULEDOR.E C:\ RESTORE\ARCHIVE\FS96.CAB*W0868363.CPY*
TROJ ISTBAR.DH C:\WINDOWS\avxoscan\Infected\A0176869.CPY
TROJ ISTBAR.AG C:\WINDOWS\avxoscan\Infected\A0176880.CPY

I also ran bitdefender’s scan which stopped when the following error window
Popped up- Iexplore has caused an error in LIBFN.DLL the program will now close, chose ok. I ran the scan again and the same thing happened after scanning 120950 files, but I wrote down what it found until then.
C:\RESTORE\ARCHIVE\FS94.CAB=>A0175829.CPY => [Upx] is infected with Trojan. Downloader. Revop.C

C:\RESTORE\ARCHIVE\FS97.CAB=>A0176837.CPY => [Upx] is infected with Trojan. Downloader. Dyfuca.AK

C:\RESTORE\ARCHIVE\FS97.CAB=>A0176838.CPY => [Upx] is infected with Trojan. Downloader. Dyfuca.AC

C:\RESTORE\ARCHIVE\FS97.CAB=>A0176839.CPY => [Upx] is infected with Trojan. Downloader. Dyfuca.V

C:\RESTORE\ARCHIVE\FS97.CAB=>A0176840.CPY => [Upx] is infected with Trojan. Downloader. Dyfuca.AC

C:\RESTORE\ARCHIVE\FS97.CAB=>A0176841.CPY => [Upx] is infected with Trojan. Downloader. Dyfuca.V

C:\WINDOWS\EACDOWNLOAD\RAV TEMP.EXE is suspect Trojan.Downloader.Gen

C:\ RESTORE\TEMP\A0176867.CPY Application.Adware.180solutions.A

#8 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 26 May 2004 - 08:46 PM

OK. Post another log and if it is clean we'll have you empty your system and internet temp files and turn off system restore and then turn it on again.

#9 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 27 May 2004 - 10:34 AM

I ran the bitdefender scan again. It displayed the same error message as before after scanning 120599 files. It was scanning Program Files\Phone tools at the time. Here is a recent HJT log.

Logfile of HijackThis v1.97.7
Scan saved at 10:26:21 AM, on 5/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\HP DESKJET 610C SERIES\EREG\REMIND32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID:*PNP0320 /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAM FILES\COMMON FILES\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - Startup: Reminder-hpc41003.lnk = C:\Program Files\HP DeskJet 610C Series\ereg\Remind32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7935.5642592593
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#10 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 31 May 2004 - 03:06 PM

Bump

#11 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 31 May 2004 - 05:32 PM

Hi Boston
Sorry, seems as tho' you got lost in the shuffle for a bit.
Close all browsers and rerun HJT. Check and fix-
O4 - Startup: PowerReg Scheduler.exe

Then go here and follow the directions to clean out your restore-
http://service1.syma...src=sec_doc_nam

#12 Boston

Boston

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 June 2004 - 08:56 PM

I did as you suggested then ran two of the scans. Both were clean sweeps. Thank you.

#13 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 02 June 2004 - 03:35 PM

You're welcome. Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button