• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Meat100

Is regedit -s sysdll.reg bad?

18 posts in this topic

One day I found these in my startup list and I'm not sure where they came from or what they are. regedit -s sysdll.reg and soap.exe min Should they be removed and if so how? Adaware or spybot S & D don't find them. Here is my Hijack This log as well. Thanks in advance.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:38:33 AM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\MikesStuff\Hijack_This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} - http://download.rfwnad.com/cab/ddm_control.CAB

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37929.917025463

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Share this post


Link to post
Share on other sites

Thanks. I think I removed it. I ran a bunch of other online scanners and it appears that I have about 13 or so trojans on my computer that can't be removed. Here they are:

 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP212\A0035226.exe is infected with Trojan.Norio

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP212\A0035231.exe is infected with Trojan.Norio

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP212\A0035232.exe is infected with Trojan.Norio

C:\QUARANTINE\A0039735.dll is infected with Bloodhound.Packed

C:\QUARANTINE\A0039744.exe is infected with Downloader.Trojan

C:\QUARANTINE\A0039745.exe is infected with Download.Trojan

C:\Documents and Settings\Michael\.jpi_cache\jar\1.0\gam.jar-de45df4-3e1cfc88.zip is infected with Trojan.ByteVerify

C:\QUARANTINE\A0039735.dll - TrojanDownloader:Win32/Wintrim.W -> Infected

C:\QUARANTINE\A0039745.exe - TrojanDownloader:Win32/IstBar.J -> Infected

C:\QUARANTINE\A0039746.exe - Trojan:Win32/SecondThought.C -> Infected

C:\QUARANTINE\A0039748.exe - TrojanDownloader:Win32/Dyfuca.G -> Infected

C:\QUARANTINE\A0039750.exe - TrojanDownloader:Win32/Esepor.K -> Infected

C:\QUARANTINE\A0039751.exe - TrojanDownloader:Win32/Esepor.E -> Infected

C:\QUARANTINE\A0039752.exe - TrojanDownloader:Win32/Esepor.I -> Suspicious

C:\QUARANTINE\A0039753.exe - TrojanDownloader:Win32/Esepor.C -> Infected

C:\QUARANTINE\A0039755.dll - TrojanDownloader:Win32/Esepor.C -> Infected

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043807.exe - TrojanDownloader:Win32/OneClkNetSrch.B -> Infected

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043808.exe - TrojanDownloader:Win32/OneClkNetSrch.B -> Infected

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043809.exe - TrojanDownloader:Win32/Stubby.A -> Infected

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ISTactivex.dll - TrojanDownloader:Win32/IstBar.S -> Infected

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ISTactivex.dll - TrojanDownloader:Win32/IstBar.S -> Infected

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe infected: Application.Adware.PowerReg.3.0

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe unable to disinfect

C:\QUARANTINE\A0039735.dll=>(Upx) infected: Trojan.Downloader.Wintrim.W

C:\QUARANTINE\A0039735.dll=>(Upx) unable to disinfect

C:\QUARANTINE\A0039744.exe infected: Backdoor.Generic.621

C:\QUARANTINE\A0039744.exe unable to disinfect

C:\QUARANTINE\A0039745.exe infected: Trojan.Downloader.Istbar.J

C:\QUARANTINE\A0039745.exe unable to disinfect

C:\QUARANTINE\A0039746.exe=>(Upx) infected: Trojan.SecondThought.C

C:\QUARANTINE\A0039746.exe=>(Upx) unable to disinfect

C:\QUARANTINE\A0039748.exe infected: Trojan.Downloader.Dyfuca.G

C:\QUARANTINE\A0039748.exe unable to disinfect

C:\QUARANTINE\A0039750.exe infected: Trojan.Downloader.Esepor.K

C:\QUARANTINE\A0039750.exe unable to disinfect

C:\QUARANTINE\A0039751.exe infected: Trojan.Downloader.Esepor.E

C:\QUARANTINE\A0039751.exe unable to disinfect

C:\QUARANTINE\A0039753.exe infected: Trojan.Downloader.Esepor.C

C:\QUARANTINE\A0039753.exe unable to disinfect

C:\QUARANTINE\A0039755.dll infected: Trojan.Downloader.Esepor.C

C:\QUARANTINE\A0039755.dll unable to disinfect

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043807.exe infected: Trojan.Downloader.OneClickNetSearch.B

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043807.exe unable to disinfect

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043808.exe infected: Trojan.Downloader.OneClickNetSearch.B

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043808.exe unable to disinfect

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043809.exe infected: Trojan.Downloader.Stubby.A

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP274\A0043809.exe unable to disinfect

C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup infected: Application.Adware.PowerReg.3.0

C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup unable to disinfect

 

They get put into a quarantine folder and then I delete them, but they just come back next time I scan. Here's my newest Hijack This log as well. Thanks again.

 

Logfile of HijackThis v1.97.7

Scan saved at 1:19:08 AM, on 6/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\MikesStuff\Hijack_This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37929.917025463

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

Share this post


Link to post
Share on other sites

Hi there!

 

First, the system restore will have to be purged due to virus infections.

 

Do Start->Control Panel->System, System restore. Tick "Turn off System restore" and reboot. That will erase all restore points. After reboot, go back in and turn System Restore back on.

 

Next, download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

 

Install the program and launch it.

 

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

 

Next, we need to configure Ad-aware for a full scan.

 

icon11.gif Click on the Gear icon (second from the left) to access the preferences/settings window

 

1. In the General window make sure the following are selected:

  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives

icon11.gif Click on the Advanced button on the left and select:

  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details

icon11.gif Click the Tweak button and select:

  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile

    [*]Under the Cleaning Engine:

    • Let Windows remove files in use at next reboot

icon11.gif Click on Proceed to save the settings.

 

icon11.gif Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

  • Use Custom Scanning Options

icon11.gif Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

 

icon11.gif Save the log file when it asks and then click Finish

 

icon11.gif When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

 

Reboot and post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

Hi. I'd like to first say thanks for your time. I shut down system restore, rebooted and then ran Bit Defender. All those things were gone except for this:

 

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe infected: Application.Adware.PowerReg.3.0

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe unable to disinfect

 

It found it in the Hijack This backup folder. I did all those custom settings for Adaware and removed everything except for a registry entry that is a windows file. It claims its a security problem. Should I remove that? because I'm never sure if I should. Did you want my Adaware log? Its really long. I'm going to post my Hijack This log again. This time I went to msconfig and put everything back into startup. I have a question about the system soap entry. I'm pretty sure it just appeared there one day. It could of been my niece downloading something and that came w/ it. Do you know what it is? I'd like to get rid of it if its useless. Thanks again.

 

Here's my Hijack This log:

 

Logfile of HijackThis v1.97.7

Scan saved at 8:27:23 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\a2\a2guard.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\MikesStuff\Hijack_This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37929.917025463

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

Share this post


Link to post
Share on other sites

I have a couple of questions:

 

(1) What was this registry entry that you said was a windows file? Could you report back with the name of the file, which directory it was in, and what malware Ad-Aware identified it as? I don't need the Ad-Aware log, just the info on that one item.

 

(2) As for the following:

 

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe infected: Application.Adware.PowerReg.3.0

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe unable to disinfect

 

You mentioned it was found in the hijackthis backup folder. The following item:

 

O4 - Startup: PowerReg Scheduler V3.exe

 

was in the 1'st & 3'rd logs, but not the second. Did you remove this item before posting the 2'nd log, but put it back before posting the latest log?

 

-- LB

Share this post


Link to post
Share on other sites

Here's what Adaware is finding:

 

Vendor:Windows

Category:Vulnerability

Object Type:RegData

Size:-

Location:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" ()

Last Activity:6-26-2004

Risk LevelLow

Comment:Shell Possibly Compromised

Description:General Windows Security Issue.Your system security may be compromised.

 

I posted my first log (without everything in my startup enabled). I then ran a bunch of online virus scanners. I then ran Hijack this again and removed this O4 - Startup: PowerReg Scheduler V3.exe. Then I3lah posted telling me that the reg sys dll was bad, so I removed that. I then posted again w/ my virus scanner results and posted another log. You then posted. I then followed all your advice. I ran bit defender and all those things were gone except for:

 

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe infected: Application.Adware.PowerReg.3.0

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe unable to disinfect

 

(This was from a scan before I took your advice, thats why its not located in the Hijack This backup yet)

 

Before I posted back to you I realized I should of probably should of went to msconfig and put everything back in startup before creating another Hijack this log. I did that and saw the PowerReg Scheduler there (not starting up w/ my computer though), put it back in startup along w/ everything else and created another log. I never realized that I should have all my startup items enabled until my last post, so the PowerReg Scheduler must have been enabled during my 1st hijack this log, I then deleted it, and then it came back because I definitely didn't put it back manually at least. If your wondering somebody on another forum told me to delete it. I hope that clears things up for you a little bit.

 

Thanks again. I really appreciate your time.

Share this post


Link to post
Share on other sites

To add to my last post here's my newest Bit Defender log:

 

Memory ok

Master Boot Record 80 ok (Windows 95 B20 - Windows 98)

Partition Boot 1 (primary) ok (Unknown MBR/Boot Code)

Partition Boot 2 (primary) (active) ok (Windows NT 2000 NTFS)

 

C:\MikesStuff\Hijack_This\backup-20040621-011327-359-PowerReg Scheduler V3.exe infected: Application.Adware.PowerReg.3.0

C:\MikesStuff\Hijack_This\backup-20040621-011327-359-PowerReg Scheduler V3.exe unable to disinfect

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000042.exe infected: Application.Adware.PowerReg.3.0

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1\A0000042.exe unable to disinfect

C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup infected: Application.Adware.PowerReg.3.0

C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup unable to disinfect

 

 

Thanks, I just wanted to add that.

Share this post


Link to post
Share on other sites

Since you've made changes in msconfig, go ahead and post a new log.

 

As for that ad-aware item, I'm going to check with the experts to see what they think.

 

-- LB

Share this post


Link to post
Share on other sites

Here's my newest Hijack This log:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:33:01 AM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\a2\a2guard.exe

C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\MikesStuff\Hijack_This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37929.917025463

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

Share this post


Link to post
Share on other sites

Go into regedit (bring up the start menu, choose run and type "regedit"). Navigate to the following key:

 

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" ()

 

Report back with the value of that key.

 

-- LB

Share this post


Link to post
Share on other sites

There didn't seem to be a value and I'm pretty sure I went to the right place. Here's what it said and looked like:

 

Name Type Data

Shell Reg_SZ Explorer.exe

Share this post


Link to post
Share on other sites

Run Ad-Aware again and remove that one item.

 

Next, go back into HijackThis and, with all browser windows closed, remove the following:

 

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - Startup: PowerReg Scheduler V3.exe

 

This next item is not malware, but is considered a resource hog. You might want to remove it:

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

Next, change setting to show hidden files. Then reboot into safe mode by restarting the computer and repeatedly tapping F8 while rebooting until you hit a menu. Choose Safe Mode.

 

While in Safe Mode, remove the following file:

 

C:\PROGRA~1\SYSTEM~1\soap.exe

 

Finally, reboot and post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

I did all the things you told me, but I couldn't find this:

 

While in Safe Mode, remove the following file:

 

C:\PROGRA~1\SYSTEM~1\soap.exe

 

I did the hidden files stuff, but that wasn't there.

 

Here's my new Hijack Log:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:54:15 AM, on 7/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\a2\a2guard.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\MikesStuff\Hijack_This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37929.917025463

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

 

Thanks again.

Share this post


Link to post
Share on other sites

Looks like you're clean :)

 

I noticed you have 2 anti-virus programs on your computer. If real-time scan is on for both of them, then you'll need to disable real-time scan for one of them.

 

I recommend downloading the following programs:

 

SpywareBlaster

 

IE-Spyad

 

MVPS Hosts

 

These will prevent much of the bad stuff from getting on your computer. They're all free.

 

For IE-Spyad and MVPS Hosts, check either at their respective web sites or the Software Update forum here for update announcements.

 

Here's some recommended changes in IE settings that will help protect you.

 

Go to the Tools menu, then choose Internet Options.

 

Click on the Privacy tab and click on the Advanced button.

 

In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK

 

Go to the Security tab & click the Custom Level button.

 

The following ActiveX section settings should be changed as follows:

  • Download signed ActiveX controls: Prompt
  • Download unsigned ActiveX controls: Prompt
  • Initialize and script ActiveX controls not marked as safe: Disable

In the Microsoft VM section, set Java Permissions to "High Safety"

 

In the Miscellaneous section, set Installations of desktop items to "Prompt"

 

Click on the Advanced tab and uncheck both Install on demand items.

 

Click on Apply, then OK

 

-- LB

Share this post


Link to post
Share on other sites

Awesome, my computer even feels cleaner. Thanks alot for all of your time and help, its was greatly appreciated. I definitely will come back here (hopefully I won't have to) if I run into problems again as you were very knowledgeble and nice.

 

If you were referring to having the A2 virus scanner and McAfee, I only had A2 running for my Hijack Log. Normally its off. Thanks for the links for those programs and the info on my IE settings. I'm going to do that stuff now.

 

Thanks again.

Share this post


Link to post
Share on other sites

Glad to see you were able to resolve your problem.

 

If you need this topic reopened, please request this by sending the moderating team

an email with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0