JOE.G
2007-01-02, 17:16
I have ascreen shot of the start up menu, from spy bot in there it tells you what stuff it, on the scanregisty it says it is a virus and I should delete it but when I search the net it seems to be a valid ext. I would like you guys to look at it
This is a old one but it is on there.
It ias the 7th 04 entry, scan reg one.one spybot where you can get teh entry of your start up menu to see if it is valid or not it says this one is not and that not the real scanreg the one that isneeded. This is the only one I have found in the start up menu and all teh searching on the internet says it is valid. Thanks
Logfile of HijackThis v1.99.1
Scan saved at 7:42:21 PM, on 7/2/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPRMMON.EXE
C:\WINDOWS\SYSTEM\M2AUDMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIGHJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catskill.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: starter.exe
O4 - HKLM\..\Run: c:\windows\taskmon.exe
O4 - HKLM\..\Run: C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: c:\windows\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: c:\windows\scanregw.exe /autorun
O4 - HKLM\..\RunServices: WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: c:\windows\SYSTEM\mprmmon.exe
O4 - HKCU\..\Run: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
This is a old one but it is on there.
It ias the 7th 04 entry, scan reg one.one spybot where you can get teh entry of your start up menu to see if it is valid or not it says this one is not and that not the real scanreg the one that isneeded. This is the only one I have found in the start up menu and all teh searching on the internet says it is valid. Thanks
Logfile of HijackThis v1.99.1
Scan saved at 7:42:21 PM, on 7/2/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPRMMON.EXE
C:\WINDOWS\SYSTEM\M2AUDMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIGHJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catskill.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usadatanet.net
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: starter.exe
O4 - HKLM\..\Run: c:\windows\taskmon.exe
O4 - HKLM\..\Run: C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: c:\windows\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: c:\windows\scanregw.exe /autorun
O4 - HKLM\..\RunServices: WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: c:\windows\SYSTEM\mprmmon.exe
O4 - HKCU\..\Run: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -