1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't Remove auctres.dll...HELP!

Discussion in 'Virus & Other Malware Removal' started by teeogl, Apr 21, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. teeogl

    teeogl Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    2
    PC is slow to load personal preferences. When the PC actually comes up it is as if it is locked up...nothing responds. Can only boot up is safe mode. We have ran CWShredder, Ada-Aware, TrendMicro, Spybot S&D, and McAfee. We keep getting a file that will not remove. The path and file name are c:\winnt\system32\auctres.cpy.dll. We have ran the HijackThis program and created a log file.

    The Log file is listed below:

    Logfile of HijackThis v1.97.7
    Scan saved at 9:31:37 AM, on 4/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\explorer.exe
    C:\WINNT\System32\dlla32.exe
    C:\WINNT\System32\ctfmon.exe
    \pinebark\apps\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.galileo.usg.edu
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O1 - Hosts: ds.com
    O1 - Hosts: s.
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe /Station
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [load32] C:\WINNT\System32\dllx32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - Startup: dllw32.exe
    O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1616c76d83c98eb4b120/netzip/RdxIE601.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) - http://pinecone.ega.edu:7777/jinitiator/jinit.exe
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ega.edu
    O17 - HKLM\Software\..\Telephony: DomainName = ega.edu
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2235D04B-CABF-4D9E-AC14-6A845F4F85DD}: NameServer = 168.22.248.100
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ega.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ega.edu
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2235D04B-CABF-4D9E-AC14-6A845F4F85DD}: NameServer = 168.22.248.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ega.edu
     
  2. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    I take it all those programs are up to date?
    Anyways, I won't ask you to boot up in safe mode as that is all you can do.
    Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

    O1 - Hosts: ds.com
    O1 - Hosts: s.

    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

    O4 - HKLM\..\Run: [load32] C:\WINNT\System32\dllx32.exe
    O4 - Startup: dllw32.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1616c76d83c98e...ip/RdxIE601.cab

    Then navigate to & delete these entries=
    C:\PROGRA~1\Toolbar< this one
    C:\WINNT\System32\dllx32.exe< this one
    C:\WINNT\System32\dlla32.exe< this one

    Hope this helps. :)
     
  3. teeogl

    teeogl Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    2
    IT WORKED!!!! Thanks so much.
     
  4. stillearning

    stillearning

    Joined:
    Mar 15, 2004
    Messages:
    389
    No problems. I'm glad that it worked. :) (y)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222546

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice