MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Coolsearch.biz still on PC. HJT log help pls...?
December 15, 2019, 04:50:51 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 15, 2019, 04:50:51 PM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Coolsearch.biz still on PC. HJT log help pls...?  (Read 1655 times)
finehoned
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« on: October 14, 2004, 09:24:46 AM »

PC running Win98.  

Hi, I've run Vet (anti-virus), Adaware, Spyware Eliminator, Spybot S&D, CWShredder and manually deleted quite a bit of spyware with the help of Bazooka Scanner. I've changed my default browser to Firefox.  The trojan, Coolsearch.biz is still creating problems, ie. launching Internet Explorer at a Russian p*rn site (even as I write this whilst in Firefox), and trying to ad p*rn sites to favourites.  PC running very slow.

Below is my Hijack This log.  I just don't want to 'fix/delete' the wrong thing.  Can anyone help?  Huge thanks in advance.

Logfile of HijackThis v1.98.2
Scan saved at 7:15:39 PM, on 10/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\VET\ISAFE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\VET\VETMSG.EXE
C:\VET\VETTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\DBSERVER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\GOLUMM\SERVICES.EXE
C:\WINDOWS\APPLICATION DATA\HRSE.EXE
C:\WINDOWS\SYSTEM\MTLI.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\COMMON FILES\DATAVIZ\DVZINCMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\ADE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\OOL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\VIRUSSCAN\HIJACKTHIS.EXE
C:\VET\AUTODOWN.EXE
C:\VET\CAFIX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BigPond
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.24\RUNDLG32.DLL
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vet Alert] C:\VET\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\VET\VETTRAY.EXE
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Gravis AppAware Loader] C:\WINDOWS\SYSTEM\DBServer.exe
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic5 Pro\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\SYSTEM\golumm\services.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\VET\isafe.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\SYSTEM\golumm\services.exe
O4 - HKCU\..\Run: [Oter] C:\WINDOWS\Application Data\hrse.exe
O4 - HKCU\..\Run: [Cvdpmed] C:\WINDOWS\SYSTEM\mtli.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/topsearch.html (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com.au
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {2BDE7F96-51BA-2796-0338-04B569A3A4B8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5367812D-2421-7996-C639-525B2E2B53D8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4B3D4D7A-73ED-37D6-515D-40947CFA8DCE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0233BA3E-EE31-1F80-3802-6B414AD3805B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0A7E5AD5-9552-3BD0-ED8A-6F5B7195CE18} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {09FAF9E6-1697-0400-E7E7-4D9B05B673F2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CF75303-27C5-58EB-3EE8-6401226A161B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2B3DF4C2-171E-6F1C-6206-3CCA500D159E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {77DFAE07-7322-6BC1-16ED-3E0874193A9E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6DE1950C-88EA-3143-10A6-28EB731ED34B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {41B7C6BC-92D8-08D3-2859-7D1877F3D13D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {56AC9939-C5B5-1DF9-7E7D-65BD37A59A89} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2CBCDBD4-D1FF-2D7B-F905-438612843203} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {04A08844-234A-5184-20A5-47FA4E67F77E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {091B55EB-FC58-3A7F-532F-264D4E2FA3FE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {61D981AC-815A-52DE-BE22-2D0550971EAD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {283CD8AC-23D2-043D-A200-009347C44237} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0ADFC945-B090-0CD2-4B2D-17235F9B1349} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {01D9F1AD-BE1C-6B5A-9502-510A3EE0E2AE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1015681A-C05A-6FC5-4699-56752F04408B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1E0204F3-741E-482A-3732-323768AB7FA5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4CB743E6-36D9-2111-A5B1-04012D090112} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0BDA3434-BF94-30D7-AD40-128E5F18AC0F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4DDEB550-7046-2A5C-17F3-42ED5B1ECFC4} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4B97BC3C-2E57-2399-A691-1E820CED541D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3B49A0FB-5858-2C55-E8F1-2B535DD6400E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {678BFC90-0D15-4710-FADD-026E699D8945} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7A1D4CEE-698D-7D5F-8E11-49B9390161B7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {233B9C0F-E1CE-7627-F7A2-2F8562F65F61} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CA39A63-A90F-41B6-0349-025422EA3B1D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {746420E2-3EFF-1BC3-2923-67763FB444AF} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {09494ED9-3A56-0CF2-2976-36E16DE99B17} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5A8F668E-B139-52CF-818C-27DA20AE1822} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {12D74553-327D-2278-AEEE-2A8D02AC7A70} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {180772AF-647B-427E-867B-0ADB30FA33E8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1049092A-FC7C-6C76-7060-2E0B5921FE2B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2DE9D8C4-6FBC-328F-3A0B-51F13FD25B08} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {07447193-496E-0684-902A-6A251EA696BE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6C4B8203-77D2-5465-B2B0-188565E53F85} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3E20C6D9-99D5-08C2-4198-49551C6C45E2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {199CF698-6B47-00A8-9E12-046A486ED92D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2D311DEE-658B-2E69-7648-478C33BACFFD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4793955D-DB6A-1D93-B22F-4C271A47AF68} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {762C23EB-BA0D-02DD-F549-160F76D60CD7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29B6AD17-5143-5052-E77C-06CC7AB5C38A} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {238AA291-AB88-13C2-BBD0-698826A2EDCE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2446E67C-472B-346B-70C8-27E1237F9D2F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {25273653-55D4-0C9D-C563-5E3457A1EE61} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {35675F76-DFB7-48BA-206F-3A4E5902F572} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29B762A3-8496-3AC1-AA04-517F28844714} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3A43109F-95A0-3D5F-6A46-693A7D48FC90} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4484FDFA-9A09-10B1-4B06-284B5933C685} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {20FC3DB7-B18C-22D2-2743-625878B3832C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {61BF0BBD-5D9F-2036-5B00-1B0017BADEAA} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {57677B5C-128C-29F2-7147-18E80F83862B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3234D0E4-4DFE-7120-9EAC-50192A57AFB0} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {55B19486-6021-14EB-D11E-414339768B9C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29A6836E-3837-23F6-CAE2-66CC4701BB0B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {256506A0-7E54-1F9C-F4EB-372D5AFB7774} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {676FBD6B-B373-2B9C-AED2-22E307552B42} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7900ACBD-433C-7038-802C-62230BBBB617} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {300E0A43-9407-433D-8052-38DA5161D797} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {50FEF02F-D330-5CC7-CB0E-725A6DDF097D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7C35D2AD-74B4-0C5F-C831-7EBC37946B5D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {69BCCEEA-9601-6D53-6BEB-44F4577AA4D6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3B8CC059-9954-1256-ABC3-5AC75642045E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2B6A2109-68E8-6F29-83E3-4F1300260369} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0974DA81-14DE-6C93-5EC5-4E0F4FF45F00} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {031347BA-00C2-40A3-7CAD-349460E61F2D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1EEFF816-6A74-1A74-E4C2-56765FE3298F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3234AD49-4B32-722D-C748-244210A4FE26} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {25A39F43-16DA-5C0E-02DA-657448E847A5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {612070BF-E487-5144-A8F2-750221928A95} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0C213E88-BF83-0806-D11B-2CF91D1887D4} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CC4DA7A-AD10-2C23-44A6-5C9132F2792C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29DFAC03-D691-7712-ECE7-41623F634B2E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {14AC1580-461E-6A3C-8B23-4CE56B4CD0B5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0B8DAEF1-E29B-63CB-FB74-498348FBFEAE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {161A70C2-4FC9-3E47-16C3-21E103B15A0F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3CA05B5C-437A-0228-1BCF-0C773CDACCB6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {46B74D1A-49C7-7097-5A8E-22721E9C4DBD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4A7E25B7-C1FA-1EA5-F73F-398A13AE6467} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0376D07C-BEA9-53A3-F3D5-78FC07E6938C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6F7293DB-CA04-5665-A104-011345549229} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2E16FA4E-6176-7E27-0C37-12A67CF027AF} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {71CCAFBE-3243-4744-7EAB-2F846D18049C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {43CA3797-5E8D-4D58-7841-2C651E0CA00C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5AF0BDE5-502D-3805-C2C7-0D5D650519CC} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2A591366-191A-4BB1-2D05-74027AACD0D5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4618C11C-6B2F-099D-35C8-24D438BA3B60} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {44846D1D-E946-7217-903B-2E2D449BE854} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {79B2EAB7-1EBF-15D4-87D0-066A648A9ABC} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0FCABCFD-3EEF-25EE-123F-4D731695FAD6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {15A78949-CFE1-4386-19EB-51940EE0F681} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {17F61AA4-EC86-3F22-1EEC-72A92D3D3452} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {53B85DC9-D1BD-580A-82F0-68E15CE8FA3F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {475861F9-12E5-0574-45B3-307868BA41DA} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {156A5910-0AB1-1B46-832D-597F647B3503} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {67E886CC-E230-2315-5F62-60D16A11BEA2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {438D499E-C597-5351-AA9A-15B41386DD9E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {36F5BF87-4381-7040-2656-212334A80236} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {412E7864-0152-7B1C-1B2B-079C02ACF853} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3EFD5CD4-CE23-2B85-BBD8-5A9750D0B2A7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {546A4070-9FCA-7A6D-F51A-6BDB4AE5AD90} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {52A4CE3C-9C50-30AA-A28C-7A160334B6EA} - http://69.50.188.54/1/gdnAU208.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au



Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 14, 2004, 01:04:39 PM »


Please download CWSHREDDER but do not run it yet

Have hijack this fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.24\RUNDLG32.DLL
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\SYSTEM\golumm\services.exe
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - http://www001.upp.so-net.ne:3128@DF809JOW4WJ2304LFD0SF9FSD0A2T4LDF809JOW4WJ2304LFD0SF9FSD0A2T4LD%2E%42%49%5A/topsearch.html (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {2BDE7F96-51BA-2796-0338-04B569A3A4B8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5367812D-2421-7996-C639-525B2E2B53D8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4B3D4D7A-73ED-37D6-515D-40947CFA8DCE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0233BA3E-EE31-1F80-3802-6B414AD3805B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0A7E5AD5-9552-3BD0-ED8A-6F5B7195CE18} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {09FAF9E6-1697-0400-E7E7-4D9B05B673F2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CF75303-27C5-58EB-3EE8-6401226A161B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2B3DF4C2-171E-6F1C-6206-3CCA500D159E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {77DFAE07-7322-6BC1-16ED-3E0874193A9E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6DE1950C-88EA-3143-10A6-28EB731ED34B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {41B7C6BC-92D8-08D3-2859-7D1877F3D13D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {56AC9939-C5B5-1DF9-7E7D-65BD37A59A89} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2CBCDBD4-D1FF-2D7B-F905-438612843203} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {04A08844-234A-5184-20A5-47FA4E67F77E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {091B55EB-FC58-3A7F-532F-264D4E2FA3FE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {61D981AC-815A-52DE-BE22-2D0550971EAD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {283CD8AC-23D2-043D-A200-009347C44237} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0ADFC945-B090-0CD2-4B2D-17235F9B1349} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {01D9F1AD-BE1C-6B5A-9502-510A3EE0E2AE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1015681A-C05A-6FC5-4699-56752F04408B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1E0204F3-741E-482A-3732-323768AB7FA5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4CB743E6-36D9-2111-A5B1-04012D090112} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0BDA3434-BF94-30D7-AD40-128E5F18AC0F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4DDEB550-7046-2A5C-17F3-42ED5B1ECFC4} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4B97BC3C-2E57-2399-A691-1E820CED541D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3B49A0FB-5858-2C55-E8F1-2B535DD6400E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {678BFC90-0D15-4710-FADD-026E699D8945} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7A1D4CEE-698D-7D5F-8E11-49B9390161B7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {233B9C0F-E1CE-7627-F7A2-2F8562F65F61} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CA39A63-A90F-41B6-0349-025422EA3B1D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {746420E2-3EFF-1BC3-2923-67763FB444AF} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {09494ED9-3A56-0CF2-2976-36E16DE99B17} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5A8F668E-B139-52CF-818C-27DA20AE1822} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {12D74553-327D-2278-AEEE-2A8D02AC7A70} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {180772AF-647B-427E-867B-0ADB30FA33E8} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1049092A-FC7C-6C76-7060-2E0B5921FE2B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2DE9D8C4-6FBC-328F-3A0B-51F13FD25B08} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {07447193-496E-0684-902A-6A251EA696BE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6C4B8203-77D2-5465-B2B0-188565E53F85} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3E20C6D9-99D5-08C2-4198-49551C6C45E2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {199CF698-6B47-00A8-9E12-046A486ED92D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2D311DEE-658B-2E69-7648-478C33BACFFD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4793955D-DB6A-1D93-B22F-4C271A47AF68} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {762C23EB-BA0D-02DD-F549-160F76D60CD7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29B6AD17-5143-5052-E77C-06CC7AB5C38A} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {238AA291-AB88-13C2-BBD0-698826A2EDCE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2446E67C-472B-346B-70C8-27E1237F9D2F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {25273653-55D4-0C9D-C563-5E3457A1EE61} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {35675F76-DFB7-48BA-206F-3A4E5902F572} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29B762A3-8496-3AC1-AA04-517F28844714} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3A43109F-95A0-3D5F-6A46-693A7D48FC90} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4484FDFA-9A09-10B1-4B06-284B5933C685} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {20FC3DB7-B18C-22D2-2743-625878B3832C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {61BF0BBD-5D9F-2036-5B00-1B0017BADEAA} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {57677B5C-128C-29F2-7147-18E80F83862B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3234D0E4-4DFE-7120-9EAC-50192A57AFB0} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {55B19486-6021-14EB-D11E-414339768B9C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29A6836E-3837-23F6-CAE2-66CC4701BB0B} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {256506A0-7E54-1F9C-F4EB-372D5AFB7774} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {676FBD6B-B373-2B9C-AED2-22E307552B42} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7900ACBD-433C-7038-802C-62230BBBB617} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {300E0A43-9407-433D-8052-38DA5161D797} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {50FEF02F-D330-5CC7-CB0E-725A6DDF097D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {7C35D2AD-74B4-0C5F-C831-7EBC37946B5D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {69BCCEEA-9601-6D53-6BEB-44F4577AA4D6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3B8CC059-9954-1256-ABC3-5AC75642045E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2B6A2109-68E8-6F29-83E3-4F1300260369} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0974DA81-14DE-6C93-5EC5-4E0F4FF45F00} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {031347BA-00C2-40A3-7CAD-349460E61F2D} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {1EEFF816-6A74-1A74-E4C2-56765FE3298F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3234AD49-4B32-722D-C748-244210A4FE26} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {25A39F43-16DA-5C0E-02DA-657448E847A5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {612070BF-E487-5144-A8F2-750221928A95} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0C213E88-BF83-0806-D11B-2CF91D1887D4} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6CC4DA7A-AD10-2C23-44A6-5C9132F2792C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {29DFAC03-D691-7712-ECE7-41623F634B2E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {14AC1580-461E-6A3C-8B23-4CE56B4CD0B5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0B8DAEF1-E29B-63CB-FB74-498348FBFEAE} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {161A70C2-4FC9-3E47-16C3-21E103B15A0F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3CA05B5C-437A-0228-1BCF-0C773CDACCB6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {46B74D1A-49C7-7097-5A8E-22721E9C4DBD} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4A7E25B7-C1FA-1EA5-F73F-398A13AE6467} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0376D07C-BEA9-53A3-F3D5-78FC07E6938C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {6F7293DB-CA04-5665-A104-011345549229} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2E16FA4E-6176-7E27-0C37-12A67CF027AF} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {71CCAFBE-3243-4744-7EAB-2F846D18049C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {43CA3797-5E8D-4D58-7841-2C651E0CA00C} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {5AF0BDE5-502D-3805-C2C7-0D5D650519CC} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {2A591366-191A-4BB1-2D05-74027AACD0D5} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {4618C11C-6B2F-099D-35C8-24D438BA3B60} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {44846D1D-E946-7217-903B-2E2D449BE854} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {79B2EAB7-1EBF-15D4-87D0-066A648A9ABC} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {0FCABCFD-3EEF-25EE-123F-4D731695FAD6} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {15A78949-CFE1-4386-19EB-51940EE0F681} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {17F61AA4-EC86-3F22-1EEC-72A92D3D3452} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {53B85DC9-D1BD-580A-82F0-68E15CE8FA3F} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {475861F9-12E5-0574-45B3-307868BA41DA} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {156A5910-0AB1-1B46-832D-597F647B3503} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {67E886CC-E230-2315-5F62-60D16A11BEA2} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {438D499E-C597-5351-AA9A-15B41386DD9E} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {36F5BF87-4381-7040-2656-212334A80236} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {412E7864-0152-7B1C-1B2B-079C02ACF853} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {3EFD5CD4-CE23-2B85-BBD8-5A9750D0B2A7} - http://69.50.188.54/1/gdnAU208.exe
O16 - DPF: {546A4070-9FCA-7A6D-F51A-6BDB4AE5AD90} - http://69.50.188.54/1/rdgAU208.exe
O16 - DPF: {52A4CE3C-9C50-30AA-A28C-7A160334B6EA} - http://69.50.188.54/1/gdnAU208.exe

Boot to safe mode making sure you can see hidden files and folders


How To Boot Into SafeMode

How To Show Hidden Files And Folders

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Delete The Following:

C:\WINDOWS\SYSTEM\GOLUMM\SERVICES.EXE
C:\WINDOWS\APPLICATION DATA\HRSE.EXE
C:\WINDOWS\SYSTEM\MTLI.EXE
C:\ADE.EXE
C:\OOL.EXE

While still in safe mode Close all browser windows, open cwshredder.exe then click "Fix" and let it run.


Then restart your computer and post new log









Logged

John Vickers
finehoned
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: October 14, 2004, 02:18:15 PM »

Hi Jvic,

Thanks so much for your prompt reply......SO APPRECIATED.

Will try the fix and keep you informed with result.

Thanks again!!!!!!!!!!!!!!!
Logged

 
finehoned
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #3 on: October 15, 2004, 12:14:51 PM »

Dear Jvic,

Thanks again for your reply.  I've followed through your instructions and the PC seems to be working fine.  I've just run the HJT log again.    Please see following and let me know if I've missed something.  Once again a  huge thank you for your help.  Talk about relief.

Logfile of HijackThis v1.98.2
Scan saved at 10:07:51 PM, on 10/15/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\VET\ISAFE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\VET\VETMSG.EXE
C:\VET\VETTRAY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\DBSERVER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\COMMON FILES\DATAVIZ\DVZINCMSGR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\VIRUSSCAN\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BigPond
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;;<local>
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vet Alert] C:\VET\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\VET\VETTRAY.EXE
O4 - HKLM\..\Run: [NVQuickTweak] RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Gravis AppAware Loader] C:\WINDOWS\SYSTEM\DBServer.exe
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic5 Pro\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Program Files\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\VET\isafe.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.au
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #4 on: October 15, 2004, 01:51:49 PM »

You look good.You can fix this entry with hjt.It is optional but is considered to be a resource hog

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Logged

John Vickers
finehoned
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #5 on: October 15, 2004, 02:25:38 PM »

Hi Jvic,

Since the fix you recommended, I have not experienced any of the problems I've been having.........

I was at my wits end.......and was just about to throw my whole system out the window (literally).

Just can't THANK YOU enough for your help.....THANKS!!!!!!!!!

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #6 on: October 15, 2004, 04:51:17 PM »

Glad you are fixed.I will lock this topic now.if you need it reopened just PM a mod and supply a link to this thread
Logged

John Vickers
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 17, 2018, 04:22:38 PM