Right this is getting on my T*ts now...
Discussion
mk:@MSITStore:C:WINDOWSstart.chm::/start.html
I have ZoneAlarm firewall, NOD32 AV, AVG AV and Adaware 6.0
All have failed to stop/find and destroy the above malware which is basically altering my homepage on IE6 and trying to get me to buy car insurance etc etc it's obviously seeing where I surf (OH) and targetting ads based on that.
I can't find it in either IE program folder or Windows and neither, it would appear, can the various programmes above.
So...can anyone
1. Tell me how to get rid of it?
2. Recommend another browser that isn't so vulnerable to these things (mozilla?)
Cheers in anticipation
Phil
I have ZoneAlarm firewall, NOD32 AV, AVG AV and Adaware 6.0
All have failed to stop/find and destroy the above malware which is basically altering my homepage on IE6 and trying to get me to buy car insurance etc etc it's obviously seeing where I surf (OH) and targetting ads based on that.
I can't find it in either IE program folder or Windows and neither, it would appear, can the various programmes above.
So...can anyone
1. Tell me how to get rid of it?
2. Recommend another browser that isn't so vulnerable to these things (mozilla?)
Cheers in anticipation
Phil
Yep, i'm a fan of Pest Patrol myself. Version 5 comes out very soon. www.pestpatrol.com
Of course you must make sure that your AdAware is up to date before you scan.
There is more info on this bug here: www.pcguide.com/vb/showthread.php?s=&threadid=28901
The reference is halfway down the page as part of the 'Hijack This' log from someone elses machine.
>> Edited by arcturus on Friday 9th April 10:08
There is more info on this bug here: www.pcguide.com/vb/showthread.php?s=&threadid=28901
The reference is halfway down the page as part of the 'Hijack This' log from someone elses machine.
>> Edited by arcturus on Friday 9th April 10:08
Right Spybot is doing its thing now. Adaware is updated.
I had looked at that page prior to posting here - I tried to find out more info on the damned thing, but I think that that is one of the few English pages in Google and it doesn't really offer much in the way of help (at least directly and in language I can understand!)
Cheers for the help so far, will update once spybot is finished.
Phil
I had looked at that page prior to posting here - I tried to find out more info on the damned thing, but I think that that is one of the few English pages in Google and it doesn't really offer much in the way of help (at least directly and in language I can understand!)
Cheers for the help so far, will update once spybot is finished.
Phil
If the new sweep doen't work, (remember to reboot after the sweep/fix) then download 'Hijack This' here: www.tomcoyote.com/hjt/
Install and run, then scan your machine.
Look in the logfile that appears and tick any references to your bug as you posted above.
Hit fix.
Reboot.
If you want to post the logfile here, we can look at it and make suggestions as to what else needs to be removed.
Install and run, then scan your machine.
Look in the logfile that appears and tick any references to your bug as you posted above.
Hit fix.
Reboot.
If you want to post the logfile here, we can look at it and make suggestions as to what else needs to be removed.
Mannginger said:
mk:@MSITStore:C:WINDOWSstart.chm::/start.html
I have ZoneAlarm firewall, NOD32 AV, AVG AV and Adaware 6.0
All have failed to stop/find and destroy the above malware which is basically altering my homepage on IE6 and trying to get me to buy car insurance etc etc it's obviously seeing where I surf (OH) and targetting ads based on that.
I can't find it in either IE program folder or Windows and neither, it would appear, can the various programmes above.
So...can anyone
1. Tell me how to get rid of it?
2. Recommend another browser that isn't so vulnerable to these things (mozilla?)
Cheers in anticipation
Phil
Right
D/load "spybot" and use in conjunction with adaware. Does most of them in.
Failing that, google up the site for "Hijack this" You run this and it scan yor system and does a taxt dump of info that you post on the BBS of the site. Someone looks it over and tells you what to delete or edit.
Took me months of bloody research to sort my problem out!
Coach
Cheers guys - I think a combination of Spybot and win patrol followed by deleting the entry on Hijackthis has got it covered!
However I don't really know what I am doing on PCs so I thought I would drop a copy oof the report on here. I am assuming that the "master-search.com" entries are also some form of spyware but I don't recognise it really.
Logfile of HijackThis v1.97.7
Scan saved at 11:09:43, on 09/04/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:PROGRAM FILESQUARTERDECKCLEANSWEEPCSINJECT.EXE
C:PROGRAM FILESESETNOD32KRN.EXE
C:WINDOWSSYSTEM ONELABSVSMON.EXE
C:PROGRAM FILESGRISOFTAVG6AVGSERV9.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRA~1MEDIAS~1ONSCRE~1OSD.EXE
C:PROGRAM FILESMEDIASCAPETOUCH MANAGERMEDIACTR.EXE
C:PROGRAM FILESMEDIASCAPETOUCH MANAGERTOUCHMGR.EXE
C:WINDOWSLOADQM.EXE
C:PROGRAM FILESESETNOD32KUI.EXE
C:WINDOWSSYSTEMQTTASK.EXE
C:PROGRAM FILES ONE LABS ONEALARM LCLIENT.EXE
C:PROGRAM FILESGRISOFTAVG6AVGCC32.EXE
C:PROGRAM FILESBILLP STUDIOSWINPATROLWINPATROL.EXE
C:PROGRAM FILESMSN MESSENGERMSNMSGR.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEOSA.EXE
C:PROGRAM FILESSONY CORPORATIONIMAGE TRANSFERSONYTRAY.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSTEMPTD_0001.DIRHIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = www.master-search.com/search.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = www.master-search.com/search.php?qq=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.pistonheads.com/gassing
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = www.master-search.com/search.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = www.master-search.com/search.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = www.master-search.com/search.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = www.google.com/keyword/%s
R3 - URLSearchHook: {FD0B1A83-4F7C-11D5-BD9C-000103C116D5} - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRAM FILESYAHOO!COMMONYCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:WINDOWSsys_ext.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:PROGRA~1FREESE~1FSBARFSBAR.DLL (file missing)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRAM FILESYAHOO!COMMONYCOMP5_2_3_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM..Run: [OnScreen Display] C:PROGRA~1MEDIAS~1ONSCRE~1OSD.EXE
O4 - HKLM..Run: [KBD MediaCenter] C:PROGRA~1MEDIAS~1TOUCHM~1MEDIACTR.EXE
O4 - HKLM..Run: [VsecomrEXE] C:PROGRA~1PLUS!ViruscanVSECOMR.EXE
O4 - HKLM..Run: [Vshwin32EXE] C:PROGRA~1PLUS!ViruscanVSHWIN32.EXE
O4 - HKLM..Run: [Touch Manager] C:PROGRA~1MEDIAS~1TOUCHM~1TOUCHMGR.EXE
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [Windows Shell Library Loader] load shell.dll /c /set
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..Run: [Zone Labs Client] C:PROGRA~1 ONELA~1 ONEAL~1zlclient.exe
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GRISOFTAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [WinPatrol] "C:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [Vshwin32EXE] C:PROGRA~1PLUS!ViruscanVSHWIN32.EXE /NoSplash
O4 - HKLM..RunServices: [CSINJECT.EXE] C:PROGRA~1QUARTE~1CLEANS~1CSINJECT.EXE
O4 - HKLM..RunServices: [NOD32kernel] "C:Program FilesEset od32krn.exe"
O4 - HKLM..RunServices: [TrueVector] C:WINDOWSSYSTEM ONELABSVSMON.EXE -service
O4 - HKLM..RunServices: [Avgserv9.exe] C:PROGRA~1GRISOFTAVG6Avgserv9.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: Office Startup.lnk = C:Program FilesMicrosoft OfficeOfficeOSA.EXE
O4 - Startup: Image Transfer.lnk = C:Program FilesSony CorporationImage TransferSonyTray.exe
O8 - Extra context menu item: Search with Freeserve - res://C:PROGRA~1FREESE~1FSBARFSBAR.DLL/VSearch.htm
O8 - Extra context menu item: &Google Search - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: Homepage (HKCU)
O9 - Extra button: BT (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37988.3723958333
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2044804c1e0303278d22/netzip/RdxIE601.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:Program FilesYahoo!commonyucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
Cheers
Phil
However I don't really know what I am doing on PCs so I thought I would drop a copy oof the report on here. I am assuming that the "master-search.com" entries are also some form of spyware but I don't recognise it really.
Logfile of HijackThis v1.97.7
Scan saved at 11:09:43, on 09/04/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:PROGRAM FILESQUARTERDECKCLEANSWEEPCSINJECT.EXE
C:PROGRAM FILESESETNOD32KRN.EXE
C:WINDOWSSYSTEM ONELABSVSMON.EXE
C:PROGRAM FILESGRISOFTAVG6AVGSERV9.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRA~1MEDIAS~1ONSCRE~1OSD.EXE
C:PROGRAM FILESMEDIASCAPETOUCH MANAGERMEDIACTR.EXE
C:PROGRAM FILESMEDIASCAPETOUCH MANAGERTOUCHMGR.EXE
C:WINDOWSLOADQM.EXE
C:PROGRAM FILESESETNOD32KUI.EXE
C:WINDOWSSYSTEMQTTASK.EXE
C:PROGRAM FILES ONE LABS ONEALARM LCLIENT.EXE
C:PROGRAM FILESGRISOFTAVG6AVGCC32.EXE
C:PROGRAM FILESBILLP STUDIOSWINPATROLWINPATROL.EXE
C:PROGRAM FILESMSN MESSENGERMSNMSGR.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEOSA.EXE
C:PROGRAM FILESSONY CORPORATIONIMAGE TRANSFERSONYTRAY.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSTEMPTD_0001.DIRHIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = www.master-search.com/search.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = www.master-search.com/search.php?qq=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.pistonheads.com/gassing
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = www.master-search.com/search.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = www.master-search.com/search.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = www.master-search.com/search.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = www.google.com/keyword/%s
R3 - URLSearchHook: {FD0B1A83-4F7C-11D5-BD9C-000103C116D5} - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRAM FILESYAHOO!COMMONYCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:WINDOWSsys_ext.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:PROGRA~1FREESE~1FSBARFSBAR.DLL (file missing)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRAM FILESYAHOO!COMMONYCOMP5_2_3_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM..Run: [OnScreen Display] C:PROGRA~1MEDIAS~1ONSCRE~1OSD.EXE
O4 - HKLM..Run: [KBD MediaCenter] C:PROGRA~1MEDIAS~1TOUCHM~1MEDIACTR.EXE
O4 - HKLM..Run: [VsecomrEXE] C:PROGRA~1PLUS!ViruscanVSECOMR.EXE
O4 - HKLM..Run: [Vshwin32EXE] C:PROGRA~1PLUS!ViruscanVSHWIN32.EXE
O4 - HKLM..Run: [Touch Manager] C:PROGRA~1MEDIAS~1TOUCHM~1TOUCHMGR.EXE
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [Windows Shell Library Loader] load shell.dll /c /set
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..Run: [Zone Labs Client] C:PROGRA~1 ONELA~1 ONEAL~1zlclient.exe
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GRISOFTAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [WinPatrol] "C:PROGRA~1BILLPS~1WINPAT~1WinPatrol.exe"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [Vshwin32EXE] C:PROGRA~1PLUS!ViruscanVSHWIN32.EXE /NoSplash
O4 - HKLM..RunServices: [CSINJECT.EXE] C:PROGRA~1QUARTE~1CLEANS~1CSINJECT.EXE
O4 - HKLM..RunServices: [NOD32kernel] "C:Program FilesEset od32krn.exe"
O4 - HKLM..RunServices: [TrueVector] C:WINDOWSSYSTEM ONELABSVSMON.EXE -service
O4 - HKLM..RunServices: [Avgserv9.exe] C:PROGRA~1GRISOFTAVG6Avgserv9.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: Office Startup.lnk = C:Program FilesMicrosoft OfficeOfficeOSA.EXE
O4 - Startup: Image Transfer.lnk = C:Program FilesSony CorporationImage TransferSonyTray.exe
O8 - Extra context menu item: Search with Freeserve - res://C:PROGRA~1FREESE~1FSBARFSBAR.DLL/VSearch.htm
O8 - Extra context menu item: &Google Search - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: Homepage (HKCU)
O9 - Extra button: BT (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37988.3723958333
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2044804c1e0303278d22/netzip/RdxIE601.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:Program FilesYahoo!commonyucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:Program FilesYahoo!commonyinsthelper.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
Cheers
Phil
The google toolabr is a recent addition - am still evaluating it really. Having clicked on Master Searc links above it does appear to be some kind of ad programme - degrees etc etc.
Phil
(oh just as a quick aside how do I display a list of programmes that start on er...startup?
I have a few too many I susect and want to trim it a touch)
Cheers
Phil
(oh just as a quick aside how do I display a list of programmes that start on er...startup?
I have a few too many I susect and want to trim it a touch)
Cheers
Click Start > Run and type msconfig in the run box.
Click OK.
You will then be able to select which processes and programs run at start up.
Note for others: Although this works on 98,ME and XP, it does not work on Win2k.
>> Edited by arcturus on Friday 9th April 11:44
>> Edited by arcturus on Friday 9th April 11:45
Click OK.
You will then be able to select which processes and programs run at start up.
Note for others: Although this works on 98,ME and XP, it does not work on Win2k.
>> Edited by arcturus on Friday 9th April 11:44
>> Edited by arcturus on Friday 9th April 11:45
Have you tried CWShredder? I had problems with these companies altering my registry to automatically change my homepage. CWShredder did the trick.
If you type in RegEdit in your command prompt and goto Internet Explorer it's in HKEY_CURRENT_USER/Microsoft and see what your homepage is set to.
If you don't want to dabble with your registry then I would find a registry restorer program (they're free to download).
That's how they do it though - they re-write your registry.
Hope that helps.
If you type in RegEdit in your command prompt and goto Internet Explorer it's in HKEY_CURRENT_USER/Microsoft and see what your homepage is set to.
If you don't want to dabble with your registry then I would find a registry restorer program (they're free to download).
That's how they do it though - they re-write your registry.
Hope that helps.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff