• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
chiller

CWShredder didn't get rid of it

15 posts in this topic

not really that comp literate so if u can help me, please can u give me as easy to understand instructions as possible. Im sure I have that coolwebsearch thing on my computer but the CWShredder thing doesn't get rid of it. I keep getting diverted to "Search the Web" instead of the page I want, and I have some weird toolbar called unrrkfrocho that I can't remove....I did that log thingy - thanks if u can help!!! ...this is what came up:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:07:53 PM, on 10/06/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\System32\MsgSys.EXE

C:\WINNT\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINNT\loadqm.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe

C:\WINNT\System32\internat.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hjl1.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLM7OL27\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {82c9a563-2b1b-4d8d-9b6b-845fd073c6e1} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: unrrkfrocho - {81689b7c-8f1f-45cb-9bd6-2082c84afdd2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe

O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [gmchdr] C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe -QuieT

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au

O15 - Trusted Zone: http://www.seek.com.au

O15 - Trusted Zone: www.snapshotsquad.com.au

O15 - Trusted Zone: www.lycos.com

O15 - Trusted Zone: http://groups.msn.com

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe

O16 - DPF: {0249A051-D6F9-11D2-8803-006008957532} - http://clubs.lycos.com/live/Download/Install.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab

O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8148.2482060185

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://downloads.spywarelabs.com/DistID/11...erOuter1111.EXE

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

Share this post


Link to post
Share on other sites

Hi chiller

You are in bad need of your security patches and updates-

Internet Explorer

Windows updates

First you need to place HiJack This into a folder of it’s own.

Go into your documents and make a new folder and name it HJT or something you like. Then unzip HJT into your new folder. If you ever need to restore an item you may not have that option, or be able to find them from a temp dir.

Close all browsers and rerun HJT. Check and click fix checked for the following-

 

O2 - BHO: (no name) - {82c9a563-2b1b-4d8d-9b6b-845fd073c6e1} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll

O3 - Toolbar: unrrkfrocho - {81689b7c-8f1f-45cb-9bd6-2082c84afdd2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll

O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"

This one is your choice but advised-

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [gmchdr] C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe -QuieT

Your choice but I don't let anything in my 015 trusted zone.

O16 - DPF: {0249A051-D6F9-11D2-8803-006008957532} - http://clubs.lycos.com/live/Download/Install.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab

O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://downloads.spywarelabs.com/DistID/11...erOuter1111.EXE

Make sure your 017 entry leads to your company ,school or ISP.

Restart your computer,preferably in safe mode and delete-

C:\PROGRA~1\Date Manager <=Folder

C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File

Share this post


Link to post
Share on other sites

Thankyou very much for the help but I don't understand how to do this bit

 

"Make sure your 017 entry leads to your company ,school or ISP.

Restart your computer,preferably in safe mode and delete-

C:\PROGRA~1\Date Manager <=Folder

C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File "

 

Can u please tell me how? Thanks!

Share this post


Link to post
Share on other sites

don't know whether or not its important but Im also getting ads via a "messenger service" window - not the usual pop up type ads, a grey windows like window that I have to click on an "ok" button to close...

Share this post


Link to post
Share on other sites

Found in other posts how to do:

Restart your computer,preferably in safe mode and delete-

C:\PROGRA~1\Date Manager <=Folder

C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File "

 

 

Still not sure about:

Make sure your 017 entry leads to your company ,school or ISP

(its a home computer)

 

and the grey windows I was describing are from universitys, places trying to sell me pharmaceuticals and the last few have been trying to tell me about spyware - they all say to write the address down and type into my address bar (I haven't done this though, didn't visit any of the sites)...

Share this post


Link to post
Share on other sites

Hi

Post another log and we'll see if anything is still hanging around. You could also try a popup stopper. I use a free one from panicware.com that works pretty well. I'm sure a search would bring up others also.Make sure you get your updates too.

Share this post


Link to post
Share on other sites

Hi OlTramp,

 

Thanks so much for all your help - I have absolutely no idea about this stuff!

 

I am still updating the things u said to - theres heaps of it, so its taking awhile (am I meant to do this regularly??? How often is best???). Once that has updated, I'll post another log from HJT.

 

Still not sure where I check what u wrote earlier - the "Make sure your 017 entry leads to your company ,school or ISP". Could you please tell me how I do this?

 

Thanks again (sorry to be such a pest and ask so many q's)

Share this post


Link to post
Share on other sites

*** Update: Have just noticed that when I show all files in C:\Program Files, there are folders for "FunWebProducts", "MyWebSearch" and "Messenger Plus! 2"... I thought these were all fixed in the HJT fix u suggested earlier...should these folders still be here?

 

My mouse icon has also just turned into a witch riding a broom, all by itself! I didn't do this, just appeared when I logged on again just now!!!

 

Had four of those grey window messenger service things come up whilst writing this - two for university degrees, one pharmaceutical and one about visiting a website for a security update...

 

I'll paste the latest HJT log, but please keep in mind Im still updating the items u suggested before (I did listen to ur recommendations and I am updating but its not finished yet - embarassed to admit, but I only have a 28k modem...)

 

 

Logfile of HijackThis v1.97.7

Scan saved at 6:00:58 PM, on 12/06/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINNT\system32\internat.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\My Documents\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe

O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8148.2482060185

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

Share this post


Link to post
Share on other sites

Ive just finished running adaware and spybot s&d and now have all the updates u suggested earlier. Adaware and spybot both fixed things which was great (the witch cursor thing has gone) but when I reboot things that were fixed in spybot reappear. Ive done this four times now, run spybot, fixed them, shut down, restarted rerun spybot and they're back! The two probs that keep coming back are two "DSO exploits" listed as :

 

HKEY_USERS\S-1-5-21-1645522239-152049171-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

and

 

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

 

so, ummmm...now what?

 

THANKS!

Share this post


Link to post
Share on other sites

Hi,

Im also getting ads via a "messenger service" window

Stopping Advertisements with Messenger Service Titles (2K)

 

Have just noticed that when I show all files in C:\Program Files, there are folders for "FunWebProducts", "MyWebSearch" and "Messenger Plus! 2"

 

Uninstall via Add Remove (if exists)

Otherwise delete the folders in Safe Mode (see "How To" below)

 

Uninstall PrecisionTime from "Add/Remove Programs"

 

 

The two probs that keep coming back are two "DSO exploits"

As long as your system has all the Critical Updates installed, you can ignore that SpyBot entry.

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe

O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe

 

Then reboot, on restart, restart in Safe Mode (see "How To" below)

 

Open Windows Explorer locate and delete the following:

 

 

C:\PROGRAM FILES\PrecisionTime <--this folder

C:\PROGRAM FILES\FunWebProducts <--this folder

C:\PROGRAM FILES\MyWebSearch <--this folder

C:\PROGRAM FILES\Messenger Plus! 2 <--this folder

C:\WINNT\System32\commdlg.exe <--this file

 

Restart normally and post a fresh log ...

Share this post


Link to post
Share on other sites

Hi WinHelp!

 

Thanks for the help! Very much appreciated!!! And yes I have all the critical updates etc now, so I'll ignore those two entries...

 

Ok, in order, this is what I have done.

 

* Stopped the annoying messenger service as per the instructions on the page you gave.

 

* Went into add/remove programs - only PrecisionTime was there, so I got rid of it

 

* Closed all windows and ran HJT - fixed the things you said. When I did this, a spybot s&d window popped up warning me about a change and did I want to go ahead - figured you know better than it, so I allowed the change

 

* rebooted into safe mode and deleted the folders but couldn't find the file commdlg.exe anywhere

 

*restarted normally below is the new HJT log

 

Logfile of HijackThis v1.97.7

Scan saved at 12:33:09 PM, on 13/06/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\WINNT\system32\internat.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\My Documents\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8148.2482060185

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

 

Now, earlier OlTramp told me to check the 017 entry and make sure it leads to my company, school, or ISP - this is my home computer so I figure I have to check it leads back to my ISP - don't know how to do this though (I know its prob really simple, but I don't know how to check it....) So if you could tell me how that would be great.

 

Besides that, am I all fixed?

 

Thanks very much for the help!

Share this post


Link to post
Share on other sites

Hi,

Your log is clean now ... good job!

 

Now, earlier OlTramp told me to check the 017 entry

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

 

203.2.75.132 = dns.syd.optusnet.com.au

198.142.0.51 = dns.meb.optusnet.com.au

 

As you can see the above IP addresses both lead to your ISP, so everything is Ok there. :wave:

Share this post


Link to post
Share on other sites

THANKYOU THANKYOU THANKYOU THANKYOU!!! Can't tell you how much I appreciate the help! Im an employment consultant - so if you ever need help with a resume...new job... be only too happy to help!!!

 

THANKS AGAIN - you guys are fantastic!!!!!

 

:)

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0