Jump to content


Photo

CWShredder didn't get rid of it


  • This topic is locked This topic is locked
14 replies to this topic

#1 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 10 June 2004 - 08:16 AM

not really that comp literate so if u can help me, please can u give me as easy to understand instructions as possible. Im sure I have that coolwebsearch thing on my computer but the CWShredder thing doesn't get rid of it. I keep getting diverted to "Search the Web" instead of the page I want, and I have some weird toolbar called unrrkfrocho that I can't remove....I did that log thingy - thanks if u can help!!! ...this is what came up:

Logfile of HijackThis v1.97.7
Scan saved at 11:07:53 PM, on 10/06/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\loadqm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe
C:\WINNT\System32\internat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Hjl1.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLM7OL27\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {82c9a563-2b1b-4d8d-9b6b-845fd073c6e1} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: unrrkfrocho - {81689b7c-8f1f-45cb-9bd6-2082c84afdd2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [gmchdr] C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe -QuieT
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au
O15 - Trusted Zone: http://www.seek.com.au
O15 - Trusted Zone: www.snapshotsquad.com.au
O15 - Trusted Zone: www.lycos.com
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe
O16 - DPF: {0249A051-D6F9-11D2-8803-006008957532} - http://clubs.lycos.c...oad/Install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.6.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8148.2482060185
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://downloads.spy...erOuter1111.EXE
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

#2 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 10 June 2004 - 06:19 PM

Hi chiller
You are in bad need of your security patches and updates-
Internet Explorer
Windows updates
First you need to place HiJack This into a folder of itís own.
Go into your documents and make a new folder and name it HJT or something you like. Then unzip HJT into your new folder. If you ever need to restore an item you may not have that option, or be able to find them from a temp dir.
Close all browsers and rerun HJT. Check and click fix checked for the following-

O2 - BHO: (no name) - {82c9a563-2b1b-4d8d-9b6b-845fd073c6e1} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll
O3 - Toolbar: unrrkfrocho - {81689b7c-8f1f-45cb-9bd6-2082c84afdd2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\wdrizmchee.dll
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
This one is your choice but advised-
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [gmchdr] C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe -QuieT
Your choice but I don't let anything in my 015 trusted zone.
O16 - DPF: {0249A051-D6F9-11D2-8803-006008957532} - http://clubs.lycos.c...oad/Install.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.6.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://downloads.spy...erOuter1111.EXE
Make sure your 017 entry leads to your company ,school or ISP.
Restart your computer,preferably in safe mode and delete-
C:\PROGRA~1\Date Manager <=Folder
C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File

#3 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 June 2004 - 05:11 AM

Thankyou very much for the help but I don't understand how to do this bit

"Make sure your 017 entry leads to your company ,school or ISP.
Restart your computer,preferably in safe mode and delete-
C:\PROGRA~1\Date Manager <=Folder
C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File "

Can u please tell me how? Thanks!

#4 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 June 2004 - 06:48 AM

don't know whether or not its important but Im also getting ads via a "messenger service" window - not the usual pop up type ads, a grey windows like window that I have to click on an "ok" button to close...

#5 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 June 2004 - 10:47 AM

Found in other posts how to do:
Restart your computer,preferably in safe mode and delete-
C:\PROGRA~1\Date Manager <=Folder
C:\DOCUME~1\ADMINI~1\APPLIC~1\htxnrgoy.exe <=File "


Still not sure about:
Make sure your 017 entry leads to your company ,school or ISP
(its a home computer)

and the grey windows I was describing are from universitys, places trying to sell me pharmaceuticals and the last few have been trying to tell me about spyware - they all say to write the address down and type into my address bar (I haven't done this though, didn't visit any of the sites)...

#6 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 11 June 2004 - 06:35 PM

Hi
Post another log and we'll see if anything is still hanging around. You could also try a popup stopper. I use a free one from panicware.com that works pretty well. I'm sure a search would bring up others also.Make sure you get your updates too.

#7 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 11 June 2004 - 11:30 PM

Hi OlTramp,

Thanks so much for all your help - I have absolutely no idea about this stuff!

I am still updating the things u said to - theres heaps of it, so its taking awhile (am I meant to do this regularly??? How often is best???). Once that has updated, I'll post another log from HJT.

Still not sure where I check what u wrote earlier - the "Make sure your 017 entry leads to your company ,school or ISP". Could you please tell me how I do this?

Thanks again (sorry to be such a pest and ask so many q's)

#8 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 June 2004 - 03:15 AM

*** Update: Have just noticed that when I show all files in C:\Program Files, there are folders for "FunWebProducts", "MyWebSearch" and "Messenger Plus! 2"... I thought these were all fixed in the HJT fix u suggested earlier...should these folders still be here?

My mouse icon has also just turned into a witch riding a broom, all by itself! I didn't do this, just appeared when I logged on again just now!!!

Had four of those grey window messenger service things come up whilst writing this - two for university degrees, one pharmaceutical and one about visiting a website for a security update...

I'll paste the latest HJT log, but please keep in mind Im still updating the items u suggested before (I did listen to ur recommendations and I am updating but its not finished yet - embarassed to admit, but I only have a 28k modem...)


Logfile of HijackThis v1.97.7
Scan saved at 6:00:58 PM, on 12/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8148.2482060185
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

#9 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 June 2004 - 07:31 AM

Ive just finished running adaware and spybot s&d and now have all the updates u suggested earlier. Adaware and spybot both fixed things which was great (the witch cursor thing has gone) but when I reboot things that were fixed in spybot reappear. Ive done this four times now, run spybot, fixed them, shut down, restarted rerun spybot and they're back! The two probs that keep coming back are two "DSO exploits" listed as :

HKEY_USERS\S-1-5-21-1645522239-152049171-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

and

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


so, ummmm...now what?

THANKS!

#10 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 June 2004 - 09:53 AM

Hi,

Im also getting ads via a "messenger service" window

Stopping Advertisements with Messenger Service Titles (2K)

Have just noticed that when I show all files in C:\Program Files, there are folders for "FunWebProducts", "MyWebSearch" and "Messenger Plus! 2"


Uninstall via Add Remove (if exists)
Otherwise delete the folders in Safe Mode (see "How To" below)

Uninstall PrecisionTime from "Add/Remove Programs"


The two probs that keep coming back are two "DSO exploits"

As long as your system has all the Critical Updates installed, you can ignore that SpyBot entry.

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKCU\..\Run: [commdlg] C:\WINNT\System32\commdlg.exe
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/mp3.exe


Then reboot, on restart, restart in Safe Mode (see "How To" below)

Open Windows Explorer locate and delete the following:


C:\PROGRAM FILES\PrecisionTime <--this folder
C:\PROGRAM FILES\FunWebProducts <--this folder
C:\PROGRAM FILES\MyWebSearch <--this folder
C:\PROGRAM FILES\Messenger Plus! 2 <--this folder
C:\WINNT\System32\commdlg.exe <--this file

Restart normally and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#11 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 June 2004 - 09:50 PM

Hi WinHelp!

Thanks for the help! Very much appreciated!!! And yes I have all the critical updates etc now, so I'll ignore those two entries...

Ok, in order, this is what I have done.

* Stopped the annoying messenger service as per the instructions on the page you gave.

* Went into add/remove programs - only PrecisionTime was there, so I got rid of it

* Closed all windows and ran HJT - fixed the things you said. When I did this, a spybot s&d window popped up warning me about a change and did I want to go ahead - figured you know better than it, so I allowed the change

* rebooted into safe mode and deleted the folders but couldn't find the file commdlg.exe anywhere

*restarted normally below is the new HJT log

Logfile of HijackThis v1.97.7
Scan saved at 12:33:09 PM, on 13/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optus Internet
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.optusnet.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8148.2482060185
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

Now, earlier OlTramp told me to check the 017 entry and make sure it leads to my company, school, or ISP - this is my home computer so I figure I have to check it leads back to my ISP - don't know how to do this though (I know its prob really simple, but I don't know how to check it....) So if you could tell me how that would be great.

Besides that, am I all fixed?

Thanks very much for the help!

#12 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 12 June 2004 - 10:09 PM

Hi,
Your log is clean now ... good job!

Now, earlier OlTramp told me to check the 017 entry


O17 - HKLM\System\CCS\Services\Tcpip\..\{773929A9-B905-4037-972D-87F990D9DEA3}: NameServer = 203.2.75.132 198.142.0.51

203.2.75.132 = dns.syd.optusnet.com.au
198.142.0.51 = dns.meb.optusnet.com.au

As you can see the above IP addresses both lead to your ISP, so everything is Ok there. :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#13 chiller

chiller

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 12 June 2004 - 10:32 PM

THANKYOU THANKYOU THANKYOU THANKYOU!!! Can't tell you how much I appreciate the help! Im an employment consultant - so if you ever need help with a resume...new job... be only too happy to help!!!

THANKS AGAIN - you guys are fantastic!!!!!

:)

#14 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 13 June 2004 - 02:47 AM

chiller,
You're welcome ... glad to see you have resolved your problem. :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#15 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 June 2004 - 07:20 AM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button