1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

coolwebsearch will not die

Discussion in 'Virus & Other Malware Removal' started by cms95033, Dec 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. cms95033

    cms95033 Thread Starter

    Joined:
    Dec 23, 2004
    Messages:
    2
    Help!

    ad-aware finally knocked off VX2 but I can't seem to kill coolwebsearch

    her is my hijack this log



    Logfile of HijackThis v1.98.2
    Scan saved at 6:10:26 PM, on 12/24/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\niSvcLoc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\McAfee.com\VSO\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\vqgkiw.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\INTERVIDEO\COMMON\BIN\WinCinemaMgr.exe
    C:\Program Files\INTERVIDEO\WinDVR\WinScheduler.exe
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
    C:\Documents and Settings\Dad\My Documents\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dad\Application Data\Mozilla\Profiles\default\afc5qirq.slt\prefs.js)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C84 Series on BRIANNA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\E_S4I2D1.EXE /P39 "Auto EPSON Stylus C84 Series on BRIANNA" /O18 "\\BRIANNA\Printer2" /M "Stylus C84"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
    O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\system32\vqgkiw.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Dad\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\INTERVIDEO\COMMON\BIN\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\INTERVIDEO\WinDVR\WinScheduler.exe
    O4 - Global Startup: kfinuh.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.196.12.29/activex/AxisCamControl.ocx
    O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
     
  2. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
  3. cms95033

    cms95033 Thread Starter

    Joined:
    Dec 23, 2004
    Messages:
    2
    Looks kike spy subtract is a lot more robust than the
    three others I tried. Thanks

    Logfile of HijackThis v1.99.0
    Scan saved at 8:40:52 PM, on 12/24/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\niSvcLoc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee.com\VSO\mcshield.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    C:\WINDOWS\system32\lxamsp32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\INTERVIDEO\COMMON\BIN\WinCinemaMgr.exe
    C:\Program Files\INTERVIDEO\WinDVR\WinScheduler.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\DownloadWizard\DownloadWizard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
    C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\SantaCruzCpl.exe
    C:\Documents and Settings\Dad\My Documents\My Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dad\Application Data\Mozilla\Profiles\default\afc5qirq.slt\prefs.js)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C84 Series on BRIANNA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\E_S4I2D1.EXE /P39 "Auto EPSON Stylus C84 Series on BRIANNA" /O18 "\\BRIANNA\Printer2" /M "Stylus C84"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Dad\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\INTERVIDEO\COMMON\BIN\WinCinemaMgr.exe
    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\INTERVIDEO\WinDVR\WinScheduler.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://128.196.12.29/activex/AxisCamControl.ocx
    O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield - Unknown - C:\Program Files\McAfee.com\VSO\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
    O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Welcome to TSG! :)

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php


    Restart to safe mode.

    How to start your computer in safe mode

    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now find and delete this file:

    C:\WINDOWS\system32\vqgkiw.exe

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/311378

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice