ComputerForum.com ComputerForum.com  
Go Back   Computer Forum > Computer Software > Computer Security
toolbar removal toolbar removal
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes
Old 05-07-2005, 06:44 PM   #1 (permalink)
New Member
 
Join Date: May 2005
Posts: 13
Question toolbar removal
hi, i've got a really annoying toolbar attached to IE. If i click on 'remove toolbar' it takes me to a site selling my antivirus software.
I think it's called 'Coolbar'.
It's got several quick links to various pages from gambling, pharmacy and porn! My children use this pc so i'm rather keen to remove it.
I've tried the latest Adaware with no success.
I've also tried the following code in dos which i gleaned from a website:
cd c:\windows\system
regesvr32 /u cool.dll
del cool.dll
unfortunately this stalls when i get to the second line with an error message: bad command or file name.
Any ideas
cliff the legend is offline   Reply With Quote


Old 05-07-2005, 06:46 PM   #2 (permalink)
VIP Member
 
Join Date: Feb 2005
Location: UK
Age: 21
Posts: 6,033
Default
http://www.majorgeeks.com/download3155.html - download this program, install it, close down all browser windows, run it and post the log on here and we'll help you
__________________
C2D E6300 @ 2.6Ghz
Gigabyte GA-965P-DS3
2GB DDR2 667
1TB (1x500GB 2x250GB HDD)
BFG 8800GTS 320MB

PFC Til I Die
elmarcorulz is offline   Reply With Quote
Old 05-07-2005, 07:17 PM   #3 (permalink)
New Member
 
Join Date: May 2005
Posts: 13
Default hijack this log of my pc
Logfile of HijackThis v1.99.1
Scan saved at 19:03:48, on 07/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\G-VGA.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\HYDRAVISION\HYDRADM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\WPSPSW.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\MSMSGS.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\GIGABYTE\GIGABYTE WINDOWS UTILITY MANAGER\GWUM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
D:\OPENOFFICE.ORG1.1.4\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F1 - win.ini: load=WPSHRC.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP1.DLL
O2 - BHO: ActiveX Control - {A90D0B80-B69F-11D9-9661-0009F3106456} - C:\WINDOWS\SYSTEM\MSUNK.DLL (file missing)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O2 - BHO: IE SP2 AddOn - {AE950F80-B69F-11D9-9661-0009F3106456} - C:\WINDOWS\SYSTEM\SPQMV.DLL
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRA~1\FREEDO~1\FDABAR1.DLL
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MMCWINMGMT] C:\WINDOWS\SYSTEM\wbem\winmgmt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\SYSTEM\G-VGA.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MicrosoftWBEMCIMObjectManager] C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
O4 - Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Startup: WinMgmt.lnk = C:\WINDOWS\SYSTEM\WBEM\WinMgmt.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 1.1.4.lnk = D:\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk043
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://info.blueyonder.co.uk/Telewes...ivePreQual.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875474/files/installer.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://www.real-euros.com/EPlugin_GB.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/...m::/update.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://59.189.48.236:8765/activex/AMC.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://59.189.48.236:8765/activex/AMC.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31
cliff the legend is offline   Reply With Quote
Old 05-07-2005, 08:01 PM   #4 (permalink)
Malware Destroyer
 
Byteman's Avatar
 
Join Date: Apr 2005
Location: Hurricane Heaven... still
Posts: 1,093
Default
At a minimum, looks like mywebsearch and possibly a trojan as well. Have you run any UPDATED antivirus scans (your AVG) and spyware scans, (download Ad-AwareSE and SpyBot)?
__________________
Don't byte off more than you can chew...
Byteman is offline   Reply With Quote
Old 05-07-2005, 08:03 PM   #5 (permalink)
Malware Destroyer
 
Byteman's Avatar
 
Join Date: Apr 2005
Location: Hurricane Heaven... still
Posts: 1,093
Default
if not, try running them and post back another HJT log.
__________________
Don't byte off more than you can chew...
Byteman is offline   Reply With Quote


Old 05-07-2005, 10:33 PM   #6 (permalink)
New Member
 
Join Date: May 2005
Posts: 13
Default
i've run ad-aware se and the latest avg, is it worth doing spybot as well?
cliff the legend is offline   Reply With Quote
Old 05-07-2005, 10:43 PM   #7 (permalink)
VIP Member
 
Join Date: Feb 2005
Location: UK
Age: 21
Posts: 6,033
Default
no harm in trying
__________________
C2D E6300 @ 2.6Ghz
Gigabyte GA-965P-DS3
2GB DDR2 667
1TB (1x500GB 2x250GB HDD)
BFG 8800GTS 320MB

PFC Til I Die
elmarcorulz is offline   Reply With Quote
Old 05-07-2005, 11:42 PM   #8 (permalink)
New Member
 
Join Date: May 2005
Posts: 13
Default
no luck
cliff the legend is offline   Reply With Quote
Old 05-07-2005, 11:49 PM   #9 (permalink)
Bronze Member
 
timmah01's Avatar
 
Join Date: May 2005
Posts: 93
Default
http://www.snapfiles.com/download/dl...bshredder.html - that might be the toolbar you wanted to get rid of - if not just browse www.snapfiles.com im pretty sure i downloaded a toolbar remover there (freeware section)
timmah01 is offline   Reply With Quote
Old 05-08-2005, 07:17 AM   #10 (permalink)
Malware Destroyer
 
Byteman's Avatar
 
Join Date: Apr 2005
Location: Hurricane Heaven... still
Posts: 1,093
Default
Did you avg or adawareSE remove/find anything? if so, post another HJT log.
__________________
Don't byte off more than you can chew...
Byteman is offline   Reply With Quote
Reply
Page 1 of 2 1 2 >

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

All times are GMT +1. The time now is 10:51 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum