Can't get rid of LOP and all the junk that goes with it!!

#1 February 14th 05, 12:13 AM

I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily,
but they always come back. Lots of Pop Ups, Lots of extra junk in "My
Favoites" list that it won't give me the option to delete. Also, Poker and
Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in
results:
-- Logfile of HijackThis v1.99.0
Scan saved at 8:19:07 AM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory
1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\Tool list.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
Thunk.exe
O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon...ad/tgctlsi.cab
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class)
- http://support.charter.com/sdccommon...ad/tgctlpr.cab
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl
Class) - http://support.charter.com/sdccommon/download/tgrc.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/act...a/SymAData.dll
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help,
plh, "protector" of the computer from 4 teenagers and Dad!

#2 February 14th 05, 02:06 AM

What was the response from HijackThis when you placed the information in
their analyzer?
"Pat" wrote in message
...
I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
temporarily,
but they always come back. Lots of Pop Ups, Lots of extra junk in "My
Favoites" list that it won't give me the option to delete. Also, Poker and
Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in
results:
-- Logfile of HijackThis v1.99.0
Scan saved at 8:19:07 AM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
Directory
1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\Tool list.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
Thunk.exe
O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com
ActionRunner
Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com
SmartIssue) -
http://support.charter.com/sdccommon...ad/tgctlsi.cab
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe
Class)
- http://support.charter.com/sdccommon...ad/tgctlpr.cab
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com
RemoteControl
Class) - http://support.charter.com/sdccommon/download/tgrc.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/act...a/SymAData.dll
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class)
- http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec
Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec
Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help,
plh, "protector" of the computer from 4 teenagers and Dad!

#3 February 14th 05, 02:07 AM

On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote:

I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
temporarily, but they always come back. Lots of Pop Ups, Lots of extra
junk in "My Favoites" list that it won't give me the option to delete.
Also, Poker and Casino Online short cuts on Desk Top. Downloaded
"Hijackthis". Here in results:
-- Logfile of HijackThis v1.99.0
Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT
5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton
AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common
Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program
Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet
Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program
Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) -
{EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton
AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint -
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM
Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM
Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program
Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan]
soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 -
HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft
Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4
- HKLM\..\Run: [EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run:
[ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program
Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run:
[NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run:
[MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\Tool list.exe O4 -
HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe
-quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background O4 - HKCU\..\Run: [SpyKiller] C:\Program
Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM]
\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol]
C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global
Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global
Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global
Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context
menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button:
AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem:
Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug -
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF:
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF:
{01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class)
- http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF:
{01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF:
{01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) -
http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF:
{01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class)
- http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF:
{01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander
Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 -
DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16
- DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16
- DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF:
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe O16 - DPF:
{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International
Setup Player) - http://www.installengine.com/engine/isetup.cab O16 -
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
- http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF:
{F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
- http://chat.msn.com/bin/msnchat45.cab O16 - DPF:
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF:
{FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 -
Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 -
Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 -
Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus
Auto Protect Service - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service:
ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI
Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet
Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help,
plh, "protector" of the computer from 4 teenagers and Dad!

Get rid of the following with HijackThis:

O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

also do a search for install.cab on your C: drive and remove it.

Rush
http://www.bythedrop.com

#4 February 14th 05, 03:21 AM

I Deleted the ones you said to and did a search for install.cab and deleted
that, but the problem still presist!! What Now???
"Rush" wrote:

On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote:

I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
temporarily, but they always come back. Lots of Pop Ups, Lots of extra
junk in "My Favoites" list that it won't give me the option to delete.
Also, Poker and Casino Online short cuts on Desk Top. Downloaded
"Hijackthis". Here in results:
-- Logfile of HijackThis v1.99.0
Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT
5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton
AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common
Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program
Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet
Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program
Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) -
{EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton
AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint -
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM
Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM
Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program
Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan]
soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 -
HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft
Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4
- HKLM\..\Run: [EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run:
[ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program
Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program
Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run:
[NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run:
[MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\Tool list.exe O4 -
HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe
-quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background O4 - HKCU\..\Run: [SpyKiller] C:\Program
Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM]
\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol]
C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global
Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global
Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global
Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context
menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button:
AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem:
Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug -
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF:
{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF:
{01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class)
- http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF:
{01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF:
{01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) -
http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF:
{01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class)
- http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF:
{01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander
Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 -
DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16
- DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16
- DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF:
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe O16 - DPF:
{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International
Setup Player) - http://www.installengine.com/engine/isetup.cab O16 -
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
- http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF:
{F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
- http://chat.msn.com/bin/msnchat45.cab O16 - DPF:
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF:
{FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 -
Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 -
Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 -
Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus
Auto Protect Service - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service:
ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI
Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet
Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help,
plh, "protector" of the computer from 4 teenagers and Dad!

Get rid of the following with HijackThis:

O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

also do a search for install.cab on your C: drive and remove it.

Rush
http://www.bythedrop.com

#5 February 14th 05, 03:38 AM

On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote:

I Deleted the ones you said to and did a search for install.cab and
deleted that, but the problem still presist!! What Now???

Can you post an updated log file from HijackThis?
We'll nail this...

Rush
http://www.bythedrop.com

#6 February 14th 05, 02:29 PM

Here is updated Hijackthis log,(THANK YOU):Logfile of HijackThis v1.99.0
Scan saved at 8:22:11 AM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\KaZaA Lite\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory
1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.cfdvppqkxvqaqqncgcnytlof....iaSDcZFeHp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
Thunk.exe
O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon...ad/tgctlsi.cab
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class)
- http://support.charter.com/sdccommon...ad/tgctlpr.cab
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl
Class) - http://support.charter.com/sdccommon/download/tgrc.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/act...a/SymAData.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

"Rush" wrote:

On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote:

I Deleted the ones you said to and did a search for install.cab and
deleted that, but the problem still presist!! What Now???

Can you post an updated log file from HijackThis?
We'll nail this...

Rush
http://www.bythedrop.com

#7 February 14th 05, 05:25 PM

On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:

Here is updated Hijackthis log,(THANK YOU)

snip

There are few things that I have no idea what they are. If they were on my
system, I would remove them. I can't find anything on the following .exe
files and maybe someone could offer some insight.

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

Check this page out if you haven't yet:
http://www.greyknight17.com/spyware.htm
It has a good summary of steps to follow that might cut down on your time
spent trying to fix the spyware problems.

Rush
http://www.bythedrop.com

#8 February 17th 05, 02:35 AM

Thank You for the link to "greyknight17". I has a lot of good information. I
ran a virus scan with several of the online antivirus programs. 3 out of 4
programs found A LOT of "junk". Please forgive me if I ask stupid questions.
That's the only way I have learned anything about the computer. If the report
from the antivirus wear says "infected", does that mean infected with a virus
or something else?? One report says 57 items were infected, only 6 were
disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were
disinfected! And another one, BitDefender, listed a ton of files from Spybot,
Adaware, and Norton AntiVirus--It also said I had over 150 items infected,
and also listed the program Ares. My daughter uses it to download music. Here
are the files it listed from Ares.
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=NHInstall.exe: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=NHManifest.txt: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=v2.0.2.cab: bad crc
The rest of the family uses Kazaa Lite. I was afraid to let BitDefender
"autoclean". I didn't want to wipe out her program if I didn't have to. I
copied 2 of the reports after the programs had finished scanning. I am not
sure how to clean everything out. Do I need to search out each file and
delete them "one by one"?? or is there a better way? This will be a very slow
process, because I work full time, have a large family, and a very loving and
patient husband (who doesn't complain when I stay on the computer too much).
I must go, now, and spend some time with my husband. Thank you, again, for
your help.

"Rush" wrote:

On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:

Here is updated Hijackthis log,(THANK YOU)

snip

There are few things that I have no idea what they are. If they were on my
system, I would remove them. I can't find anything on the following .exe
files and maybe someone could offer some insight.

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

Check this page out if you haven't yet:
http://www.greyknight17.com/spyware.htm
It has a good summary of steps to follow that might cut down on your time
spent trying to fix the spyware problems.

Rush
http://www.bythedrop.com

#9 March 1st 05, 02:31 AM

Delete those 3, they are good to go:

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and
Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags
idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

On Wed, 16 Feb 2005 18:35:07 -0800, Pat
in microsoft.public.windowsxp.basics
wrote this terrifying message:

Thank You for the link to "greyknight17". I has a lot of good information. I
ran a virus scan with several of the online antivirus programs. 3 out of 4
programs found A LOT of "junk". Please forgive me if I ask stupid questions.
That's the only way I have learned anything about the computer. If the report
from the antivirus wear says "infected", does that mean infected with a virus
or something else?? One report says 57 items were infected, only 6 were
disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were
disinfected! And another one, BitDefender, listed a ton of files from Spybot,
Adaware, and Norton AntiVirus--It also said I had over 150 items infected,
and also listed the program Ares. My daughter uses it to download music. Here
are the files it listed from Ares.
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=NHInstall.exe: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=NHManifest.txt: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS
o)=zlib_nsis0019=(CAB Sfx o)=v2.0.2.cab: bad crc
The rest of the family uses Kazaa Lite. I was afraid to let BitDefender
"autoclean". I didn't want to wipe out her program if I didn't have to. I
copied 2 of the reports after the programs had finished scanning. I am not
sure how to clean everything out. Do I need to search out each file and
delete them "one by one"?? or is there a better way? This will be a very slow
process, because I work full time, have a large family, and a very loving and
patient husband (who doesn't complain when I stay on the computer too much).
I must go, now, and spend some time with my husband. Thank you, again, for
your help.

"Rush" wrote:

On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:

Here is updated Hijackthis log,(THANK YOU)

snip

There are few things that I have no idea what they are. If they were on my
system, I would remove them. I can't find anything on the following .exe
files and maybe someone could offer some insight.

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

Check this page out if you haven't yet:
http://www.greyknight17.com/spyware.htm
It has a good summary of steps to follow that might cut down on your time
spent trying to fix the spyware problems.

Rush
http://www.bythedrop.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode