If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily, but they always come back. Lots of Pop Ups, Lots of extra junk in "My Favoites" list that it won't give me the option to delete. Also, Poker and Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in results: -- Logfile of HijackThis v1.99.0 Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\Tool list.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for the help, plh, "protector" of the computer from 4 teenagers and Dad! |
Ads |
#2
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
What was the response from HijackThis when you placed the information in
their analyzer? "Pat" wrote in message ... I can't find the program (not sure what I am looking for) in Add/delete programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily, but they always come back. Lots of Pop Ups, Lots of extra junk in "My Favoites" list that it won't give me the option to delete. Also, Poker and Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in results: -- Logfile of HijackThis v1.99.0 Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\Tool list.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for the help, plh, "protector" of the computer from 4 teenagers and Dad! |
#3
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote:
I can't find the program (not sure what I am looking for) in Add/delete programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily, but they always come back. Lots of Pop Ups, Lots of extra junk in "My Favoites" list that it won't give me the option to delete. Also, Poker and Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in results: -- Logfile of HijackThis v1.99.0 Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\Tool list.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for the help, plh, "protector" of the computer from 4 teenagers and Dad! Get rid of the following with HijackThis: O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab also do a search for install.cab on your C: drive and remove it. Rush http://www.bythedrop.com |
#4
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
I Deleted the ones you said to and did a search for install.cab and deleted
that, but the problem still presist!! What Now??? "Rush" wrote: On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote: I can't find the program (not sure what I am looking for) in Add/delete programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily, but they always come back. Lots of Pop Ups, Lots of extra junk in "My Favoites" list that it won't give me the option to delete. Also, Poker and Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in results: -- Logfile of HijackThis v1.99.0 Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gnknychnwntjouwogywxixq.c...N0QrmD3FQ.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\Tool list.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for the help, plh, "protector" of the computer from 4 teenagers and Dad! Get rid of the following with HijackThis: O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab also do a search for install.cab on your C: drive and remove it. Rush http://www.bythedrop.com |
#5
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote:
I Deleted the ones you said to and did a search for install.cab and deleted that, but the problem still presist!! What Now??? Can you post an updated log file from HijackThis? We'll nail this... Rush http://www.bythedrop.com |
#6
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
Here is updated Hijackthis log,(THANK YOU):Logfile of HijackThis v1.99.0
Scan saved at 8:22:11 AM, on 2/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\KaZaA Lite\KazaaLite.kpp C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cfdvppqkxvqaqqncgcnytlof....iaSDcZFeHp.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\boldkind.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.charter.com/sdccommon...ad/tgctlar.cab O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - http://support.charter.com/sdccommon...ad/tgctlpr.cab O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.dll O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe "Rush" wrote: On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote: I Deleted the ones you said to and did a search for install.cab and deleted that, but the problem still presist!! What Now??? Can you post an updated log file from HijackThis? We'll nail this... Rush http://www.bythedrop.com |
#7
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:
Here is updated Hijackthis log,(THANK YOU) snip There are few things that I have no idea what they are. If they were on my system, I would remove them. I can't find anything on the following .exe files and maybe someone could offer some insight. O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\boldkind.exe O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe Check this page out if you haven't yet: http://www.greyknight17.com/spyware.htm It has a good summary of steps to follow that might cut down on your time spent trying to fix the spyware problems. Rush http://www.bythedrop.com |
#8
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
Thank You for the link to "greyknight17". I has a lot of good information. I
ran a virus scan with several of the online antivirus programs. 3 out of 4 programs found A LOT of "junk". Please forgive me if I ask stupid questions. That's the only way I have learned anything about the computer. If the report from the antivirus wear says "infected", does that mean infected with a virus or something else?? One report says 57 items were infected, only 6 were disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were disinfected! And another one, BitDefender, listed a ton of files from Spybot, Adaware, and Norton AntiVirus--It also said I had over 150 items infected, and also listed the program Ares. My daughter uses it to download music. Here are the files it listed from Ares. C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=NHInstall.exe: bad crc C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=NHManifest.txt: bad crc C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=v2.0.2.cab: bad crc The rest of the family uses Kazaa Lite. I was afraid to let BitDefender "autoclean". I didn't want to wipe out her program if I didn't have to. I copied 2 of the reports after the programs had finished scanning. I am not sure how to clean everything out. Do I need to search out each file and delete them "one by one"?? or is there a better way? This will be a very slow process, because I work full time, have a large family, and a very loving and patient husband (who doesn't complain when I stay on the computer too much). I must go, now, and spend some time with my husband. Thank you, again, for your help. "Rush" wrote: On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote: Here is updated Hijackthis log,(THANK YOU) snip There are few things that I have no idea what they are. If they were on my system, I would remove them. I can't find anything on the following .exe files and maybe someone could offer some insight. O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\boldkind.exe O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe Check this page out if you haven't yet: http://www.greyknight17.com/spyware.htm It has a good summary of steps to follow that might cut down on your time spent trying to fix the spyware problems. Rush http://www.bythedrop.com |
#9
|
|||
|
|||
Can't get rid of LOP and all the junk that goes with it!!
Delete those 3, they are good to go:
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\boldkind.exe O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe On Wed, 16 Feb 2005 18:35:07 -0800, Pat in microsoft.public.windowsxp.basics wrote this terrifying message: Thank You for the link to "greyknight17". I has a lot of good information. I ran a virus scan with several of the online antivirus programs. 3 out of 4 programs found A LOT of "junk". Please forgive me if I ask stupid questions. That's the only way I have learned anything about the computer. If the report from the antivirus wear says "infected", does that mean infected with a virus or something else?? One report says 57 items were infected, only 6 were disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were disinfected! And another one, BitDefender, listed a ton of files from Spybot, Adaware, and Norton AntiVirus--It also said I had over 150 items infected, and also listed the program Ares. My daughter uses it to download music. Here are the files it listed from Ares. C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=NHInstall.exe: bad crc C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=NHManifest.txt: bad crc C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=(NSIS o)=zlib_nsis0019=(CAB Sfx o)=v2.0.2.cab: bad crc The rest of the family uses Kazaa Lite. I was afraid to let BitDefender "autoclean". I didn't want to wipe out her program if I didn't have to. I copied 2 of the reports after the programs had finished scanning. I am not sure how to clean everything out. Do I need to search out each file and delete them "one by one"?? or is there a better way? This will be a very slow process, because I work full time, have a large family, and a very loving and patient husband (who doesn't complain when I stay on the computer too much). I must go, now, and spend some time with my husband. Thank you, again, for your help. "Rush" wrote: On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote: Here is updated Hijackthis log,(THANK YOU) snip There are few things that I have no idea what they are. If they were on my system, I would remove them. I can't find anything on the following .exe files and maybe someone could offer some insight. O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} - C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.ex e O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All Users\Application Data\Part exit owns memo\boldkind.exe O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe Check this page out if you haven't yet: http://www.greyknight17.com/spyware.htm It has a good summary of steps to follow that might cut down on your time spent trying to fix the spyware problems. Rush http://www.bythedrop.com |
Thread Tools | |
Display Modes | |
|
|