Sign in with
Sign up | Sign in
Your question

Can't get rid of LOP and all the junk that goes with it!!

Last response: in Windows XP
Share
February 13, 2005 7:13:01 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I can't find the program (not sure what I am looking for) in Add/delete
programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out temporarily,
but they always come back. Lots of Pop Ups, Lots of extra junk in "My
Favoites" list that it won't give me the option to delete. Also, Poker and
Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in
results:
-- Logfile of HijackThis v1.99.0
Scan saved at 8:19:07 AM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory
1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gnknychnwntjouwogywxixq.com//Mj8k7557vDxVIiR...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\Tool list.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
Thunk.exe
O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt0_x.c...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://support.charter.com/sdccommon/download/tgctlar.c...
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon/download/tgctlsi.c...
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class)
- http://support.charter.com/sdccommon/download/tgctlpr.c...
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl
Class) - http://support.charter.com/sdccommon/download/tgrc.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/M...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredete...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/activedata/SymAData.dl...
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help,
plh, "protector" of the computer from 4 teenagers and Dad!

More about : rid lop junk

Anonymous
February 13, 2005 9:06:16 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

What was the response from HijackThis when you placed the information in
their analyzer?
"Pat" <plh@discussions.microsoft.com> wrote in message
news:0E7CDAC0-B2A1-4336-ACDF-59B2EA87F45F@microsoft.com...
>I can't find the program (not sure what I am looking for) in Add/delete
> programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
> temporarily,
> but they always come back. Lots of Pop Ups, Lots of extra junk in "My
> Favoites" list that it won't give me the option to delete. Also, Poker and
> Casino Online short cuts on Desk Top. Downloaded "Hijackthis". Here in
> results:
> -- Logfile of HijackThis v1.99.0
> Scan saved at 8:19:07 AM, on 2/13/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Canon\BJCard\Bjmcmng.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\drivers\KodakCCS.exe
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Canon\BJPV\TVMon.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
> C:\Program Files\Messenger Plus! 3\MsgPlus.exe
> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
> C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> c:\progra~1\intern~1\iexplore.exe
> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
> Directory
> 1 for hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://www.gnknychnwntjouwogywxixq.com//Mj8k7557vDxVIiR...
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
> http://my.msn.com/
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> Files\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
> C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.exe
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
> C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
> O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
> C:\Program Files\AIM Toolbar\AIMBar.dll
> O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
> O4 - HKLM\..\Run: [SoundMan] soundman.exe
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
> Works\WksSb.exe /AllUsers
> O4 - HKLM\..\Run: [EM_EXEC]
> C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
> O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
> Manager\ViewMgr.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
> 3\MsgPlus.exe"
> O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe"
> O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
> Users\Application Data\Part exit owns memo\Tool list.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
> Files\Yahoo!\Messenger\ypager.exe -quiet
> O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
> /startup
> O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
> O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
> Thunk.exe
> O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
> Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
> O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
> O8 - Extra context menu item: &Search -
> http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program
> Files\AIM95\aim.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
> C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
> O16 - DPF: Yahoo! Literati -
> http://download.games.yahoo.com/games/clients/y/tt0_x.c...
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> http://messenger.zone.msn.com/binary/msgrchkr.cab
> O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com
> ActionRunner
> Class) - http://support.charter.com/sdccommon/download/tgctlar.c...
> O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com
> SmartIssue) -
> http://support.charter.com/sdccommon/download/tgctlsi.c...
> O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe
> Class)
> - http://support.charter.com/sdccommon/download/tgctlpr.c...
> O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com
> RemoteControl
> Class) - http://support.charter.com/sdccommon/download/tgrc.cab
> O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
> Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
> O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
> O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
> Class)
> - http://messenger.zone.msn.com/binary/MineSweeper.cab
> O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
> Class) -
> http://wdownload.weatherbug.com/minibug/tricklers/AWS/M...
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
> O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
> http://www.quikshield.com/qshsetup.exe
> O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
> International Setup Player) -
> http://www.installengine.com/engine/isetup.cab
> O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
> Scanner) -
> http://download.zonelabs.com/bin/promotions/spywaredete...
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
> http://www.symantec.com/techsupp/activedata/SymAData.dl...
> O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
> http://www.4wav.com/Config.cab
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
> http://chat.msn.com/bin/msnchat45.cab
> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
> Class)
> - http://messenger.zone.msn.com/binary/SolitaireShowdown....
> O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
> O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
> Files\Canon\BJCard\Bjmcmng.exe
> O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation Service - Symantec
> Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
> C:\WINDOWS\system32\drivers\KodakCCS.exe
> O23 - Service: Norton AntiVirus Auto Protect Service - Symantec
> Corporation
> - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: ScriptBlocking Service - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
> Thanks for the help,
> plh, "protector" of the computer from 4 teenagers and Dad!
February 13, 2005 10:07:37 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote:

> I can't find the program (not sure what I am looking for) in Add/delete
> programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
> temporarily, but they always come back. Lots of Pop Ups, Lots of extra
> junk in "My Favoites" list that it won't give me the option to delete.
> Also, Poker and Casino Online short cuts on Desk Top. Downloaded
> "Hijackthis". Here in results:
> -- Logfile of HijackThis v1.99.0
> Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT
> 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common
> Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton
> AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common
> Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe
> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program
> Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
> C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet
> Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program
> Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program
> Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
> Directory 1 for hijackthis[1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://www.gnknychnwntjouwogywxixq.com//Mj8k7557vDxVIiR...
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
> http://my.msn.com/
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) -
> {EC853951-DFF4-D22F-3216-63D18322ABF4} -
> C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.exe O3 - Toolbar: Norton
> AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
> Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint -
> {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
> Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM
> Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM
> Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program
> Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan]
> soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 -
> HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft
> Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4
> - HKLM\..\Run: [EM_EXEC]
> C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run:
> [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [BJPD HID Control] C:\Program
> Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program
> Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run:
> [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run:
> [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
> O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe"
> O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
> Users\Application Data\Part exit owns memo\Tool list.exe O4 -
> HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe
> -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
> 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background O4 - HKCU\..\Run: [SpyKiller] C:\Program
> Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM]
> \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol]
> C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global
> Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
> Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global
> Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global
> Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context
> menu item: &Search -
> http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button:
> AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
> Files\AIM95\aim.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem:
> Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug -
> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
> C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati -
> http://download.games.yahoo.com/games/clients/y/tt0_x.c... O16 - DPF:
> {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF:
> {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class)
> - http://support.charter.com/sdccommon/download/tgctlar.c... O16 - DPF:
> {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
> http://support.charter.com/sdccommon/download/tgctlsi.c... O16 - DPF:
> {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) -
> http://support.charter.com/sdccommon/download/tgctlpr.c... O16 - DPF:
> {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class)
> - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF:
> {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander
> Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 -
> DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16
> - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16
> - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
> - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF:
> {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
> http://wdownload.weatherbug.com/minibug/tricklers/AWS/M...
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
> O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
> http://www.quikshield.com/qshsetup.exe O16 - DPF:
> {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International
> Setup Player) - http://www.installengine.com/engine/isetup.cab O16 -
> DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
> Scanner) -
> http://download.zonelabs.com/bin/promotions/spywaredete...
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
> - http://www.symantec.com/techsupp/activedata/SymAData.dl... O16 - DPF:
> {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
> - http://chat.msn.com/bin/msnchat45.cab O16 - DPF:
> {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
> http://messenger.zone.msn.com/binary/SolitaireShowdown.... O16 - DPF:
> {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 -
> Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
> Files\Canon\BJCard\Bjmcmng.exe
> O23 - Service: Symantec Event Manager - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 -
> Service: Symantec Password Validation Service - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 -
> Service: Kodak Camera Connection Software - Eastman Kodak Company -
> C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus
> Auto Protect Service - Symantec Corporation - C:\Program Files\Norton
> AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service -
> NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service:
> ScriptBlocking Service - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI
> Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
> Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet
> Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
> Thanks for the help,
> plh, "protector" of the computer from 4 teenagers and Dad!

Get rid of the following with HijackThis:

O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) -
http://www.installengine.com/engine/isetup.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
http://www.4wav.com/Config.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

also do a search for install.cab on your C: drive and remove it.

Rush
http://www.bythedrop.com
Related resources
February 13, 2005 10:21:02 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I Deleted the ones you said to and did a search for install.cab and deleted
that, but the problem still presist!! What Now???
"Rush" wrote:

> On Sun, 13 Feb 2005 16:13:01 -0800, Pat wrote:
>
> > I can't find the program (not sure what I am looking for) in Add/delete
> > programs. Ran Ad-aware, Spybot, & Spykiller. Cleans cookies out
> > temporarily, but they always come back. Lots of Pop Ups, Lots of extra
> > junk in "My Favoites" list that it won't give me the option to delete.
> > Also, Poker and Casino Online short cuts on Desk Top. Downloaded
> > "Hijackthis". Here in results:
> > -- Logfile of HijackThis v1.99.0
> > Scan saved at 8:19:07 AM, on 2/13/2005 Platform: Windows XP SP2 (WinNT
> > 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> >
> > Running processes:
> > C:\WINDOWS\System32\smss.exe
> > C:\WINDOWS\system32\winlogon.exe
> > C:\WINDOWS\system32\services.exe
> > C:\WINDOWS\system32\lsass.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\WINDOWS\system32\spoolsv.exe
> > C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\Common
> > Files\Symantec Shared\ccEvtMgr.exe
> > C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton
> > AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\WINDOWS\Explorer.EXE
> > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> > C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Common
> > Files\Symantec Shared\ccApp.exe C:\Program Files\Canon\BJPV\TVMon.exe
> > C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program
> > Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone
> > Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
> > C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet
> > Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program
> > Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program
> > Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> > C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary
> > Directory 1 for hijackthis[1].zip\HijackThis.exe
> >
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> > http://www.gnknychnwntjouwogywxixq.com//Mj8k7557vDxVIiR...
> > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
> > about:blank
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
> > http://my.msn.com/
> > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings,ProxyOverride = localhost
> > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> > C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) -
> > {EC853951-DFF4-D22F-3216-63D18322ABF4} -
> > C:\DOCUME~1\NEWUSE~1\APPLIC~1\BlahSeek\amenpeak.exe O3 - Toolbar: Norton
> > AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
> > Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint -
> > {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program
> > Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: AIM
> > Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM
> > Toolbar\AIMBar.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program
> > Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [SoundMan]
> > soundman.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 -
> > HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> > C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Microsoft
> > Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4
> > - HKLM\..\Run: [EM_EXEC]
> > C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run:
> > [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
> > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > Shared\ccApp.exe"
> > O4 - HKLM\..\Run: [BJPD HID Control] C:\Program
> > Files\Canon\BJPV\TVMon.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program
> > Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run:
> > [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run:
> > [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
> > O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> > Labs\ZoneAlarm\zlclient.exe"
> > O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
> > Users\Application Data\Part exit owns memo\Tool list.exe O4 -
> > HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe
> > -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
> > 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> > /background O4 - HKCU\..\Run: [SpyKiller] C:\Program
> > Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [LDM]
> > \Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [mags idol]
> > C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe O4 - Global
> > Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
> > Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe O4 - Global
> > Startup: Logitech Desktop Messenger.lnk = C:\Program
> > Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global
> > Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context
> > menu item: &Search -
> > http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button:
> > AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
> > Files\AIM95\aim.exe
> > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> > C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem:
> > Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> > Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug -
> > {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
> > C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O16 - DPF: Yahoo! Literati -
> > http://download.games.yahoo.com/games/clients/y/tt0_x.c... O16 - DPF:
> > {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> > http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF:
> > {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class)
> > - http://support.charter.com/sdccommon/download/tgctlar.c... O16 - DPF:
> > {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
> > http://support.charter.com/sdccommon/download/tgctlsi.c... O16 - DPF:
> > {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) -
> > http://support.charter.com/sdccommon/download/tgctlpr.c... O16 - DPF:
> > {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class)
> > - http://support.charter.com/sdccommon/download/tgrc.cab O16 - DPF:
> > {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control Commander
> > Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab O16 -
> > DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16
> > - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16
> > - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
> > - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF:
> > {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
> > http://wdownload.weatherbug.com/minibug/tricklers/AWS/M...
> > O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
> > Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
> > O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
> > http://www.quikshield.com/qshsetup.exe O16 - DPF:
> > {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International
> > Setup Player) - http://www.installengine.com/engine/isetup.cab O16 -
> > DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
> > Scanner) -
> > http://download.zonelabs.com/bin/promotions/spywaredete...
> > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
> > - http://www.symantec.com/techsupp/activedata/SymAData.dl... O16 - DPF:
> > {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.4wav.com/Config.cab
> > O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
> > - http://chat.msn.com/bin/msnchat45.cab O16 - DPF:
> > {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
> > http://messenger.zone.msn.com/binary/SolitaireShowdown.... O16 - DPF:
> > {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab O23 -
> > Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
> > Files\Canon\BJCard\Bjmcmng.exe
> > O23 - Service: Symantec Event Manager - Symantec Corporation -
> > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 -
> > Service: Symantec Password Validation Service - Symantec Corporation -
> > C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 -
> > Service: Kodak Camera Connection Software - Eastman Kodak Company -
> > C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus
> > Auto Protect Service - Symantec Corporation - C:\Program Files\Norton
> > AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service -
> > NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service:
> > ScriptBlocking Service - Symantec Corporation -
> > C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SymWMI
> > Service - Symantec Corporation - C:\Program Files\Common Files\Symantec
> > Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet
> > Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> >
> > Thanks for the help,
> > plh, "protector" of the computer from 4 teenagers and Dad!
>
> Get rid of the following with HijackThis:
>
> O8 - Extra context menu item: &Search -
> http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182
>
> O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
>
> O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
> International Setup Player) -
> http://www.installengine.com/engine/isetup.cab
>
> O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
>
> O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} -
> http://www.4wav.com/Config.cab
>
> O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
>
> also do a search for install.cab on your C: drive and remove it.
>
> Rush
> http://www.bythedrop.com
>
February 13, 2005 11:38:22 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote:

> I Deleted the ones you said to and did a search for install.cab and
> deleted that, but the problem still presist!! What Now???

Can you post an updated log file from HijackThis?
We'll nail this...

Rush
http://www.bythedrop.com
February 14, 2005 9:29:05 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Here is updated Hijackthis log,(THANK YOU):Logfile of HijackThis v1.99.0
Scan saved at 8:22:11 AM, on 2/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\KaZaA Lite\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PATTY HORN\Local Settings\Temp\Temporary Directory
1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.cfdvppqkxvqaqqncgcnytlof.us/1W53ASpm7Fo/vjnV...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe
/startup
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [mags idol] C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online
Thunk.exe
O4 - Global Startup: BitDefender for Yahoo! Messenger.lnk = C:\Program
Files\Softwin\BitDefender for Yahoo Messenger\yahmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt0_x.c...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner
Class) - http://support.charter.com/sdccommon/download/tgctlar.c...
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
http://support.charter.com/sdccommon/download/tgctlsi.c...
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class)
- http://support.charter.com/sdccommon/download/tgctlpr.c...
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl
Class) - http://support.charter.com/sdccommon/download/tgrc.cab
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} (Support.com Control
Commander Proxy) - http://support.charter.com/sdccommon/download/tgcmd.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX
Class) -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/M...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} -
http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredete...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/activedata/SymAData.dl...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Canon BJ Memory Card Manager - CANON INC. - C:\Program
Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company -
C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe



"Rush" wrote:

> On Sun, 13 Feb 2005 19:21:02 -0800, Pat wrote:
>
> > I Deleted the ones you said to and did a search for install.cab and
> > deleted that, but the problem still presist!! What Now???
>
> Can you post an updated log file from HijackThis?
> We'll nail this...
>
> Rush
> http://www.bythedrop.com
>
>
February 14, 2005 1:25:40 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:

> Here is updated Hijackthis log,(THANK YOU)

<snip>

There are few things that I have no idea what they are. If they were on my
system, I would remove them. I can't find anything on the following .exe
files and maybe someone could offer some insight.

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.exe

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

Check this page out if you haven't yet:
http://www.greyknight17.com/spyware.htm
It has a good summary of steps to follow that might cut down on your time
spent trying to fix the spyware problems.

Rush
http://www.bythedrop.com
February 16, 2005 9:35:07 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Thank You for the link to "greyknight17". I has a lot of good information. I
ran a virus scan with several of the online antivirus programs. 3 out of 4
programs found A LOT of "junk". Please forgive me if I ask stupid questions.
That's the only way I have learned anything about the computer. If the report
from the antivirus wear says "infected", does that mean infected with a virus
or something else?? One report says 57 items were infected, only 6 were
disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were
disinfected! And another one, BitDefender, listed a ton of files from Spybot,
Adaware, and Norton AntiVirus--It also said I had over 150 items infected,
and also listed the program Ares. My daughter uses it to download music. Here
are the files it listed from Ares.
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
o)=>zlib_nsis0019=>(CAB Sfx o)=>NHInstall.exe: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
o)=>zlib_nsis0019=>(CAB Sfx o)=>NHManifest.txt: bad crc
C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
o)=>zlib_nsis0019=>(CAB Sfx o)=>v2.0.2.cab: bad crc
The rest of the family uses Kazaa Lite. I was afraid to let BitDefender
"autoclean". I didn't want to wipe out her program if I didn't have to. I
copied 2 of the reports after the programs had finished scanning. I am not
sure how to clean everything out. Do I need to search out each file and
delete them "one by one"?? or is there a better way? This will be a very slow
process, because I work full time, have a large family, and a very loving and
patient husband (who doesn't complain when I stay on the computer too much).
I must go, now, and spend some time with my husband. Thank you, again, for
your help.

"Rush" wrote:

> On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:
>
> > Here is updated Hijackthis log,(THANK YOU)
>
> <snip>
>
> There are few things that I have no idea what they are. If they were on my
> system, I would remove them. I can't find anything on the following .exe
> files and maybe someone could offer some insight.
>
> O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
> C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.exe
>
> O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
> Users\Application Data\Part exit owns memo\boldkind.exe
>
> O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe
>
> Check this page out if you haven't yet:
> http://www.greyknight17.com/spyware.htm
> It has a good summary of steps to follow that might cut down on your time
> spent trying to fix the spyware problems.
>
> Rush
> http://www.bythedrop.com
>
>
>
>
Anonymous
March 1, 2005 4:31:55 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Delete those 3, they are good to go:

O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.exe

O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and
Settings\All
Users\Application Data\Part exit owns memo\boldkind.exe

O4 - HKCU\..\Run: [mags
idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe

On Wed, 16 Feb 2005 18:35:07 -0800, Pat
<plh@discussions.microsoft.com> in microsoft.public.windowsxp.basics
wrote this terrifying message:

>Thank You for the link to "greyknight17". I has a lot of good information. I
>ran a virus scan with several of the online antivirus programs. 3 out of 4
>programs found A LOT of "junk". Please forgive me if I ask stupid questions.
>That's the only way I have learned anything about the computer. If the report
>from the antivirus wear says "infected", does that mean infected with a virus
>or something else?? One report says 57 items were infected, only 6 were
>disinfected. Another one said I had 5 virus', 1 suspicious, and NONE were
>disinfected! And another one, BitDefender, listed a ton of files from Spybot,
>Adaware, and Norton AntiVirus--It also said I had over 150 items infected,
>and also listed the program Ares. My daughter uses it to download music. Here
>are the files it listed from Ares.
> C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
>o)=>zlib_nsis0019=>(CAB Sfx o)=>NHInstall.exe: bad crc
>C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
>o)=>zlib_nsis0019=>(CAB Sfx o)=>NHManifest.txt: bad crc
>C:\Documents and Settings\Aimes\Desktop\setup_ares.exe=>(NSIS
>o)=>zlib_nsis0019=>(CAB Sfx o)=>v2.0.2.cab: bad crc
> The rest of the family uses Kazaa Lite. I was afraid to let BitDefender
>"autoclean". I didn't want to wipe out her program if I didn't have to. I
>copied 2 of the reports after the programs had finished scanning. I am not
>sure how to clean everything out. Do I need to search out each file and
>delete them "one by one"?? or is there a better way? This will be a very slow
>process, because I work full time, have a large family, and a very loving and
>patient husband (who doesn't complain when I stay on the computer too much).
>I must go, now, and spend some time with my husband. Thank you, again, for
>your help.
>
>"Rush" wrote:
>
>> On Mon, 14 Feb 2005 06:29:05 -0800, Pat wrote:
>>
>> > Here is updated Hijackthis log,(THANK YOU)
>>
>> <snip>
>>
>> There are few things that I have no idea what they are. If they were on my
>> system, I would remove them. I can't find anything on the following .exe
>> files and maybe someone could offer some insight.
>>
>> O2 - BHO: (no name) - {EC853951-DFF4-D22F-3216-63D18322ABF4} -
>> C:\DOCUME~1\PATTYH~1\APPLIC~1\BlahSeek\amenpeak.exe
>>
>> O4 - HKLM\..\Run: [owns memo gpl download] C:\Documents and Settings\All
>> Users\Application Data\Part exit owns memo\boldkind.exe
>>
>> O4 - HKCU\..\Run: [mags idol]C:\DOCUME~1\PATTYH~1\APPLIC~1\flagdrv\Online Thunk.exe
>>
>> Check this page out if you haven't yet:
>> http://www.greyknight17.com/spyware.htm
>> It has a good summary of steps to follow that might cut down on your time
>> spent trying to fix the spyware problems.
>>
>> Rush
>> http://www.bythedrop.com
>>
>>
>>
>>
!