1
   

lop.com

Forums: Internet
Email this Topic Print this Page
 
 
swanduck
 
Reply Tue 26 Oct, 2004 04:16 am
My daughter has downloaded Messanger Plus and I now have a problem with Websearch2. First I used Adaware and Spybot with no success.

Then I followed other peoples advice and in safe mode clicked Add/Removed Programs, removed Messenger Plus and then restarted the computer normally but I still have a search tool bar at the bottom and one at the top which if I right click on it the home page is lop.com.

Also in Add/Remove programs there is a program "Search Assistant - My Search" I have tried to remove this but get a Rundll message saying
"Error loading C:\progra~1/MyWay/srchAstt/1.6in/mysrchas.dll the specified module could not be found"

Can anyone help I have posted my hijack report below

Logfile of HijackThis v1.97.7
Scan saved at 11:14:13, on 26/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [logookayfiveprogram] C:\Documents and Settings\All Users\Application Data\Dupe Nurb Logo Okay\Mix lite.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E48A54BD-A327-452E-B303-7C1FD54EBECE}: NameServer = 80.225.252.58 80.225.252.50
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,313 • Replies: 5
No top replies

 
Don77
 
  1  
Reply Tue 26 Oct, 2004 05:30 pm
Hi swanduck

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKLM\..\Run: [logookayfiveprogram] C:\Documents and Settings\All Users\Application Data\Dupe Nurb Logo Okay\Mix lite.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\Documents and Settings\All Users\Application Data\Dupe Nurb Logo Okay\Mix lite.exe <<Delete the folder
C:\progra~1/MyWay/srchAstt/1.6in/mysrchas.dll<<< delete the folder
my2ns.exe delete the folder if found

Next
Run through this thread to be sure we get it all,
You need the newest version of HJT which is 1.98.2

Post back a fresh HJT log please and let us know if this solved your problem
0 Replies
 
swanduck
 
  1  
Reply Wed 27 Oct, 2004 06:31 pm
Don, Thanks for your help. I have followed your instructions and this is my new log. My computer looks good at the moment, no extra tool bars!

Logfile of HijackThis v1.98.2
Scan saved at 01:26:04, on 28/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E48A54BD-A327-452E-B303-7C1FD54EBECE}: NameServer = 80.225.252.58 80.225.252.50
0 Replies
 
Don77
 
  1  
Reply Wed 27 Oct, 2004 08:22 pm
Your log looks clean swanduck, your very welcome,

Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.

Download Spyware Blaster and SpywareGaurd

Check for updates after you install them, And check weekly as well

Also keep Ad-aware and spybot handy, give them both a run once a week, Always check for updates prior to running.

Of course keep Nortons updated as well and run a full system scan with that as well.

Let us know if you have any further problems
0 Replies
 
swanduck
 
  1  
Reply Sun 31 Oct, 2004 01:20 pm
lop.com problem not solved
Unfortunately the problem is not solved. It just keeps coming back. I don't know if the problem is because we have XP Home Editio and we have five users on this computer. I have run hijackthis on each user and fixed what looks bad to me and it goes away for a very short while but comes back. This is one of the user logs and the home page keeps being replaced by these! I have looked for mix lite.exe, mysrchas.dll and my2ns.exe but only found mix lite.exe.

Logfile of HijackThis v1.98.2
Scan saved at 19:03:16, on 31/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jiomeahierv.us/a440fIo5LlveVBjB3s2xP6RvIjQQ7KOpC7jQU8lvukWBcCvThWqIGJhnjfMwChjL.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.opudwqouqu.org/a440fIo5Llv6038B/hspedZqRiMfByJUpJSf_GnrWUg.html
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{E48A54BD-A327-452E-B303-7C1FD54EBECE}: NameServer = 80.225.252.58 80.225.252.50
0 Replies
 
Don77
 
  1  
Reply Wed 3 Nov, 2004 05:13 am
Hi swanduck, run through the steps from the post I gave you under each user,
Post a log from each user please, Let see if we can find whats going on
0 Replies
 
 

Related Topics

Obama Promotes Making the Internet a Utility - Discussion by engineer
YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Tracking and revealing the trolls....ok or not? - Question by dlowan
You are calling Congress about SOPA today, right? - Discussion by maxdancona
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Are you for or against net neutrality, and why? - Discussion by Pronounce
Internet Explorer 8? - Question by Pitter
Blizzard Forum Says You Must Use Real Names ... - Discussion by jespah
 
  1. Forums
  2. » lop.com
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 09/29/2024 at 06:36:17