Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stupid tool bar, cant get rid of


  • Please log in to reply
19 replies to this topic

#1 venusdawn

venusdawn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 14 January 2005 - 02:21 AM

Here is my scan from HijackThis
I dont know what to get rid of and what not to so for now, i wont do it till someone that knows this prob tells me, i got this a few weeks back, and it keeps coming back, i have spend hours trying to get rid of it, using adaware, spybot and others, if someone can help please , i would appreciate it immensely.
this is what the tool bar is http://lop.com/passthrough/newpass2.html

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\IMsecure\IMsecure.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A2F743A-C99F-CA7F-BB2D-B57C13BF22A1} - C:\DOCUME~1\Robyn\APPLIC~1\SKIPPO~1\meetdog.exe (file missing)
O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_18_0.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WEBDEFAULTTITLETONS] C:\Documents and Settings\All Users\Application Data\Second Style Web Default\Win joy.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 14 January 2005 - 09:35 PM

Let's try this first:

Download and run both of these uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

Let me know if that takes care of it for you. If not, we'll try a different method. :thumbsup:

#3 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 15 January 2005 - 01:23 AM

Let's try this first:

Download and run both of these uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

Let me know if that takes care of it for you. If not, we'll try a different method. :)

Hi there, thanks I was reading abunch of stuff and i think , crossing my fingers that i got rid of it, i read something that sounded simple enough and it worked, so far so good, i will cut and paste what u told me and do it if it returns, thanks a million, here is what i did to that i think got rid of it>> Tools/internet options/settings/view objects and there they were, i deleted the little buggers and just left one that is quick time object, the others were related to the tool bar, cant remember the name of them but i know they were. so since deleting them, it has not come back. . . but thanks again

#4 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 15 January 2005 - 02:09 AM

Hi there , well the stupid tool bar is back and i tryed to uninstal with those two links but it says my security level wont allow that, is it my zone alarm or security settings, i have never encountered this message before, when i went to my EI tools/internet options/and security and custom level , everything was disabled, so i put prompt on a few, not really sure what i am doing here, HELP Someone and thanks

#5 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 15 January 2005 - 02:33 AM

I forgot to mention that i think it happened when i created my daughters user, i see when that tool bar opens on her user, i can exit out of it but not on mine, i just thought that may be relevant, but this thing is relentless, i think i get rid of it and it just comes back, now i have changed some settings in the security hoping to uninstal it with those links u set , i still cant and dont know if i should go back to my settings and say Disable to them all again????
I NEED SOme HELP!! thanks again, this is the link i get when i right click and go to properties to find out what it is, for me the tool bar doesnt even work, not that would want it either way, i have run all the spyware programs i have, Adaware 6.0 Spybot search and distroy and none of these helped, so i downloaded the hijack this but not sure how to even go about that one to get rid of this
http://lop.com/passthrough/newpass2.html

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 15 January 2005 - 10:19 AM

Ok, slow down first. :flowers: Your computer is not badly infected. The reason that you can't download the toolbar removers has to do with the fact that the user account you are on does not have permissions to download.

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {7A2F743A-C99F-CA7F-BB2D-B57C13BF22A1} - C:\DOCUME~1\Robyn\APPLIC~1\SKIPPO~1\meetdog.exe (file missing)
O4 - HKLM\..\Run: [WEBDEFAULTTITLETONS] C:\Documents and Settings\All Users\Application Data\Second Style Web Default\Win joy.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414
***********************************************************************

Reboot and post a new log. :thumbsup:

#7 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 16 January 2005 - 02:04 PM

Hi there Groovicus, i am the computers administrator, so i dont know why, but after trying to do that and not being able to it seemed my daughters user had a virus, so i got rid of that, using my AVG, it was called downloader something, so i dont know where that came from, i did some more reading on the subject of that stupid bar and decided to instal Mozilla Firefox and since then have not seen that dumb tool bar, what do u think of the Firefox i heard it was alot better than EI and that the reason for all the pop ups and hijacker toolbars was cuz of EI, so now i am awaiting your opinion on that???
thanks Groover

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 16 January 2005 - 02:15 PM

I use firefox almost exclusively because it has fewer discovered exploits so far. That is not to say that it is not still vulnerable though.

Installing Firefox is a good step towards helping secure your system, but you are only 'hiding' whatever infection is on your system. We still want to get rid of it. Then by using Firefox, you decrease your odds of being infected again.

Firefox will still get pop-ups from time to time also, it just doesn't happen as often. :flowers:

I'd like to see another HJT log if you would please. :thumbsup:

#9 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 16 January 2005 - 02:40 PM

Hey there Groover, thanks for the quick reply, here it is, i did get rid of the ones u suggested, so here is the new updated log. . .
Logfile of HijackThis v1.99.0
Scan saved at 11:45:04 PM, on 15/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mozilla.org/firefox?client=fi...a:en-US:officia
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

How does that look???
thanks for your help, you're a sweetheart!

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 16 January 2005 - 02:46 PM

Everything there looks fine, so if the toolbar is gone, then we are done. :thumbsup:

#11 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 16 January 2005 - 07:46 PM

Hi Groovicus, just wondering how to clear your tool bar on the Firefox, as its not the same as Internet Explorer, i looked through all the options and i dont see where it says to clear the tool bar? thanks in advance , maybe u have to do it in EI??

#12 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 16 January 2005 - 07:49 PM

Clear the toolbar? What do you mean?? Do you mean the address bar?

#13 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 16 January 2005 - 08:07 PM

sorry yes thats what i mean, the address bar, i went to search and found the IE and when it opened it said, Mozzilla Firefox-Internet Explorer, so when that opened i did it through that, it was weird it was like a combination of EI and firefox, hmmmmm

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:04:22 AM

Posted 16 January 2005 - 08:16 PM

Click on Tools>Options>Saved Form Information> Click on the Plus sign.

Uncheck the box that says save forms information (it's the only check box there). That will empty your address bar very time you open FireFox.

That was what you were asking...

#15 venusdawn

venusdawn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Vancouver Island
  • Local time:05:22 AM

Posted 16 January 2005 - 08:20 PM

hmm is it under general/privacy/webfeatures/downloads or advanced after going to options, i just want to clear it once in a while not each time i re-open it, like on EI u could do that once in a while when it got too full?? know what i mean now?
thanks Groovicus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users