Removing the lop toolbar (Resolved)

Jake99 · #1 (**permalink**) 14-12-2004, 10:27 PM

Hi i have an irritating problem, somehow i have gotten the lop toolbar attached to ie and also their "floating bar" at the bottom of the desktop and i have tried norton, spybot search and destroy and ad-aware but nothing works.

So I am now posting the HighJackthis log i got: please help me!

Logfile of HijackThis v1.98.2
Scan saved at 20:25:28, on 2004-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
c:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
c:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\HP\KBD\KBD.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iPod\bin\iPodService.exe
C:\replaymanager\ReplayManager.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Winamp\winamp.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program Files\mIRC\mirc.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Ägare\Skrivbord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qlztaaotrutad.net/BANVHti...I5ANZ/FDS/.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsv8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BFD80B5A-6321-C2DA-F55F-3581932C7C29} - C:\DOCUME~1\GARE~1\APPLIC~1\SENDFA~1\PLUSTYPE.exe
O2 - BHO: (no name) - {E41BFEFC-FEFF-C682-A366-2E6757F9E4E5} - C:\Program\SENDFA~1\PLUSTYPE.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [manager global comp trans] C:\Documents and Settings\All Users\Application Data\lies keep manager global\Mess bib.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [birdrectbinddent] C:\Documents and Settings\All Users\Application Data\thunk poke bird rect\Bits two.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Replay Manager] C:\replaymanager\ReplayManager.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BOOK MESS] C:\DOCUME~1\GARE~1\APPLIC~1\GRAMCO~1\Byte Slow.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

Yours Sincerely,
Jake

spud · #2 (**permalink**) 14-12-2004, 11:20 PM

welcome to d-a-l the online help forum try spyferret removal from this link here
then post a fresh high jack this log

hope this helps

Jake99 · #3 (**permalink**) 15-12-2004, 03:24 PM

ok i downloaded the program and i scanned my computer but as i didnt register i cant remove the spyware but I assume u want a new log:

Logfile of HijackThis v1.98.2
Scan saved at 15:24:18, on 2004-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
c:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
c:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\HP\KBD\KBD.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\replaymanager\ReplayManager.exe
c:\program\intern~1\iexplore.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Winamp\winamp.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\SpyFerret\sfrt.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Ägare\Skrivbord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sgbkbbelvuouvmfqougjyifx....5ANZ/FDS/.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://http.//login1.telia.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsv8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BFD80B5A-6321-C2DA-F55F-3581932C7C29} - C:\DOCUME~1\GARE~1\APPLIC~1\SENDFA~1\PLUSTYPE.exe
O2 - BHO: (no name) - {E41BFEFC-FEFF-C682-A366-2E6757F9E4E5} - C:\Program\SENDFA~1\PLUSTYPE.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [manager global comp trans] C:\Documents and Settings\All Users\Application Data\lies keep manager global\Mess bib.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [birdrectbinddent] C:\Documents and Settings\All Users\Application Data\thunk poke bird rect\BOOBSAFE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Replay Manager] C:\replaymanager\ReplayManager.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BOOK MESS] C:\DOCUME~1\GARE~1\APPLIC~1\GRAMCO~1\Byte Slow.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

thx for the help!

spud · #4 (**permalink**) 15-12-2004, 03:41 PM

yep thats the one please be patient owen is the kiddy for these hopefully he should have al ookj at it very soon

HJM · #5 (**permalink**) 15-12-2004, 05:23 PM

Download the LOP.Com Uninstaller. Close ALL windows and run the uninstaller TWICE.
(even if it appears to do nothing)

With ALL windows still closed, run HijackThis again and check mark the following:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sgbkbbelvuouvmfqougjyifx...I5ANZ/FDS/.html
O2 - BHO: (no name) - {BFD80B5A-6321-C2DA-F55F-3581932C7C29} - C:\DOCUME~1\GARE~1\APPLIC~1\SENDFA~1\PLUSTYPE.exe
O2 - BHO: (no name) - {E41BFEFC-FEFF-C682-A366-2E6757F9E4E5} - C:\Program\SENDFA~1\PLUSTYPE.exe (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [manager global comp trans] C:\Documents and Settings\All Users\Application Data\lies keep manager global\Mess bib.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [birdrectbinddent] C:\Documents and Settings\All Users\Application Data\thunk poke bird rect\BOOBSAFE.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BOOK MESS] C:\DOCUME~1\GARE~1\APPLIC~1\GRAMCO~1\Byte Slow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

Click FIX CHECKED

Set Windows to 'Show all files & folders.
Click Start > My Computer > Tools> Folder Options>
On the View tab make sure that you:-
Select 'Show Hidden Files & Folders'
Uncheck 'Hide file extensions for known file types'.
Uncheck 'Hide protected operating system files'.
Click OK.

Reboot into 'Safe Mode.
Tap F8 repeatedly when your machine restarts.
Select 'Safe Mode' from the menu that appears.

Go to C:\Program Files and delete this folder:-
Messenger Plus!

Go to C:\DOCUME~1\GARE~1\APPLIC~1 and delete:-
SENDFA~1 <--Folder starting with these 6 letters.
GRAMCO~1 <--Folder starting with these 6 letters.

Go to C:\Documents and Settings\All Users\Application Data and delete:-
lies keep manager global <---Folder
thunk poke bird rect <---Folder

MessengerPlus3 is the likely source of your LOP infection.
If you want to keep it,
Uninstall it via ADD/REMOVE Programs and download it again.
The [blue]Lop[/blue] sponsored advertising program must be rejected.
Read the installation procedures carefully.
When you get to the Sponsor Agreement,
SELECT ’I Refuse to give my support, install Messenger Plus! without the sponsor'.

Reboot and post a fresh log letting me know what you're doing with Messenger Plus.

Jake99 · #6 (**permalink**) 15-12-2004, 05:58 PM

thx i will try and follow your steps

i will answer here with the result

again thx for the help!

Jake99 · #7 (**permalink**) 15-12-2004, 09:29 PM

awesome man!! totally friggin awesome, I dont know how long ive been trying to get rid of that sh1tty toolbar and it finally worked

now ive redownloaded msn plus and installed it without the sponsor program.

Again thanks !!!!!

HJM · #8 (**permalink**) 15-12-2004, 10:56 PM

Can you post a fresh log please Jake so I can confirm it's clean.

Jake99 · #9 (**permalink**) 15-12-2004, 11:45 PM

oh sure

:

Logfile of HijackThis v1.98.2
Scan saved at 23:44:38, on 2004-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\HP\KBD\KBD.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\replaymanager\ReplayManager.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Winamp\winamp.exe
c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
c:\Program\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
c:\Program\Norton Personal Firewall\ccPxySvc.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program Files\mIRC\mirc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ägare\Skrivbord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/sd/init
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsv8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Replay Manager] C:\replaymanager\ReplayManager.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program\Internet Explorer\PLUGINS\npqtplugin2.dll

here u go

HJM · #10 (**permalink**) 16-12-2004, 12:38 AM

It's clean now.

Clear up on a regular basis with Crap Cleaner to clean out your cache, temp files, temporary internet files, cookies and more.

I recommend you download these other progams to limit possible infection in the future.

First of all you need a proper firewall. The SP2 firewall isn't up to the job. I recommend Sygate Personal Firewall.
Before installation, disconnect from the net, disable your Anti-Virus software and turn off the XP2 firewall, via Control Panel> Security Centre.
Once installed, switch AV back on.

SpywareBlaster
Protects against bad ActiveX and prevents Spyware being installed in the first place. Check for updates once a fortnight.

SpywareGuard
Will alert you to any attempted change to your browser settings and acts like an anti-virus program but for Spyware. It will also alert you if you download anything untoward.

IE-SPYAD
Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

* Keep your anti virus software updated and scan weekly with Spybot and Ad-Aware.

Merry Xmas.