Jump to content



Sign up for a free account!

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests to win things like this Logitech Harmony Ultimate Remote and you won't get the popup ads that guests get. Click here to create your free account.

Photo
- - - - -

Mystery Toolbar: How to remove?


This topic has been archived. This means that you cannot reply to this topic.
19 replies to this topic

#1 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 27 2004 - 08:33 AM

One of hte joys of sharing a computer with others (primarily a 14 year old who doesn't know the consequences of malware and spyware) is coming home every day and finding mysterious programs installed on the computer. Never ceasing to amaze, this was found on my computer today:

Posted Image

I have no idea how to remove it, and have tried running Ad-Aware several times to no avail. Can any of the Computer Savvy geniouses help me out?

#2 of 20 Will_B

Will_B

    Producer

  • 4,733 posts
  • Join Date: Mar 06 2001

Posted September 27 2004 - 10:07 AM

I'm not sure if that's malware. But if it is...

Can you "roll back" your computer to a few days ago? (You can on XPs, but I don't know about other operating systems). If you can, do it at once. Don't even think of trying something else. Roll back now, now now!

I'd strongly suggest that because a lot of the current malware cannot be removed, no matter how hard one tries.

Once you've done so, stop using IE at once, and start using a less targeted browser such as Firefox. You won't want to remove IE, but hide it so your child doesn't launch it.

Quote:
XP: Use System Restore

After you've decided to use System Restore to revert your system to a previous state, start the System Restore Wizard and follow the prompts. To use the System Restore Wizard, make sure you're logged on as an administrator, and then follow these steps:

1.


Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

2.


On the Welcome screen, click Restore my computer to an earlier time, and then click Next.

3.


On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to, as shown in Figure 2, and then click Next.

Figure 2

4.


On the Confirm Restore Point Selection page, verify that the correct restore point is chosen, and then close any open programs.

5.


Click Next if you are ready to proceed or click Back to change the restore point.

6.


The computer will shut down automatically and reboot. On reboot, you'll see the Restoration Complete page, and then click OK.

After reviewing the stability of your system, you can choose another restore point or undo this restoration. Just open System Restore and make the appropriate choice. After you use System Restore, you'll have an additional task, Undo my last restoration, on the System Restore Welcome page. Remember that you'll have to reinstall any programs that were installed after the restore point.

If System Restore doesn't work in Normal Mode, it might work in Safe Mode. To use System Restore in Safe Mode, press the F8 key during reboot and choose Safe Mode. When your computer starts in either Safe Mode or Normal Mode, System Restore can be used to capture a working previous state. System Restore can't be opened unless the system is bootable into one of these modes.

"Scientists are saying the future is going to be far more futuristic than they originally predicted." -Krysta Now

#3 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 27 2004 - 11:18 AM

Thanks Will for the help, but it doesn't seem to be working.I've never seemed to have much luck with System Restore, be it on Me or XP. Even after booting in safe mode and trying it, still no luck. It constantly gives me the message that no changes have been made.

I don't use IE as my primary browser, as I use Opera. Explorer is just too slow and clumsy.

Oh, and I'm 17. The 14 year old is my ignorant brother, not child.

I suppose I'll just have to search for a program that can find and destroy this annoying malware.

#4 of 20 todbnla

todbnla

    Screenwriter

  • 1,521 posts
  • Join Date: Oct 17 1999
  • Real Name:Todd
  • Location39466

Posted September 27 2004 - 11:19 AM

Two usefull tips if you have a teenager (I have 2 girls Posted Image )

Download and install:

Ad-aware-great for junk software..

Hi-Jack this-great for spyware..

Both are freeware for personal use.

Posted Image
Regards,
Todd

My Blue-Ray & SD DVD's


Current HT setup: Vizio E601-A3 60" Led display, Pioneer VSX-521-k, Panasonic DMP-BDT320 Integrated Wi-Fi 3D Blu-ray DVD Player, SVS 2531PCi sub, Polk R30 mains, Polk CS125 center, Polk R15 x4 rears

 


#5 of 20 Will_B

Will_B

    Producer

  • 4,733 posts
  • Join Date: Mar 06 2001

Posted September 27 2004 - 12:18 PM

What search engine does that toolbar engage?
"Scientists are saying the future is going to be far more futuristic than they originally predicted." -Krysta Now

#6 of 20 James T

James T

    Screenwriter

  • 1,643 posts
  • Join Date: Aug 08 1999

Posted September 27 2004 - 01:04 PM

Hi-jack this works well, but you have to know what you're looking for, because deleting the wrong thing might be very bad.

If you don't know, you can post the log here and I'm sure someone will tell you what should be there and what shouldn't.

You may also want to search for a program called CWShredder

#7 of 20 Mike Fassler

Mike Fassler

    Supporting Actor

  • 523 posts
  • Join Date: Jan 17 2004

Posted September 27 2004 - 01:13 PM

get ad aware, spyhunter and cwshredder and your good to go Posted Image

#8 of 20 Robt_Moore

Robt_Moore

    Stunt Coordinator

  • 66 posts
  • Join Date: Feb 27 2002

Posted September 27 2004 - 01:33 PM

Mark

Go to your control panel, click on ad/remove programs, and check to see if the tool bar is there. If it is, remove it.

Otherwise, do a search for "Hijack This", download it, run it, and post the report here. People on this forum should be able to tell you what has caused the problem. (Most likely it is a Browser Helper"

Bob

#9 of 20 Chris

Chris

    Lead Actor

  • 6,790 posts
  • Join Date: Jul 04 1997

Posted September 27 2004 - 01:59 PM

The guy behind CWShredder gave up a while back, though, so it hasn't been updated in a while. Someone else picked it up and released a new product based on same idea, called AboutBuster (now at version 3.0)
My Current DVD-Profiler


"I've been Ostrafied!" - Christopher, Sopranos 5/6/07

#10 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 27 2004 - 02:59 PM

Quote:
What search engine does that toolbar engage?
http://lop.com/searc......heater Forum

Quote:
Go to your control panel, click on ad/remove programs, and check to see if the tool bar is there. If it is, remove it.

I've tried that already and failed to find anything that didn't look right. Thanks for the suggestion.

I'm going to post my log, as a couple of you have suggested, and see if someone can help point out what doesn't belong:

[rant]Logfile of HijackThis v1.98.2
Scan saved at 7:52:37 PM, on 27/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32svchost.exe
E:UTILIT~1VCOMSYSTEM~1MXTask.exe
E:UTILIT~1VCOMSYSTEM~1mxtask.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesLogitechiTouchiTouch.exe
E:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSystem32LVCOMSX.EXE
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesiPodbiniPodService.exe
E:Program FilesLogitechVideoLogiTray.exe
E:Program FilesMessenger Plus! 3MsgPlus.exe
C:Program FilesJavaj2re1.4.2_04binjusched.exe
C:WINDOWSSystem32ctfmon.exe
c:progra~1intern~1iexplore.exe
C:Program FilesInternet Exploreriexplore.exe
E:Program FilesAceLogixFree Ram Optimizerfro.exe
E:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMSN Messengermsnmsgr.exe
E:Program FilesOperaopera.exe
C:WINDOWSSystem32wpabaln.exe
C:Documents and SettingsMarkDesktopHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sympatico.msn.ca/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.fpeglxzlb....ZrWh6IL2ZE.cgi
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - E:PROGRA~1POPUPP~1PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {95BD3FA8-9AC5-7C4D-70F4-F4291BB5EBFA} - C:PROGRA~1WARNSE~1startcurb.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [zBrowser Launcher] C:Program FilesLogitechiTouchiTouch.exe
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [Fix-It AV] E:UTILIT~1VCOMSYSTEM~1MemCheck.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] E:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] E:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] E:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [MessengerPlus3] "E:Program FilesMessenger Plus! 3MsgPlus.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [wipe meal audio hope] C:Documents and SettingsAll UsersApplication Datalive view wipe mealThird Load.exe
O4 - HKLM..Run: [file surf] C:PROGRA~1RULESU~1ScrPopBind.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "E:Program FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [MessengerPlus3] "E:Program FilesMessenger Plus! 3MsgPlus.exe" /WinStart
O4 - HKCU..Run: [Free Ram Optimizer] E:Program FilesAceLogixFree Ram Optimizerfro.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = E:UtilitiesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - E:Program FilesPopupPopperSiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O15 - Trusted Zone: http://www.hometheaterforum.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup....ab2292e6aa4d79
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd....?1095439771187
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon....t.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon....n.cab30149.cab
[/rant]

#11 of 20 todbnla

todbnla

    Screenwriter

  • 1,521 posts
  • Join Date: Oct 17 1999
  • Real Name:Todd
  • Location39466

Posted September 27 2004 - 03:07 PM

Wow, thats a big log file!Posted Image
Look here for help/info...
http://forums.spywar...hp?showforum=18
Regards,
Todd

My Blue-Ray & SD DVD's


Current HT setup: Vizio E601-A3 60" Led display, Pioneer VSX-521-k, Panasonic DMP-BDT320 Integrated Wi-Fi 3D Blu-ray DVD Player, SVS 2531PCi sub, Polk R30 mains, Polk CS125 center, Polk R15 x4 rears

 


#12 of 20 Glenn Overholt

Glenn Overholt

    Producer

  • 4,207 posts
  • Join Date: Mar 24 1999

Posted September 27 2004 - 03:40 PM

I have to ask the really dumb question here. You've got a new homepage, and it can be changed with the Tools menu of IE. Click on internet options and home.

If that doesn't work, get IE reinstalled, and take a few minutes to teach your brother a few things, please?

Glenn

#13 of 20 Mike Fassler

Mike Fassler

    Supporting Actor

  • 523 posts
  • Join Date: Jan 17 2004

Posted September 27 2004 - 04:02 PM

limit access to IE all together and keep using Opera or mozilla. IE is the most bloated pos browser around, but your log file looks pretty clean. update your WinXP to SP2 as well.

#14 of 20 Marko Berg

Marko Berg

    Supporting Actor

  • 856 posts
  • Join Date: Mar 22 2002

Posted September 27 2004 - 07:39 PM

I'm afraid I can't offer advice regarding the removal of this toolbar, but there are a few things you can do to prevent this from happening again (if you haven't already).

1. Set a separate user account for each individual user.
2. You should be the only administrator on the computer. Configure everybody else's account type as "Restricted". Restricted users aren't allowed to install programs. If it's necessary for someone else to install programs, configure that user's account type as Power User.
3. Set passwords for each account.
4. Configure the visitor account for casual users (teens' friends etc.) Any changes they make to the system (they aren't allowed to make many changes in the first place) will not survive a logout or a reboot.
5. Turn off the quick user change feature that does not force a user to log off and close programs the user is running.

#15 of 20 James T

James T

    Screenwriter

  • 1,643 posts
  • Join Date: Aug 08 1999

Posted September 28 2004 - 12:17 AM

That is a pretty big log. I'm surprised a toolbar is your only problem.

Quote:
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - E:PROGRA~1POPUPP~1PopLib.dll

That doesn't look familiar to me and the thing that pops up(no pun intended) is the word popup in there. Is it a popup stopper?

And Marko's idea is great, but you'll need Windows 200x or XP Pro to do that.

#16 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 28 2004 - 08:52 AM

Quote:
your log file looks pretty clean
Well, i know there's a couple things there, such as:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.fpeglxzlb...eZrWh6IL2ZE.cgi

which shouldn't be there.

James, that line you pointed out is for a popup blocker I installed before I encountered this problem.

#17 of 20 Robt_Moore

Robt_Moore

    Stunt Coordinator

  • 66 posts
  • Join Date: Feb 27 2002

Posted September 28 2004 - 11:06 AM

Mark:

What are these things:

C:WINDOWSSystem32LVCOMSX.EXE
C:WINDOWSSystem32wpabaln.exe

Hijackers like to hide in windowssystem32.

Also, do you need this:

O2 - BHO: (no name) - {95BD3FA8-9AC5-7C4D-70F4-F4291BB5EBFA} - C:PROGRA~1WARNSE~1startcurb.exe

BHO is browser helper object--these are toolbars (and other things), and I don't recognize this one.

And you may want to check out what these are:

O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE
O4 - HKLM..Run: [file surf] C:PROGRA~1RULESU~1ScrPopBind.exe
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - E:Program FilesPopupPopperSiteList.exe

These are the suspicious looking items.

Hope that helps.

Bob

#18 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 28 2004 - 02:51 PM

Thanks Bob. The first, LVCOMSX.EXE is actually required by Logitech webcams to connect to programs such as netmeeting, etc. As such, I can't very well delete that.

Quote:
The Pacs Portal Startup Applications List suggests it's "Logitech webcam related":
http://www.sysinfo.o....er=LVCOMSX.EXE

It may be a version of the Lvcoms.exe task detailed under 'Task List Programs -- L':
http://www.answersth....tasklist_l.htm
Quote: "Driver for Logitech's QuickCam Home cameras. It allows the camera to be accessed by NetMeeting, Windows Movie Maker, and the QuickCam software.

As for
C:WINDOWSSystem32wpabaln.exe
and
O4 - HKLM..Run: [file surf] C:PROGRA~1RULESU~1ScrPopBind.exe

I couldn't find any information regarding these.

The others that you mentioned I know are supposed to be there. The Sun Java Console one is what is installed when you install the Opera browser with Java support. Also the PopupPopper control panel is a program I willingly installed prior to this problem which I wanted to get rid of useless popups from websites.

Thanks for the help though Bob.

I took the advice of someone who posted here earlier, and downloaded the AboutBuster software, followed the instructions, and the problem seems to have disappeared. On my profile at least. I still need to log onto each user's profile in order to run this program, but now that I know it works, it wont be a problem.

Thanks to everyone for your help, and especially to Chris for suggesting AboutBuster.

#19 of 20 Wayne Bundrick

Wayne Bundrick

    Screenwriter

  • 2,358 posts
  • Join Date: May 17 1999

Posted September 29 2004 - 01:36 PM

WPABALN is the balloon reminder for Windows Product Authentication. It shouldn't be running unless you've just installed Windows XP and haven't authenticated it yet.
Wayne Bundrick

"It tastes like there's a party in my mouth and everybody's throwing up!" -- Philip J. Fry

#20 of 20 Mark Shannon

Mark Shannon

    Screenwriter

  • 1,991 posts
  • Join Date: May 27 2002

Posted September 29 2004 - 01:48 PM

Heh, that's exactly it Wayne. I just installed it a couple weeks ago and haven't got around to authenticating it yet. Thanks for noticing though.


Back to Computers



Forum Nav Content I Follow