0

I Have A Suspicious Little Task Running In My Taskmanager Name bows hold.exe Any Ideas On How To Remove It? I have tried searching my pc for it never found it and no matches on the web! Also I Have Been Having Problems With My Windows Explorer. At Times After 1 Hour Or So After My Computer Being On It Starts To Stop Letting Programmes Open, Doesnt Let Me Open My Favourites Or Download With My Internet Explorer And Doesnt Let Me Open Task Manager If You Can Help Me With Either Of These Problems It Would Be Apreciated.!! :cheesy:

Logfile of HijackThis v1.98.2
Scan saved at 11:10:03 PM, on 1/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
F:\Program Files\Messenger Plus! 3\MsgPlus.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\All Users\Application Data\curbinsidedatecreative\bows hold.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lukas Bernard\Desktop\Desktop\Security\HijackThis.exe

3
Contributors
6
Replies
7
Views
12 Years
Discussion Span
Last Post by crunchie
0

You have posted only half of the log :). Uninstall Messenger Plus as it comes bundled with LOP, the infection you currently enjoy :). You can reinstall Messenger Plus without the sponsor.

Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe

You need to update hijackthis to version 1.99. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by opening the program, going to config\misc tools, then uninstall & exit. You then have to delete the file manually. Unzip the new version into the hijackthis folder.

0

hi thanx for the help but it didnt work lop dot com was not located in the add/remove programs. how do i reinstall msg plus 3.4 without spyware. and the lop dot com uninstaller i think didnt do much because i still have a search spybar in my internet explorer. thx

0

my full log :mrgreen:

Logfile of HijackThis v1.98.2
Scan saved at 11:10:03 PM, on 1/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
F:\Program Files\Messenger Plus! 3\MsgPlus.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\All Users\Application Data\curbinsidedatecreative\bows hold.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lukas Bernard\Desktop\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.249.220.229:80
R3 - Default URLSearchHook is missing
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - F:\Program Files\iMesh Light\iMeshBHO.dll (file missing)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {9F5B4594-8BE1-2066-2058-2D7A0CF69187} - C:\DOCUME~1\LUKASB~1\APPLIC~1\32BURN~1\peak meet.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://pcc-web.parracity.nsw.gov.au/iNotes6.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097942269279
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C96E4911-9087-44F2-908B-5AD05155560D} (WDSConfiguration Control) - http://optus.wds.net.au/fcroot/CAB/WDSConfiguration.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {DA9CE862-0242-4ECD-9D45-00E2C8B9CDF1} (ParsMailSimpleVoice.pmVchat) - http://www.sinasoft.net/vchat/pmvoice4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2C65F79-16D6-4E64-BE9A-0C23070F31F0}: NameServer = 203.134.17.90 211.26.25.90

0

I suggest this!
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

Then post a HJT log as a reply to this topic.

0

hi thanx for the help but it didnt work lop dot com was not located in the add/remove programs. how do i reinstall msg plus 3.4 without spyware. and the lop dot com uninstaller i think didnt do much because i still have a search spybar in my internet explorer. thx

When you are installing MSG Plus you are asked if you want to install it with supported software or without, choose without .

0

If that doesn't work, Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R3 - Default URLSearchHook is missing

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - F:\Program Files\iMesh Light\iMeshBHO.dll (file missing)

O2 - BHO: (no name) - {9F5B4594-8BE1-2066-2058-2D7A0CF69187} - C:\DOCUME~1\LUKASB~1\APPLIC~1\32BURN~1\peak meet.exe

Reboot into safe mode following the instructions here and navigate to and delete the following if found:

C:\DOCUME~1\LUKASB~1\APPLIC~1\32BURN~1<----folder

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.