Bendsitelogo -Want it gone!

Can anyone help me to remove the search bar "Bendsitelog" ? I keep going to Toolbar and un-clicking it and clicking Google but it keeps coming back. I have my default set to "blank" yet it still opens with Bendsitelog.

Any help to remove this for good would be appreciated.

 

Post a log from HijackThis so our forum members can see
what's going on. The current version is 1.97.7 [created by merijn bellekom]
Most of what it lists will be harmless, even essential,DON'T fix anything yet please.

Firt make a new folder, for instance C:Antispyware

Get it here http://radiosplace.com/ choose save, NOT OPEN
Save it to that new folder, double-click HijackThis.exe,
and hit "Scan ". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, It will load it in Notepad, and copy its contents here.
Close hijackthis and notepad.

 

Have you run Spybot Search & Destroy or Lavasoft Adaware, as it sounds as if it could be spyware on your computer that is causing it to come back

 

Yes I have.... I run them on start up automatically. Thanks for the reply though.

 

If you run an OS that has the System Restore feature, you may have bad stuff in the 'restore' archive that reloads the junk.

Try turning off system restore, cleaning the PC, and then turning system restore back on. You will have cleared out any old restore points (and data) so might be getting a clean start.

 

OK Newt, I'll give that a try. I did just try to restore to 3 different dates and it kept telling me I cannot retore to those dates and that my pc. had not been changed - I've never had that before. (P4 with XP Home Edition)

What are you meaning by cleaning the pc - running ad-aware & spybot ???

Thanks

 

So far so good Newt - I turned off restore, ran Ad-Aware and Spybot and Bendsitelogo was gone.... I turned restore back on and name the restore point Newt's Solution - for the want of a better name

Thanks so much for your assistance

 

By 'clean' they may mean turning off System restore until the issue is fixed, or by cleaning the system restore folders?

BTW, such a very interesting name, reknaw... *has a habit of reading things backwards*

 

my sister had a problem like this, try clicking on another IE link, like in the start menu... You may have downloaded something from a page that puts their link on your desktop, and makes it look like a shortcut to IE.

Good luck,
Jason

if not, try AVG from grisoft.com

 

Bendsitelogo is back...

Sorry to trouble you again. I just can't get rid of it this time. I've un-checked System Restore in XP Support, cleaned it with Ad-Aware and Spybot and back it comes when I open I.E. It's on my Toolbar and un-checking doesn't help and setting I.E. to open with a blank page or anyother page doesn't help....

Is there anyway to get rid of it for good. I hate it when I have no control over this machine.

 

Click

 

Here's my log..... thanks guys, let me know what to delete...thanks

Logfile of HijackThis v1.97.7
Scan saved at 11:27:48 PM, on 5/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\drivers\dcfssvc.exe
C:\WINXP\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINXP\System32\ScsiAccess.EXE
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MP3ONC~1\mapi bags size.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINXP\Plaxo\1.4.2.25\InstallStub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINXP\System32\hpoipm07.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\KENALL~1.KEN\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Ken Allen\Application Data\Mozilla\Profiles\default\4gq2iyfn.slt\prefs.js)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8687B819-53F4-F36C-9AE2-82A7DF346F7D} - C:\PROGRA~1\DELETE~1\gplcity.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bendsitelogo - {4A33A2BF-3953-1CB8-FE1B-A9BFE8228886} - C:\PROGRA~1\DELETE~1\gplcity.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINXP\realtime.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [debug five] C:\PROGRA~1\MP3ONC~1\mapi bags size.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINXP\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1uk.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4C913BF-3BFF-46D3-84D5-655AE7145BEB}: NameServer = 206.47.244.51 206.47.244.106

 

Hi all i see is Messenger plus and its added adware parrisite Lop, another.
I recommend getting rid of Messenger Plus 2 It is third party MSN Messenger extension Not recommended as it includes Lop.com - see here. I have included it in the removal with HJT but I would recommend that you go to Start>Control Panel>Add Remove Programs and look for it in the list there. If you find it, please Remove it with the Change/Remove button. There are other safer Instand Messenging Programs.
http://www.spywareinfo.com/newsletter/archives/june-2003/3.php

However if you want to keep the program uninstall it and fix as directed below when we are done install it again and choose not to install its added features this time.
So provided you have just uninstalled it.

Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders) that show in the taskbar. Then Hit fix selected
[items in blue are recommended or optional]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

O2 - BHO: (no name) - {8687B819-53F4-F36C-9AE2-82A7DF346F7D} - C:\PROGRA~1\DELETE~1\gplcity.dll
O3 - Toolbar: Bendsitelogo - {4A33A2BF-3953-1CB8-FE1B-A9BFE8228886} - C:\PROGRA~1\DELETE~1\gplcity.dll

O4 - HKLM\..\Run: [debug five] C:\PROGRA~1\MP3ONC~1\mapi bags size.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.ex
If still there >O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
-MessengerPlus2 (MSGPLUS.EXE)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
==========
Restart the PC find and delete these
C:\Program Files\Messenger Plus! 2
C:\Program Files\AutoUpdate
C:\PROGRAM FILES\DELETE
Not sure of the full name's but they need to go
C:\PROGRAM FILES\MP3ONC
Those files might be hidden so You might have to have windows show hidden file's and folder's in order to see them.
How to Show hidden files and folders.


Surf awhie than make and post a new log

 

Thanks Lonny: I'll try that sometime tomorrow, fresh and sober. At the
moment it looks complicated but I'm sure if I follow your instructions one line at a time it will be fine. Thanks again - I'll report results later.

 

Thanks again Lonny - worked a treat... I did get rid of Messenger Plus 2.
as for C:\Program Files\DELETE....... I had .......\DELETE EACH - wasn't sure there so I left it. also MP3ONC - I had MP3ONCE MAGS so I left that...

Are those the files I should have deleted ? It does seem to be OK now, so should I leave well alone ??

Thanks again for all your help.

 

Yes you can delete those if you like ,, no real need though, if your unsure just leave them,

But I would
MP3ONCE MAGS
DELETE EACH
AutoUpdate


You should post one more log to

 

I don't believe this...... Bendsitelogo has gone so the above advise was great.
Now all of a sudden my IE Opening page is Msn.com.... same thing, I can change it to open on a blank page (which I've always had and like)
as soon as I come back it changes to MSN.COM

Sorry to ask again - any solution to this one ???

Thanks in advance

 

reknaw Post a new log

If you set a page to blank then run Ad-Aware it will reset it to msn
is that a posibility ?

 

OK... I tried that Lonny - I set it to blank, ran Ad-adware and it reset to MSN.com ...but, that's not what I want - I want blank not MSN. Did you mis-understand me ???

 

reknaw,

Please post another HJT log, so we can make sure things are clean. Lonny was asking if it was possible that your page was getting reset because you ran Ad-aware, since it is targeting a new nasty that sets things to blank. If I understand you correctly, Ad-aware isn't causing the problem though. It is getting reset to MSN everytime you close IE?