Lop.com Toolbar - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-18-2005, 04:57 AM   #1 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default Lop.com Toolbar

On my 2nd PC (Kids one) I have noticed Lop.Com toolbar appears when IE6 is opened, it then sits on the Desktop when IE is closed
There is no Program in Add/Remove programs or any uninstall feature for it
The PC is Windows 98 & they do use MSN Messenger 7

Has anyone come across this & been able to remove it ? Ad-aware & Spybot both fail to pick it up

Thanks for any help
__________________

philb101 is offline  
Old 05-18-2005, 06:40 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Run Hijack This an post it
__________________

Osiris is offline  
Old 05-18-2005, 08:20 AM   #3 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default Hijackthis file as requested

Logfile of HijackThis v1.99.1
Scan saved at 13:01:56, on 05/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6711
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {C638F4FB-96B2-3147-2940-1381A2A5D744} - C:\WINDOWS\PROFILES\NET2\APPLICATION DATA\FLAG COPY\CDROM OOZE.EXE
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [mediamotor.exe] \mmups.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Coalmealdeletebat] C:\WINDOWS\Profiles\net2\Application Data\KindWaveCoalMeal\pure army.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Anti] C:\WINDOWS\SYSTEM\Isass.exe
O4 - HKLM\..\RunServices: [Isass] C:\WINDOWS\SYSTEM\Isass.exe
O4 - HKLM\..\RunServices: [NvMsnW] C:\WINDOWS\SYSTEM\Isass.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ez-Emoticons] C:\Program Files\EZ Emoticons\EZ.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm280YYGB
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/g...utLauncher.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.com/media/6364d3/g...gameloader.cab
philb101 is offline  
Old 05-18-2005, 08:36 AM   #4 (permalink)
Monster Techie
 
Join Date: Jan 2005
Posts: 1,100
Send a message via AIM to Blitze105 Send a message via Yahoo to Blitze105
Default

Post it under "log analyze" and some one will help, maybe even me lol.
By the way LOP, know what they are doing. I suggest only going there with opera or fx, just not IE.
__________________
I'm Forgetful! so if i stop posting on something that i was helping you with... PM me or IM me
yahoo and aol: blitze105
you can always IM or PM me if i offend you as well, i will edit the post if i have.
Blitze105 is offline  
Old 05-18-2005, 09:10 AM   #5 (permalink)
Ultra Techie
 
Join Date: Apr 2005
Posts: 720
Default

You should've posted this in the correct forums. Then, someone might help you.

-SkyHi
SkyHi is offline  
Old 05-18-2005, 09:10 AM   #6 (permalink)
Older But Wiser
 
kboy's Avatar
 
Join Date: Jul 2003
Location: So. Cal
Posts: 1,041
Default

Is there a cheat sheet or something to cross reference these damn logs to?
__________________
ASUS Sabertooth 990FX
AMD FX-8150
16 GB Ram
ASUS GeForce 760 GTX


1TB Sata Seagate
100 Gig Maxtor Sata 7200 Rpm
ASUS DRW 24B3S7 ATA Optical
Windows 7 Home Premium
Dell E228WFP 22"
kboy is offline  
Old 05-18-2005, 09:20 AM   #7 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default

Sorry about that, I wasn't aware that it needed posting back to a different forum. I have now found the correct one & posted it there

Thanks for your response
philb101 is offline  
Old 05-18-2005, 09:40 AM   #8 (permalink)
Field Engineer
 
SHAWN's Avatar
 
Join Date: Nov 2004
Location: Long Island, NY
Posts: 4,697
Send a message via AIM to SHAWN
Default

run spyware scans. See Sig.

Also check to see if there is a folder in Program Files
__________________
A+, Network + , HP Certified Tech and MCP

Specs: AMD Phenom II X6 1095T, Asus M477TD, 8GB GSkill Ripjaws DDR3 1600 7-8-7-24 1T, 128GB Crucial M4 SSD, ATi HD4650, W7, 27" HL272 Monitor
SHAWN is offline  
Old 05-18-2005, 04:35 PM   #9 (permalink)
Monster Techie
 
Join Date: Jan 2005
Posts: 1,100
Send a message via AIM to Blitze105 Send a message via Yahoo to Blitze105
Default

http://www.richardthelionhearted.com...gtutorial.html

I do NOTsuggest fixing the log even if you read that all.
__________________
I'm Forgetful! so if i stop posting on something that i was helping you with... PM me or IM me
yahoo and aol: blitze105
you can always IM or PM me if i offend you as well, i will edit the post if i have.
Blitze105 is offline  
Old 05-18-2005, 05:48 PM   #10 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Hijackthis file as requested

I found your problem:

I entries I posted, must be deleted. You currently have a trojan on your system.

O4 - HKLM\..\RunServices: [Isass] C:\WINDOWS\SYSTEM\Isass.exe Added by the BACKDOOR.FUTRO TROJAN!

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZCxdm280YYGB The entry &Search has been identified as nasty.

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/...outLauncher.cab Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!

R3 - Default URLSearchHook is missing Should be fixed if you do not know the application or if no application is mentioned.

O2 - BHO: (no name) - {C638F4FB-96B2-3147-2940-1381A2A5D744} - C:\WINDOWS\PROFILES\NET2\APPLICATION DATA\FLAG COPY\CDROM OOZE.EXE Entries found in this registry zone are potentially nasty. This application ([C638F4FB-96B2-3147-2940-1381A2A5D744] - Result: ) has been checked.

O4 - HKLM\..\Run: [mediamotor.exe] \mmups.exe
Roimoi/Media-Motor adware
__________________

Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 07:46 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.