Lop.com Toolbar - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-18-2005, 06:07 PM   #11 (permalink)
Older But Wiser
 
kboy's Avatar
 
Join Date: Jul 2003
Location: So. Cal
Posts: 1,041
Default

Thanks Blitze...
__________________

__________________
ASUS Sabertooth 990FX
AMD FX-8150
16 GB Ram
ASUS GeForce 760 GTX


1TB Sata Seagate
100 Gig Maxtor Sata 7200 Rpm
ASUS DRW 24B3S7 ATA Optical
Windows 7 Home Premium
Dell E228WFP 22"
kboy is offline  
Old 05-18-2005, 06:12 PM   #12 (permalink)
Monster Techie
 
Join Date: Jan 2005
Posts: 1,100
Send a message via AIM to Blitze105 Send a message via Yahoo to Blitze105
Default

No problem
__________________

__________________
I'm Forgetful! so if i stop posting on something that i was helping you with... PM me or IM me
yahoo and aol: blitze105
you can always IM or PM me if i offend you as well, i will edit the post if i have.
Blitze105 is offline  
Old 05-19-2005, 04:23 AM   #13 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default

Thanks for your efforts Warez Monster but no success, what happens is whne IE is opened the Lop Toolbar appears along the bottom of the screen but when you close IE the Lop Toolbar is still there on the Desktop (so its not actually in IE but only activates when IE is opened)
philb101 is offline  
Old 05-19-2005, 04:31 AM   #14 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Can you repost your new log then? Since you fixed the last one, maybe there is something else.
Osiris is offline  
Old 05-19-2005, 05:13 AM   #15 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default

This is the latest HiJack file, a little bit more investigation has found that the Lop toolbar is only displayed after IE opens for the first time, it is not in IE however but sits on the Desktop even when IE has been closed

Logfile of HijackThis v1.99.1
Scan saved at 10:09:57, on 05/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kfijcripxohboinrgnrqzd.ne...ObrRWD_DL.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6711
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Coalmealdeletebat] C:\WINDOWS\Profiles\net2\Application Data\KindWaveCoalMeal\pure army.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAM FILES\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Anti] C:\WINDOWS\SYSTEM\Isass.exe
O4 - HKLM\..\RunServices: [NvMsnW] C:\WINDOWS\SYSTEM\Isass.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ez-Emoticons] C:\Program Files\EZ Emoticons\EZ.exe
O4 - HKCU\..\Run: [GlobalFlap] C:\WINDOWS\PROFILES\NET2\APPLIC~1\16AXIS~1\citybag sthis.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm280YYGB
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} (LREGameLoaderCtrl Class) - http://media.grab.com/media/6364d3/g...gameloader.cab
philb101 is offline  
Old 05-19-2005, 05:28 AM   #16 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Remove entries a your own risk

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) Should be fixed.

O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient Unknown application

O4 - HKCU\..\Run: [Ez-Emoticons] C:\Program Files\EZ Emoticons\EZ.exe Unknown application.

sthis.exe This is a unknown process.


O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZCxdm280YYGB The entry &Search has been identified as nasty.
Osiris is offline  
Old 05-19-2005, 09:15 AM   #17 (permalink)
Older But Wiser
 
kboy's Avatar
 
Join Date: Jul 2003
Location: So. Cal
Posts: 1,041
Default

I don't know if ya tried this yet but it looked promising...


http://www.doxdesk.com/parasite/lop.html
__________________
ASUS Sabertooth 990FX
AMD FX-8150
16 GB Ram
ASUS GeForce 760 GTX


1TB Sata Seagate
100 Gig Maxtor Sata 7200 Rpm
ASUS DRW 24B3S7 ATA Optical
Windows 7 Home Premium
Dell E228WFP 22"
kboy is offline  
Old 05-19-2005, 05:14 PM   #18 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Did you do it yet?
__________________
Osiris is offline  
Old 05-20-2005, 09:48 AM   #19 (permalink)
True Techie
 
Join Date: Nov 2003
Posts: 109
Default

Sorry haven't replied before, still no success, I've also looked into other Forums etc, ran various Spyware programs, I use Spybot & Ad-aware, some of the others report finding "Lop" but require payment to remove the Trojans
The fault appears when IE opens for the first time, it isn't in IE as if you open a smaller resized window its ok but the Lop blue search bar appears on the Desktop about the Start/Taskbar. it has on the Close "X" which doesn't work
Since it just for school work & games I think I'll just reformat & reload Windows
philb101 is offline  
Old 05-20-2005, 01:50 PM   #20 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Can you post a screen shot of it? What if it happens again? You going to reload windows? Your better off try to get rid of it first.
__________________

__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:54 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.