Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XXXToolbar, LOP cookies, URL change


  • Please log in to reply

#1
Jensen539

Jensen539

    New Member

  • Member
  • Pip
  • 1 posts
Hi. Keeps getting LOP cookies search toolbar in the top of IE, XXTOOLBAR in the buttom, attempts to change URL's, a lot of processes running, google searcbar has disappeared, icons for Casino and Poker on the desktop etc..

Tried Spybots, tds3, Nuker, CWShredder, Spy_ferret, SpywareBlaster, Ad-aware and have all the time been running an upgrated Avast. System is XP fully upgrated and SP2.

It seems like I can remove the stuff with Ad-aware/Nuker, but after the next boot, it is back, and Ad-aware will fix a LOP cookie, a LOP program and some reg. entries. The LOP program appears in Ducuments and Settings/MIA/Lokale Indstillinger/Temporary Internet Files under different names as an .exe ( Lokale Indstillinger is Danish, I don't know why I have this mixture ).

I have tried to diconnect the internet, start in DOS mode and delete the content of those temp and cookie directories, but after next restart back to problems.

After running HijackThis, I have deleted the 2 reg. entries containing Internet Explorer, but they are made after next boot. Another strange thing is, that a couple of instances of C:\Programmer\Internet Explorer\iexplore.exe are running, even though I have uninstalled IE, and there is no such file in that directory, so I believe, that they are files generated form the suspicius program.

Well this is a hard not, and I consider myself as an experienced user.

Regards Jensen

Logfile of HijackThis v1.99.1
Scan saved at 18:32:33, on 15-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashserv.exe
C:\Programmer\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPJETDSC.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Bluetooth-software\BTTray.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\MIA\Skrivebord\Ny mappe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cafmiiczo...N3NlLKwATi.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\Programmer\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Startgrimsavevga] C:\Documents and Settings\All Users\Application Data\gpldownloadstartgrim\PopMpeg.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spyware Nuker] C:\Programmer\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [mix skip] C:\DOCUME~1\MIA\APPLIC~1\MEDIAM~1\close each.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093535293056
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

Edited by Jensen539, 15 April 2005 - 11:10 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP