lop.com toolbar-problem

  1. 18-11-2004  #1
    Michelle_Nr1
    Michelle_Nr1 is offline Newbie

    Question lop.com toolbar-problem

    Hi there! I have the same problem with the lop toolbar, but I'm not sure if I have to delete the same fils as Chocolate Pizza (thread from 11.10.04). There is a file named "heart1" and I think this could be a file that should not be there, but it's impossible to delete it. Here is my Hijack log:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:39:28, on 16.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
    C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
    C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programme\Network Associates\Common Framework\FrameworkService.exe
    C:\Programme\Network Associates\VirusScan\Mcshield.exe
    C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chvoldahpeqvjp.org/NDtf5.../Kxx514h6OP.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ricardo.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ricardo.ch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search.ch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: (no name) - {0A2A79AE-1BA5-386F-0C2C-BF6841B82BE5} - C:\DOKUME~1\ANWEND~1\SETTIN~1\Mess phone.exe
    O2 - BHO: (no name) - {51E98C08-867B-3C37-5A15-A48E856DB329} - C:\PROGRA~1\SETTIN~1\Mess phone.exe (file missing)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [army title ante math] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bindeafarmytitle\doesdupe.ex e
    O4 - HKCU\..\Run: [nounclose] C:\DOKUME~1\ANWEND~1\1HEART~1\safefast.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

    I hope anybody can help me. Computers are not my special subject and english neither. ;-) Thank you very much!!

    Michelle_Nr1

  3. 18-11-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    Please follow all of Owen's instructions HERE, I see some things that could be fixed by either Adaware or Spybot Search & Destroy. After following all of Owen's instructions please post a fresh log.
  4. 19-11-2004  #3
    Michelle_Nr1
    Michelle_Nr1 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Hi Bear

    Thank you very mutch for your reply. Spybot and Adaware6 were running and the software to protecte the computer is downloaded also the updates. Adaware6 selected some fils which i can't delete like c:\windows\system32\inetadpt.dll. Some of the dll-fils are good ones and i am not sure if it's a good idea to delete them all. However, here is my new Hijack log:

    Logfile of HijackThis v1.98.2
    Scan saved at 22:47:05, on 19.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
    C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
    C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programme\Network Associates\Common Framework\FrameworkService.exe
    C:\Programme\Network Associates\VirusScan\Mcshield.exe
    C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programme\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chvoldahpeqvjp.org/NDtf58...Kxx514h6OP.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ricardo.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ricardo.ch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search.ch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: (no name) - {0A2A79AE-1BA5-386F-0C2C-BF6841B82BE5} - C:\DOKUME~1\Nicole\ANWEND~1\SETTIN~1\Mess phone.exe
    O2 - BHO: (no name) - {51E98C08-867B-3C37-5A15-A48E856DB329} - C:\PROGRA~1\SETTIN~1\Mess phone.exe (file missing)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [army title ante math] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bindeafarmytitle\doesdupe.ex e
    O4 - HKCU\..\Run: [nounclose] C:\DOKUME~1\Nicole\ANWEND~1\1HEART~1\safefast.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

    I deactivated by Add-Ons used by IE Windows Messenger. I never used the Windows Messenger and i don't think to use it ones.

    Can you please help me? Thank you very mutch. Bye

    Michelle_Nr1
+ Reply to Thread
« my hijack this log | Norton Virus Definitions: error LU1821 »