I figured out that most of my problems on my laptop had to do with lop.com parasites. Adware, Search and Destroy, Avast, and Hijackthis doesn’t get rid of them. Does anyone know of a free lop remover?
Hi,
how do you reach that conclusion ?
what suspicious folders/files or registry entries have you found exactly ?
SPYBOT 1.3 SHOULD get rid of most of them
you got the newest versions of each and have them updated ?
- Please read “VirusRemoval” below, and post a hijackthis-Log
- also tell us what Onlinescanners Trend & RAV + ESCAN find/report…
I came to this conclusion because for the past couple of months I’ve been asking for help here. People guided me through search and destroy, adaware, avast, and hijack this. All the problems of those are were fixed thanks to some help. But some came back. I researched on the web for the problem and I came with tons of results about lop.com parasites. Then my home page browser was also changed to lop.com. I realized that a long time ago I download messenger plus with that ad service things that gives you the lop.com. I found a lop.com remover and it found tons of lop parasites that search and destroy, adaware, avast, and hijackthis didn’t find. But the remover ended up being a trial and it wouldn’t let me delete them.
my log:
Logfile of HijackThis v1.97.7
Scan saved at 10:04:33 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UnrealStreaming\ULiveServer\ULiveServer.exe
C:\Program Files\UnrealStreaming\UMediaServer\UMediaServer.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\kdx\KHost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\StreetSonic\My Documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emdwangpfgtgminenjpcrasz.org/ef_gP0IijYDmGgzgxB/M1Wi5eVkbB3kw4PAHO6la6qI.jpg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.vblddmmbmultscfiehchuwa.com/ef_gP0IijYDmGgzgxB/M1cuQKpGZhh224PAHO6la6qI.jpg");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\StreetSonic\Application Data\Mozilla\Profiles\default\1u8o0qly.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\StreetSonic\Application Data\Mozilla\Profiles\default\1u8o0qly.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {EDA1B500-6DBE-EF17-2D56-E1A4C6C09387} - C:\PROGRA~1\EACHRD~1\Barb itch.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [defyhide] C:\PROGRA~1\TITLEM~1\TransView.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IExplore.exe /U
O4 - HKLM\..\Run: [SupportScrAdminMpeg] C:\Documents and Settings\All Users\Application Data\fivelogosupportscr\KeepBike.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Advisor (HKCU)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .psd: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
Analyzer version : 3
bad.dat version : 8
good.dat version : 8
rec.dat version : 1
================================================================================
You are using a old version of Hijackthis, please update.
You are using a old version of Internet Explorer, please update.
All items in the log file which are not shown here
as to be deleted or safe to keep need to be investigated.
This website has a link to a tutorial on the hijackthislog:
http://members.home.nl/acred/cleaning.htm
Also use www.google.com to find out more on items not listed here.
================================================================================
THESE ITEMS SHOULD BE REMOVED:
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
n3 - netscape 7: user_pref(“browser.search.defaultengine”, “engine://c%3a%5cprogram%20files%5cnetscape%5cnetscape%206%5csearchplugins%5csbweb_01.src”); (c:\documents and settings\streetsonic\application data\mozilla\profiles\default\1u8o0qly.slt\prefs.js)
o16 - dpf: {00b71cfb-6864-4346-a978-c0a14556272c} (checkers class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
o16 - dpf: {11260943-421b-11d0-8eac-0000c07d88cf} (ipix activex control) - http://www.ipix.com/viewers/ipixx.cab
o16 - dpf: {166b1bca-3f9c-11cf-8075-444553540000} (shockwave activex control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
o16 - dpf: {33564d57-0000-0010-8000-00aa00389b71} - http://download.microsoft.com/download/f/6/e/f6e491a6-77e1-4e20-9f5f-94901338c922/wmv9vcm.cab
o16 - dpf: {41f17733-b041-4099-a042-b518bb6a408c} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/quicktimeinstaller.exe
o16 - dpf: {74d05d43-3236-11d4-bdcd-00c04f9a3b61} (housecall control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
o16 - dpf: {8e0d4de5-3180-4024-a327-4dfad1796a8d} (messengerstatsclient class) - http://messenger.zone.msn.com/binary/messengerstatsclient.cab
o16 - dpf: {c3dfa998-a486-11d4-aa25-00c04f72daeb} (msn photo upload tool) - http://sc.groups.msn.com/controls/photouc/msnpupld.cab
o16 - dpf: {c5e28b9d-0a68-4b50-94e9-e8f6b4697514} (nsvplayx control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
o16 - dpf: {cc05bc12-2aa2-4ac7-ac81-0e40f83b1adf} (live365player class) - http://www.live365.com/players/play365.cab
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
o16 - dpf: {f2a84794-ee6d-447b-8c21-3ba1dc77c5b4} (sdkinstall class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
o16 - dpf: {f54c1137-5e34-4b95-95a5-ba56d4d8d743} (secure delivery) - http://www.gamespot.com/kdx/kdx.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
o16 - dpf: {fe5d6722-826f-11d5-a24e-0060b0f1a5ae} (tukati launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
================================================================================
THESE ITEMS ARE SAFE TO KEEP:
\windows\system32\smss.exe
\windows\system32\winlogon.exe
\windows\system32\services.exe
\windows\system32\lsass.exe
\windows\system32\svchost.exe
\windows\system32\svchost.exe
\windows\system32\spoolsv.exe
\program files\alwil software\avast4\aswupdsv.exe
\program files\alwil software\avast4\ashserv.exe
\windows\system32\hpconfig.exe
\program files\hpq\notebook utilities\hpwirelessmgr.exe
\windows\system32\svchost.exe
\program files\unrealstreaming\uliveserver\uliveserver.exe
\program files\unrealstreaming\umediaserver\umediaserver.exe
\windows\wanmpsvc.exe
\windows\explorer.exe
\windows\system32\carpserv.exe
\program files\common files\real\update_ob\realsched.exe
\program files\hpq\one-touch\onetouch.exe
\program files\synaptics\syntp\syntplpr.exe
\program files\synaptics\syntp\syntpenh.exe
\program files\roxio\easy cd creator 5\directcd\directcd.exe
\windows\system32\wlansta.exe
\program files\quicktime\qttask.exe
\program files\winamp3\winampa.exe
\windows\kdx\khost.exe
\progra~1\alwils~1\avast4\ashdisp.exe
\program files\netscape\netscape 6\netscp.exe
\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
\program files\hewlett-packard\digital imaging\bin\hposol08.exe
\windows\system32\wuauclt.exe
\program files\hewlett-packard\digital imaging\bin\hpoevm08.exe
\program files\hewlett-packard\digital imaging\bin\hposts08.exe
\program files\msn messenger\msnmsgr.exe
o2 - bho: (no name) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
o2 - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
o3 - toolbar: &radio - {8e718888-423f-11d2-876e-00a0c9082467} - c:\windows\system32\msdxm.ocx
o4 - hklm..\run: [atimodechange] ati2mdxx.exe
o4 - hklm..\run: [carpservice] carpserv.exe
o4 - hklm..\run: [atipta] c:\program files\ati technologies\ati control panel\atiptaxx.exe
o4 - hklm..\run: [preloadapp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
o4 - hklm..\run: [srmclean] c:\cpqs\scom\srmclean.exe
o4 - hklm..\run: [display settings] c:\program files\hpq\notebook utilities\hptasks.exe /s
o4 - hklm..\run: [qt4hpot] c:\program files\hpq\one-touch\onetouch.exe
o4 - hklm..\run: [syntplpr] c:\program files\synaptics\syntp\syntplpr.exe
o4 - hklm..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm..\run: [adaptecdirectcd] “c:\program files\roxio\easy cd creator 5\directcd\directcd.exe”
o4 - hklm..\run: [cpqset] c:\program files\hpq\default settings\cpqset.exe
o4 - hklm..\run: [wlansta.exe] wlansta.exe start
o4 - hklm..\run: [quicktime task] “c:\program files\quicktime\qttask.exe” -atboottime
o4 - hklm..\run: [kdx] c:\windows\kdx\khost.exe
o4 - hklm..\run: [defyhide] c:\progra~1\titlem~1\transview.exe
o4 - hklm..\run: [avast!] c:\progra~1\alwils~1\avast4\ashdisp.exe
o4 - global startup: adobe gamma loader.lnk = c:\program files\common files\adobe\calibration\adobe gamma loader.exe
o9 - extra ‘tools’ menuitem: sun java console (hklm)
o9 - extra ‘tools’ menuitem: yahoo! messenger (hklm)
o9 - extra button: aim (hklm)
o12 - plugin for .bmp: c:\program files\internet explorer\plugins\npqtplugin6.dll
o12 - plugin for .psd: c:\program files\internet explorer\plugins\npqtplugin8.dll
================================================================================
THESE ITEMS ARE NOT NEEDED TO LOAD AT BOOTTIME FOR
THE SYSTEM TO WORK, IT IS RECOMMENDED TO REMOVE THEM:
o4 - hklm..\run: [tkbellexe] c:\program files\common files\real\update_ob\realsched.exe -osboot
o4 - hklm..\run: [winampagent] “c:\program files\winamp3\winampa.exe”
Hi Artras,
why does your analyzer flag ALL “O16-DPF”-entries for Removal, even the good ones ?
???