Can't get rid of Lopdotcom

Hello,
Recentley my fathers computer was infected by lopdotcom. We have 3 computers hooked up to the same network. He scanned and removed this adware/spyware from both of his computers using webroot spy sweeper.
I also have the same scanner, and it finds it, removes it, But after reboot it's still there. Iv'e read and wen't through all the steps from this forum, but nothing seems to get rid of it.I have spybot s&d which doesn't even find it w/ the latest updates. I have hijack this, which I ran once, and now doesn't even let me in to the program. Iv'e Scanned countless times in safe mode, still after reboot lopdotcom is still there. I have ghostsurf pro, which is working well. I scanned for viruses using both norton antivirus 2004 prof. and sytem suite 5 Deep scanner. I don't know what else to do.

It would be greatly apprecieted for any help to remove this LOPDOTCOM

Thank You

 

Try this thread:
http://forums.majorgeeks.com/showthread.php?t=50924
and see if it applies to what you have.

 

Hi Grimmer,

You might also try this tool: OmegaKillerSM v1.2

Give it its own folder - C:\Program Files\OKSM & run it twice.

Best luck
PP

 

Hey, I downloaded that tool, ran it twice, and it said that my browser has been hijacked.
But when I rebooted my pc it was hijacked again, and Lopdotcom was still there.
Another thing, Does Tkbell startup entry have anything to do w/ this? What can I do to make sure this adware doesn't keep coming back?

Thanks For your help.

 

Tkbell is relatively benign - It loads along with Real Player, for some reason.

Did you try the suggestion in TheDoug's link? Normally I like to stay away from those types of "Uninstallers" which often do not work the way they should, but if TheDoug vouches for its effectiveness, then perhaps worth giving it a go? It worked in that thread.

Also a good idea to follow the cleanup tutorial Chaslang linked. Often, where there is one malware, more can be found.

Let us know how you fare!

PP

 

Ok,
I tried everything in the READ ME FIRST thread and still after reboot lopdotcom is still there. I also ran HJT. and copyied+pasted it to the link you sent me, I removed everything that said "nasty" and after reboot still there.
Also, I just noticed that after I scan w/ Webroot Spy Sweeper, when it detects Lopdotcom, it says it found 40 traces, but when I go to remove it, it says it only remvoved 21 traces.
Another thing that seemed strange, was that my firewall keeps poing up trying to connect to liveupdate when I just updated the definitions, after I don't allow it to connect, It tries to connect again but is says Application Layer Gateway????
I hope I Have given you enough info. If you need more let me know.

Thankx for all the help

 

Hey Doug,

Sorry I took so Long to respond, Hopefully you didn't forget me.
I looked at the thread and it sounds like we have different problems,I don't get any stange desktop icons leading to poker sites etc... and it didn't add any favorites to internet explorer.
Pretty much the only problem I can Find, Is that after I've run Spy Sweeper it finds lopdotcom, removes it but after reboot it's stll there. I also have spybot s&d but that doesn't even find it. I've run both in safe mode, spy sweeper did find it before, now it doesn't. I'm wondering if that has anything to do with the stuff I was told to remove from hijack this.
I've done everything, step by step in the sticky notes,still the adware is still there. I've tried the OmegaKiller tool, it said my browser was hijacked,and it reset my homepage.
Something that is strange to me, is that everywhere I go and look up this adware/malware/whatever, says that it redirects my internet eplorer to a different site. But thats not the case, I've had this adware for at least 2 1/2
Weeks now, and not once has it redirected me to another site.

If theres any information on the removal of this PARASITE, Please let me know.


Thank You

 

Hello chaslang,

I looked at those links you gave me,which was helpful, now I know a little bit more of what I'm dealing with. But still i'm stumped on how to remove it. I thought about just going through the registry and seeing if what was removed by spy sweeper is still there,and if so deleting it. But I'm no computer genius, and I'm afraid if I start doing that,it could screw something up. There must be some key or value in there that is not getting removed,if I knew what to look for to delete, that would make it easier.
Anyways, I copied the log from spy sweeper,and to me it looks like it had no problems removing it.
Heres the log,hopefully you can make something of it.

Thank you for your time,and guidance.


01:14 PM: |··· Start of Session, Thursday, January 06, 2005 ···|
01:14 PM: Spy Sweeper 3.5.0 (Build 189) started
03:49 PM: Sweep initiated using definitions version 439
03:49 PM: Sweeping memory for threats.
03:49 PM: Memory sweep has completed. Elapsed time 00:00:15
03:49 PM: Registry sweep initiated.
03:50 PM: Found: 40 Lopdotcom registry traces.
03:50 PM: Registry sweep completed. Elapsed time 00:01:02
03:50 PM: Full sweep on all local drives initiated.
03:50 PM: Now sweeping drive C:
04:07 PM: Now sweeping drive D:
04:08 PM: Found: 0 file traces.
04:08 PM: Full Sweep has completed. Elapsed time 00:19:12
70,633 files swept
40 item traces located
08:03 PM: Removal process initiated
08:03 PM: Quarantining: Lopdotcom
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9527d42f-d666-11d3-b8dd-00600838cd5f}||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\clsid
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\curver
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\clsid||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\curver||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32||threadingmodel
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib||(-default-)
08:03 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\clsid
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\curver
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\clsid||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\curver||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32||threadingmodel
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib||(-default-)
08:03 PM: Registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid||(-default-)
08:03 PM: Cleaning Traces
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\curver
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj\clsid
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\ielogsystem.iewatchobj
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32|| (threadingmodel)
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32
08:03 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\curver
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj\clsid
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\ielogsystem.iewatchobj
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\versionindependentprogid
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\typelib
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\programmable
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\progid
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32|| (threadingmodel)
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}\inprocserver32
08:03 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{9527d42f-d666-11d3-b8dd-00600838cd5f}
08:03 PM: Removal process completed. Elapsed time 00:00:02
1 items (40 traces) quarantined.
08:03 PM: Deletion from quarantine initiated
08:03 PM: Processing: Lopdotcom
08:03 PM: Deletion from quarantine completed. Elapsed time 00:00:00

 

Hello,
Yes I have Ghostsurf pro., I usually always run it,unless a website causes me problems.
I don't have sling shot,never heard of it,and it did not come installed w/ ghostsurf.
As far as I know the program Ghostsurf is not anything bad, It's a program for anonymous web search/privacy protecter. I got that from Best buy.
But sling shot, I've never heard of.
If you need more info. let me know.
Thank You

 

I hope thats the case.I did send them a report about the problem hopefully they'll be able to fix what's going on.

Thank You, I hope I didn't waste too much of your time.