http://lop.com/passthrough/newpass2.html

I have thrown everything but the kitchen sink at this infuriating toolbar (which pops up every time I open up an I.E.,) and it will not click off. The best I can do is go to Processes and 'guess' which I.E. instance it is and end it. But it always comes back. I have run Ad-Aware, Spybot and Microsoft's Spyware removal tools against it with no luck. Please help - I'd be happy to post the HijackThis! log but the forum said not to until asked...

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

OK, yes last night I spent 7 hours doing EVERYTHING that was suggested and I THOUGHT i had fixed the problem. But this morning, it was back (yes, I had system restore disabled.) I feel like Happy Gilmore did with the laughing clownface on the minigolf course.

I will post the Hijackthis! logfile this evening and hopefully someone will be nice enough to help me defeat this once and for all.

 

Need help with Lop removal without buying software

Hello,

I've had this problem for almost a year now. I have this incessant searchbar that I can't click off that pops up at the bottom of my screen everytime I open an instance of IE. When I right click, the properties tells me it is 'http:lop.com/passthrough/newpass2.html'. I have gone through every step reccommended (took 7 hours last night,) and I thought all was well. In cleaning my computer, I found the following trojan's: SCTHOUGHT.H, QOOLOGIC.A, and SERADVER.A. I deleted these files and Microsoft's Spyware tool detected 'FunWeb.com' which I had removed. However, When I logged on this morning, the searchbar returned. I did everything the way it was reccommended in your comprehensive process, including disabling system restore.

I am at my wits end, I hope someone will be kind enough to look at my attached HijackThis! logfile and let me know what to do next.

 

Re: Need help with Lop removal without buying software

Go ahead and attach the log. (nevermind . . . I see it now!)

Are you using Messenger Plus! 3? It installs LOP.

PP

 

Re: Need help with Lop removal without buying software

As far as I can tell I dont have Messenger 3 but to be perfectly honest i'm not sure.

 

I love that movie, ive felt like that before as well. Spyware can make you get there fast. Anyway yeah go ahead and post a HJT log and myself or someone else will be glad to assist you in removing your infection(s). Make sure you have HijackThis 1.99.1. Make sure when you run HJT that your are in normal mode and that you have ALL BROWSERS CLOSED!

Thanks Bj

 

Please disregard this thread - I could not find it earlier and ended up posting a new one. Feel free to delete this if it is in the ability of the person reading this.

 

Re: Need help with Lop removal without buying software

I didn't see it.

You can fix this one with HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.avwalpamjkzslwlgctqy.us/...20yq1lh0jIOHV2_XhwDHl0ersMs98qjwnoCFNxGc.html


I do not know what this is, do you?
O4 - HKCU\..\Run: [Intra Frag] C:\DOCUME~1\bestbuy\APPLIC~1\BYTEBL~1\CompClock.exe

Other than those, nothing really jumps out at me. Perhaps check the 016 DPF entries in your log to make sure you recognize and need them all.

PP

 

10-04

 

I merged the two threads and now it's a mess We'll follow along, though. . . .

PP

 

OK - I will fix the H1 entry with HijackThis! and the other entry you mentioned is in a folder called 'Byte bleh soft' so it's gonna be history too. Now, should I use safe mode when deleting? Or go back to normal? Should I have system restore off?

Thanks!!

 

Thanks PP!

 

Not a problem! Though the thread's all wacky now

 

Turn System Restore OFF until all is well with your machine!

If the folder gives you any trouble when you try to delete it, then try Safe Mode.

Then, give us a fresh HJT Log from Normal Windows boot!

BJ or I will check back as time permits.

PP

 

Thanks so much for your help so far. I'll let you know how it goes.

 

AllRightyThen!

 

OK, on first examination it has not yet appeared and Microsoft's Spyware Tool isn't constantly warning me that some app is trying to change my homepage and install a BHO. So this is great news so far. I am attaching the current Hijackthis log file for you - if for nothing else than to compare differences should the attack return. Thanks again!

 

Your log didn't attach! Try again!

PP

 

Here is attachment

 

Hi nyck944, First be sure you have "System Restore" disabled per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656

O4 - HKLM\..\Run: [iexplore] C:\Program Files\Internet Explorer\IEXPLORE.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.d211.org:8000/iNotes.cab

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)



Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot, post a new HJT log and let us know how things are running.

Thanks Bj

 

Thank you for the information. I too was having a problem with the lop/passthrough toolbar and nothing was working. I downloaded and ran every scan y'all required and it was still there. I was at my wits end. Without the post of removing MSN Plus (which I immediately did) I would not have fixed it.

THANKS!!!!!

TexVamp

 

So, your not having any further problems? From now on please create your own thread to prevent confusion.

 

No. I am not. Thanks I will.

 

Okay!