Lop - C2Media

I'm sure a lot of people have had problems with this awful spyware/toolbar. My daughter accidentally downloaded it with MSN Plus (LOP sponsors it) and we haven't been able to get rid of the toolbar since. I've tried Spybot and all the usual spyware programmes, but it's still there. I've uninstalled MSN Plus (re-installed without allowing sponsor update) but this thing just stays on the bottom of the IE page. I'm sure it's slowing up my system, as the internet seems to take a bit longer than it used to. It's also very annoying to think this thing is watching and updating my system all the time I'm online.

Some web pages have suggested I edit my registry. I'm not an expert in this field, so any suggestions on what I should do? I'm running XP and have just installed SP2.

 

Thanks - have printed off the instructions and will check later tonight (I'm currently at work in the UK!) Will update to confirm if succesful.

 

Done all in the tutorial. Installed all the software. Guess what - toolbar still there. It's really annoying and I want to thrash the people who are responsible for it. Shall I download 'hijack this' - it can't do any harm to the computer can it?

Cheers

 

Here's the hijack this txt file as requested. All looks a bit strange to me.....

Hope you can locate where this beast is lurking..

Cheers

 

It's highly suggested that you place HiJackThis in its' own folder like C:\HJT\ and then run the program.

Please do that now and then post another log.
Thank you.

 

Sorry - have saved in its own folder on C drive and run a new log. Here it is.....

 

looks like you have a trojan on your machine

boot to safe mode with networking support and run a trojan scanner on your system. You can find a list of alternatives near the bottom of the tutorial.

the following keys should be removed from HJT

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KiG]
O4 - HKLM\..\Run: [bh0YsON]
O4 - HKLM\..\Run: [w75P36W] bbcogcfg.exe

in a brief discussion, chaslang and I decided that this was bad too
O4 - HKLM\..\Run: [REGS FORK PLUS SETUP] C:\Documents and Settings\All Users\Application Data\birdlongregsfork\move bind.exe

 

OK will do - what trojan software do you suggest?

 

a squared (A2) seemed to be working good. I haven't had a chance to effectively try out anything else.

 

Thanks - this has worked. A2 found LOP and it was destroyed. We're continuing to run (or my daughter is) Messsenger Plus!3. We'll see how this goes.....

You have saved me a whole lot of time and frustration. I can't thank you enough.

Cheers

 

awesome!