Lop.com toolbar removal?

Hello

I've been through the tutorial and cleaned out a whole lot of stuff -
everything worked bar the symantec online scan which couldn't get past the blank page stage in either safe or normal boot mode.

The parasitic toolbar is still there and is clearing letting other stuff back in

I have downloaded all of the referenced tools and have Hijack This logfile available

thanks
Chris

 

Usually this comes with Messenger Plus 3! so first look in Add/Remove Programs and uninstall if found.

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

thanks for this.
the messenger program was not installed (or had been deleted by an earlier scan perhaps)

here is the logfile as suggested

Chris

 

It just occurred to me that the logfile I just posted was generated in safe mode

In case it makes a difference, here is one that was generated from a normal windows startup

Cheers
Chris

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Messenger Plus 3!



Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [lGXTDJS.exe] C:\windows\system32\lGXTDJS.exe
O4 - HKLM\..\Run: [TrSy.exe] c:\windows\system32\TrSy.exe
O4 - HKLM\..\Run: [lGXTDJS] C:\windows\system32\lGXTDJS.exe
O4 - HKLM\..\Run: [Dog idol bird more] C:\Documents and Settings\All Users\Application Data\Time log dog idol\firsttrans.exe
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\Messenger Plus! 3 ←–– Delete this whole folder if it exist!

C:\Documents and Settings\All Users\Application Data\Time log dog idol ←–– Delete this whole folder if it exist!

C:\WINDOWS\System32\hgfedcba.exe

C:\WINDOWS\System32\lGXTDJS.exe

C:\WINDOWS\System32\TrSy.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.