LOP Toolbar

I thought uninstalling MSN Messenger Plus 3, took care of LOP but I guess not.

If you have run all the items in the READ ME FIRST thread, you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT Version 1.98.2

 

Please remember that you MUST shutdown ALL browsers BEFORE running HijackThis. You still had IE running.
C:\Program Files\Internet Explorer\iexplore.exe

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nwfwzdadoxliejdkhueszxk.us/ivG8O8nL3r_jS6IA5_XWPajsCWPAn/VSYfYnJ1TLDe5ZNue9GmfZaWBoKkmrS0Zh.html

Unless you know what this www.eircom.ie page is, fix the next line too.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.ie/cgi-bin/bvsm/bveircom/mainPage.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://lightertricks.com
O2 - BHO: (no name) - {6EDD3811-D891-1232-73D7-D9ED2D191BF9} - C:\DOCUME~1\ADMINI~1\APPLIC~1\STOREH~1\freeroad.exe
O4 - HKLM\..\Run: [platform bore type wma] C:\Documents and Settings\All Users\Application Data\InsideMp3PlatformBore\extra junk.exe
O4 - HKCU\..\Run: [Inside Site] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1\DATAARMY.exe


And unless you are absolutely sure you need the below two items, I would fix them too. This is typically recommended everywhere.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab


Boot into safe mode and use Windows Explorer to delete:
C:\DOCUME~1\ADMINI~1\APPLIC~1\STOREH~1\freeroad.exe
C:\Documents and Settings\All Users\Application Data\InsideMp3PlatformBore\extra junk.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1\DATAARMY.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay Phil,

We need to get all of those files deleted. All the files in the directories below (you will have to determine the full name to the path since they are shortened in your HJT log):
C:\DOCUME~1\ADMINI~1\APPLIC~1\STOREH~1
C:\Documents and Settings\All Users\Application Data\InsideMp3PlatformBore
C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCFOU~1

If you have a problem deleting the directories/files, you will need to hit CTRL-ALT-DEL to bring up Task Manager and select Processes. Then look for any of these processes to be running and end them. Then try deleting the files and directories.

Also, post a new HJT log attachment.

 

Phil,

You're welcome.
Your log is clean! So I assume you have no more problems now?

 

You're welcome Phil. But before leaving make sure you have taken a look at: How to Protect yourself from malware! to help avoid future problems.

 

I assume you are talking about these:
The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Java VM
The registry subkey HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ InternetExplorer \ AdvancedOptions \ JAVA_VM

Use regedit to locate and delete them.

 

Okay! Happy and safe surfing!