Hijackthis log file

Discussion in 'adware, spyware & hijack cleaning' started by david_gayle@hotmail.com, Feb 26, 2004.

Thread Status:
Not open for further replies.
  1. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    A search toolbar has installed itself on my internet explorer that redirects
    all my searches to http://srch.lop.com/. It automatically replaces my google
    search bar and re-opens itself when i close it. I have tried to get rid of
    it using adaware and spybot and uninstalling then reinstalling internet
    explorer but it is still there.

    I have been advised to use hijackthis and post the log results here. can anyone help?
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi david,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {31A35DF2-9E98-C389-5359-D5A59BF7E01A} - C:\PROGRA~1\STOP4D~1\aceobj.dll

    O3 - Toolbar: (no name) - {6D576CB8-04D7-D8EC-5E60-4BA37DBB5090} - C:\PROGRA~1\STOP4D~1\aceobj.dll

    O4 - HKLM\..\Run: [Mfcd Hide] C:\PROGRA~1\Blah Platform\piletray.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/252384cee2ca65b21601/netzip/RdxIE601.cab

    Then reboot and find the folder :
    C:\PROGRAM FILES\Blah Platform if there is a file in there that has a moneybag for an icon, delete the entire folder
    If that is the case, find the folder with aceobj.dll in it and delete that folder as well.

    Regards,

    Pieter
     
  3. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Thank you very much Pieter. It did the trick!

    David
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Glad we could help. :cool:

    Was it lop? (money-bag)

    Regards,

    Pieter
     
  5. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Yes it was. Everything was exactly as you described except there was no aceobj.dll file in C:\Program Files\Blah Platform. I deleted the entire folder anyway. I have now turned on XP firewall and added lop.com and srch/lop.com to my restricted list. Hopefully I won't get it back again.

    Thanks again.

    David
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi david,

    I"m sorry. I think I was not clear enough. aceobj.dll is in another folder
    From your log: C:\PROGRA~1\STOP4D~1\aceobj.dll
    PROGRA~1 should stand for Program Files
    but I have no idea what the complete name for STOP4D~1 is.
    If you do a Find Files for aceobj.dll you will find that out and then you can delete that folder (STOP4Dsomething) as well.

    Regards,

    Pieter
     
  7. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Sorry you were clear Pieter, it was me that has confused you. I meant that I found C:\PROGRAM FILES\STOP4DE but there was no aceobj.dll file in there and deleted it anyway.

    David
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    OK. Well done. :)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.