Hijackthis log file

Discussion in 'adware, spyware & hijack cleaning' started by david_gayle@hotmail.com, Feb 26, 2004.

Thread Status:
Not open for further replies.
  1. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    A search toolbar has installed itself on my internet explorer that redirects
    all my searches to http://srch.lop.com/. It automatically replaces my google
    search bar and re-opens itself when i close it. I have tried to get rid of
    it using adaware and spybot and uninstalling then reinstalling internet
    explorer but it is still there.

    I have been advised to use hijackthis and post the log results here. can anyone help?
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi david,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {31A35DF2-9E98-C389-5359-D5A59BF7E01A} - C:\PROGRA~1\STOP4D~1\aceobj.dll

    O3 - Toolbar: (no name) - {6D576CB8-04D7-D8EC-5E60-4BA37DBB5090} - C:\PROGRA~1\STOP4D~1\aceobj.dll

    O4 - HKLM\..\Run: [Mfcd Hide] C:\PROGRA~1\Blah Platform\piletray.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/252384cee2ca65b21601/netzip/RdxIE601.cab

    Then reboot and find the folder :
    C:\PROGRAM FILES\Blah Platform if there is a file in there that has a moneybag for an icon, delete the entire folder
    If that is the case, find the folder with aceobj.dll in it and delete that folder as well.

    Regards,

    Pieter
     
  3. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Thank you very much Pieter. It did the trick!

    David
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Glad we could help. :cool:

    Was it lop? (money-bag)

    Regards,

    Pieter
     
  5. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Yes it was. Everything was exactly as you described except there was no aceobj.dll file in C:\Program Files\Blah Platform. I deleted the entire folder anyway. I have now turned on XP firewall and added lop.com and srch/lop.com to my restricted list. Hopefully I won't get it back again.

    Thanks again.

    David
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi david,

    I"m sorry. I think I was not clear enough. aceobj.dll is in another folder
    From your log: C:\PROGRA~1\STOP4D~1\aceobj.dll
    PROGRA~1 should stand for Program Files
    but I have no idea what the complete name for STOP4D~1 is.
    If you do a Find Files for aceobj.dll you will find that out and then you can delete that folder (STOP4Dsomething) as well.

    Regards,

    Pieter
     
  7. david_gayle@hotmail.com

    david_gayle@hotmail.com Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    4
    Sorry you were clear Pieter, it was me that has confused you. I meant that I found C:\PROGRAM FILES\STOP4DE but there was no aceobj.dll file in there and deleted it anyway.

    David
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    OK. Well done. :)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.