Online Casino/Find a Date/Cellphone Ringtones - LOP?

Status
Not open for further replies.
Hi,

I regularly get these icons on my desktop which I proceed to delete, and my laptop is also running slowly despite having more RAM than usual. I did a google search and it said the problem was LOP and came from messenger plus but I uninstalled this, and I even reinstalled the new version and uninstalled the sponsor then uninstalled the new messenger plus but my computer is still slow and I can't use IE without a hundred thousand pop ups - so I use Firefox, but would like to clean up IE (not just get a pop up blocker).

Here is my hijackthis log file, can anyone spot anything as I do not have the knowledge to know what is good and evil, but I do know I have tried about 8 spyware programs with no joy, they only end up destroying programs like my limewire because they think they are evil (perhaps they are :stickout: )

Thanks in advance.
 

Attachments

  • hijackthis.txt
    6.9 KB · Views: 5
sounds like the aurora virus or a variant.
what soes spybot and adaware say?

is your anti-vrius set on the highest heuristics?
 
They don't seem to have any effect, unless they remove it and it comes back but I doubt it. I have those you mentioned and xoftspy, noadware, hijackthis, registry mechanic and avast antivirus.

Not sure if avast is set to high, not sure how to do it either but I'll open avast and see if I can find the setting.
 
C:\Documents and Settings\PJ\Desktop\HijackThis.exe
put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.


Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
Bird More.exe
Locks Keep.exe
if you can find it: ènŒ

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\DOCUME~1\PJ\APPLIC~1\SPAMSK~1\Bird More.exe
C:\Documents and Settings\All Users\Application Data\manager4nurbvc\Locks Keep.exe
if you can find it: [ChkMail] ènŒ

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O2 - BHO: (no name) - {09CF0D86-D59D-6D79-3EBD-031C309FAF23} - C:\DOCUME~1\PJ\APPLIC~1\SPAMSK~1\Bird More.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [nurbvceachplay] C:\Documents and Settings\All Users\Application Data\manager4nurbvc\Locks Keep.exe
O4 - HKCU\..\Run: [ChkMail] ènŒ
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.
 
Status
Not open for further replies.
Back