# please help, whcih hijack files do I fix?



## jerryjay (Jun 19, 2003)

Logfile of HijackThis v1.94.0
Scan saved at 12:40:23 PM, on 6/19/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.finetimesearch.com/index2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=129193
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://finance.yahoo.com/?u
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=129193
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Optimum Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchv.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\McAfee\VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [CPQ BackWeb Monitor] C:\CPQS\TOOLS\BackMon2.exe
O4 - HKLM\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart 6 1
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [adaware lptt01] "c:\program files\adaware\adaware.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
O4 - HKLM\..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor] c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37777.7246412037


----------



## Top Banana (Nov 11, 2002)

Download RapidBlasterBlaster Killer. This will terminate and remove RapidBlaster.

Scan with HijackThis, put a checkmark at and "Fix checked" the following entries.

Close all browser windows before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.finetimesearch.com/index2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=129193
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=129193
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=14
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchv.com/search.php?qq=%s
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

*Restart* your computer.

Delete

Program Files\ISTsvc

Download Spybot S&D. Update SS&D via the "Online" tab. Search for and download all updates. Close Internet Explorer, hit "Check for problems". After scan hit "Fix selected problems".


----------



## VampireHunte (Aug 4, 2003)

hi... i also had similar problems with adwares and stuff... and also the toolbars on explorer... im runnin windows xp professional and i ued hijackthis and this is my log file... let me know what should i fix...

Logfile of HijackThis v1.96.0
Scan saved at 11:40:25 a.m., on 04/08/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Paltalk\pnetaware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\Aldo\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {04047354-D353-11D2-B3EB-0060B03C5581} - C:\WINDOWS\Downloaded Program Files\hpBrSn22.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {b86006e7-2165-49fc-ad7a-53df33fa385c} - C:\DOCUME~1\Aldo\APPLIC~1\ckoasxbiely.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PICOZIP\PicoZipTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: {04047354-D353-11D2-B3EB-0060B03C5581} (HPOVASMD.BrowserSensor) - http://wtoserver.banorte.com/HPOV_webResponse/browserSensor/hpBrSnBn.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{868EC000-3577-44F5-A6E5-6AAF2D1B47E1}: NameServer = 200.33.148.201 200.33.148.193


----------



## buckaroo (Mar 25, 2001)

Hi VH, Welcome to TSG.

I don't see much here. Someone else may have additional recommendations. You can have HJT remove the following. Close your browser and reboot afterwards.

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

After rebooting, delete the ISTsve folder here: C:\Program Files\ISTsvc\

The following item looks suspicious and proably should go, but let's see if anyone else has any comments on it:

O2 - BHO: (no name) - {b86006e7-2165-49fc-ad7a-53df33fa385c} - C:\DOCUME~1\Aldo\APPLIC~1\ckoasxbiely.dll

Always good to run a scan with Spybot:

http://security.kolla.de/index.php?lang=en&page=download

After you download and install, have Spybot go online to check for updates. Then scan. It's okay to delete anything in RED.


----------



## e-liam (Jun 19, 2003)

Evening Buckaroo,



> The following item looks suspicious and proably should go, but let's see if anyone else has any comments on it:
> 
> O2 - BHO: (no name) - {b86006e7-2165-49fc-ad7a-53df33fa385c} - C:\DOCUME~1\Aldo\APPLIC~1\ckoasxbiely.dll


I like a challenge, but this one got me.. :down: I've used every search engine I could find, I went to a couple of big .dll sites, and found a new one... which I'll list in tips'n'tricks later. I used every imaginable way of finding out anything whatsoever about this and.... zip.

So I think it's definitely one for Tony to check out.

It's got to be very new, as it doesn't even get pulled from forum discussions. It shouts suspicious to me.

Plus I'm peeved that, after spending all these years doing internet research, I've finally come unstuck.. and that makes me sooo mad (or insane, one of the two) 

Cheers

Liam

Would you like to draw his attention to this thread? or shall I?

Cheers

Liam


----------



## buckaroo (Mar 25, 2001)

> I like a challenge, but this one got me.. I've used every search engine I could find, I went to a couple of big .dll sites, and found a new one... which I'll list in tips'n'tricks later. I used every imaginable way of finding out anything whatsoever about this and.... zip.


Hi Liam, how are you?

I had to  , I was wondering if you'd come across this thread and look this up.

You can let TK know. For future reference, do you just send him a PM?

Thanks for your help here.


----------



## e-liam (Jun 19, 2003)

Evening Buckaroo,



> Thanks for your help here.


Not a problem.. 

I (think)(??) I PM'd him once, but as it was your thread I didn't want to "Hijack" it, so felt it was correct in asking you how to take it from here.. 

I did check his user panel earlier, and he hasn't been on the boards for a few days, but I'll message him anyway. I should really contact the 'mailto:' at his site (spywareinfo)[sic] as well, in case someone is monitoring his mail in his (poss, holiday absence).

I must say, that I can't remember *not* finding a reference to a string _somewhere_, but I s'pose there's a first time for everything...

It's got to appear eventually, I'd just prefer it if it didn't wreck (either by fixing, or ignoring it) someone's PC in the mean time...

I'll PM Tony now, and see what he says.. I'll also have another go at identifying it... just for the sake of my pride an' all.. 

Cheers

Liam


----------



## buckaroo (Mar 25, 2001)

Go for it Liam, I don't mind your help in these matters at all. I wasn't sure whether that BHO warranted bringing it to anyone's attention, and I didn't know how Tony prefers to have these brought to his attention. 

Let us know how your search turns out.

Thanks again. :up:


----------



## e-liam (Jun 19, 2003)

Well now,

Over 1/2 an hour later, I still can't get anything whatsoever concerning this BHO. I've messaged Tony, both from 'Spyware's mailto: and also with a PM.

Hopefully, he will respond in due course.

In the UK, it's now past midnight, and I must get some sleep. I'll check for mail before I go to work, and see what's happening.

To be honest, I'm knackered (the US spell checker didn't know that one, so if it helps, it means I'm very tired)..  so I'll catch you tomorrow,

Cheers

Liam

EDIT

To Vampire hunter,

As an after thought, could you click *Start | Find* type in *ckoasxbiely.dll* and post a screenshot, so we can see what (if any) application this BHO may pertain to.

Cheers (again) 

Liam


----------



## buckaroo (Mar 25, 2001)

Okay Liam......working stiffs shouldn't be up that late! Get some rest.


----------



## VampireHunte (Aug 4, 2003)

well well.... i searched the file with the start menu | search | files or folders but it couldn't find the file... so i checked the log and copied the folder name.. without the dll name and i went to the folder and this is the screen shot i took... dont think it'll work... but i noticed that... the date of the file is a long time ago and i messed up with adwares just about 2 days ago... so... i have no idea what that is...


----------



## Top Banana (Nov 11, 2002)

Scan with HijackThis, put a checkmark at and "Fix checked" the following entries. Close all windows except HijackThis before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
O2 - BHO: (no name) - {b86006e7-2165-49fc-ad7a-53df33fa385c} - C:\DOCUME~1\Aldo\APPLIC~1\ckoasxbiely.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

Restart your computer and delete

C:\Program Files\ISTsvc

ckoasxbiely.dll is a Live Online Portal file.....lop.com.


----------



## e-liam (Jun 19, 2003)

Evening Top Banana,



> ckoasxbiely.dll is a Live Online Portal file.....lop.com.


Cheers for the info. Any idea why I couldn't find anything about it? There was nothing on the net about it, that I could find.  :down: 

Cheers

Liam


----------



## Top Banana (Nov 11, 2002)

Hi Liam,

Both the LOP .dll file and .exe file have random filenames so nothing on any search engine will be found. They install into the Application Data folder.


----------



## e-liam (Jun 19, 2003)

Cheers Top Banana,

Everyday's a school day.. considering just about all my knowledge of spy/malware has been learnt in the last month or so, I obviously still have a long way to go. 

But I'll get there.. eventually.  :up: 

Cheers

Liam


----------



## buckaroo (Mar 25, 2001)

Thanks TB, we thought it looked fishy.

VH, you should be good to go!


----------



## VampireHunte (Aug 4, 2003)

hi... i had some other trouble with the istsvc... it wasn't possible to delete that file.. i hadn't "acces" to do that... and tried a lot o' things and finally... checked the processes (ctrl+alt+del) and ended the istscv.exe process and then i was able to delete that file... without doin' the hijackthis steps... is that ok or i should have used the hijackthis steps u gave me?


----------



## buckaroo (Mar 25, 2001)

Deleting the file wouldn't remove registry references, which I believe HJT would. Don't know if you have a registry cleaner app, but a reg cleaner would likely catch any leftover registry entries.


----------

