I am not sure if my computer has been infected with the most heinious of all spyware/adware/malware programs known as lop. I have installed MSg plus and i am uncertain of what version i installed. Anyways the following is a log file using "Registry Viewer" (www.sysinternals.com). The "Glue Once Blue" reffers to Glue Once Blue.exe which was found in C/Documents and settings/My Name/Application Data/Phone Meet With HijackThis I started the registry viewer up and opened the exe (Hoping that it didnt kill the crap out of my computter)

    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Glue once blue.exe    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat    SUCCESS    0x0   
    Glue once blue.:3816    CloseKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat    SUCCESS    0x0   
    Glue once blue.:3816    CloseKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Session Manager    SUCCESS    Access: 0x1     
Glue once blue.:3816    QueryValue    HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKLM\System\CurrentControlSet\Control\Session Manager    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat    SUCCESS    0x0   
    Glue once blue.:3816    QueryValue    HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled    SUCCESS    0x0   
Glue once blue.:3816    CloseKey    HKLM\System\CurrentControlSet\Control\Terminal Server    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon    SUCCESS    Access: 0x20019     
Glue once blue.:3816    QueryValue    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM    SUCCESS    Access: 0x2000000     
Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\SafeBoot\Option    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers    SUCCESS    Access: 0x1     
Glue once blue.:3816    QueryValue    HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled    SUCCESS    0x1   
    Glue once blue.:3816    CloseKey    HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers    SUCCESS       
    Glue once blue.:3816    OpenKey    HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Error Message Instrument\    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\Glue once blue    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\Glue once blue    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows    SUCCESS    Access: 0x20019     
    Glue once blue.:3816    QueryValue    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKLM\SYSTEM\Setup    SUCCESS    Access: 0x1     
    Glue once blue.:3816    QueryValue    HKLM\SYSTEM\Setup\SystemSetupInProgress    SUCCESS    0x0   
    Glue once blue.:3816    CloseKey    HKLM\SYSTEM\Setup    SUCCESS       
    Glue once blue.:3816    OpenKey    HKCU    SUCCESS    Access: 0x2000000     
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Nls\MUILanguages    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKCU\Control Panel\Desktop    SUCCESS    Access: 0x80000000     
    Glue once blue.:3816    QueryValue    HKCU\Control Panel\Desktop\MultiUILanguageId    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKCU\Control Panel\Desktop    SUCCESS       
    Glue once blue.:3816    CloseKey    HKCU    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Nls\MUILanguages    NOT         
    Glue once blue.:3816    OpenKey    HKCU    SUCCESS    Access: 0x2000000     
    Glue once blue.:3816    OpenKey    HKLM\System\CurrentControlSet\Control\Nls\MUILanguages    NOT FOUND       
    Glue once blue.:3816    OpenKey    HKCU\Control Panel\Desktop    SUCCESS    Access: 0x80000000     
    Glue once blue.:3816    QueryValue    HKCU\Control Panel\Desktop\MultiUILanguageId    NOT FOUND       
    Glue once blue.:3816    CloseKey    HKCU\Control Panel\Desktop    SUCCESS       
    Glue once blue.:3816    CloseKey    HKCU    SUCCESS       
    Glue once blue.:3816    OpenKey    HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots    NOT FOUND   

It did not stop there however this is actually a short version of the first actions it did inside the registry.

Now for the question.

Am I infected with a form of Lop as a result of Msg Plus, Or is this another virus unrelated to Msg Plus. If I am infected with Lop I have already read the sticky and plan to use that for removal but I have another question. In removing Msg Plus Outright from my computer will i lose my Display Pics or Is there a way to save them (I am sure there must be a collection of them in a folder somewhere which is where MSN gets them from)

Thank You in advance to anyone who responds.   

You will not lose your Display Pictures. Just follow what you read to remove the Optional Sponsor

see This Thread for info on the sponser, and how to remove it safely

quote:

---

Originally posted by MeEtc
see This Thread for info on the sponser, and how to remove it safely

---

quote:

---

Originally posted by Midou
I have already read the sticky and plan to use that for removal

---

Thank you to all who responded...again as for Patchou aka ( C.P. gasp I found out your real name >) I think he owes those of us that he tricked per se.. a public apology, if not I might just have to go to Sainte-Dorothee and ask him personally for an apology.

P.S. this wasnt all bad, the good thing that came about through this 2 year battle with what I now know as lop (but had no idea before) is that I have become more computer litterate, especially when dealing with Spyware/Adware/Malware.

Ok firstly his name is no secret. Cyril is his actual name Patchou is his alias and his companies name.

Cyril owes no one an appology. As you see the sponsor is clearly outlined in the installer.

3.0


3.25


3.60



I am getting really annoyed with people who blame all their problems on Plus!. As you see from the 3 different screenshots of 3 different Plus! versions the sponsor is outlined and even more so in the latest version. Now if you installed the sponsor by accident come on now its your own fault right? You don't agree to two license agreements without wondering. But then again some do...

Simply reinstall Messenger Plus! with the sponsor so it will reconfigure it properly, then choose to uninstall it using the Add/Remove programs and select Sponsor Only. If the changes aren't reversed and still suffering from Lop.com try the Lop.com uninstaller that launches the removal of any installed Lop.com products. Located here.

As you see from the 3 different screenshots of 3 different Plus! versions the sponsor is outlined and even more so in the latest version. Now if you installed the sponsor by accident come on now its your own fault right? You don't agree to two license agreements without wondering. But then again some do...

If the changes aren't reversed and still suffering from Lop.com try the Lop.com uninstaller that launches the removal of any installed Lop.com products. Located here.

If you select "No" during installing you will NOT get ANY spyware or adware on your pc. At least not through Msg Plus!, maybe you got it somewhere else, but don't start blaming Plus! for everything that goes wrong on your computer.

Midou:

You're a persistent one, aren't you? Do you think Messenger Plus! would have a "cult" if it was a piece of shit? I think not. We're here because we know that it's a fine piece of work.

Don't like the sponsor? Neither do I. But you might want to try that "reading" thing that people do. You know, the thing that stops you from looking like a tool? Yeah, that's the one. Do that and choose the option to not install the sponsor. Like Rodney said...

quote:

---

If you select "No" during installing you will NOT get ANY spyware or adware on your pc.

---

You're being ridiculous. Uninstall programs are there to be used. I don't know for other programs you've used before but the unisntall programs distributed by myself and my C2Media (lop) do not install anything when run, they just delete stuff.

As for C2Media being known as bad guys, this is mainly because of rumours that continue to circulate nowadays on forums where people like yourself say this kind of thing without any reason, refering other people of the same kind to support their arguments. If you want to know what really is malware and spyware I suggest you install a Windows XP without service pack, plug it on the net and wait about 10 minutes (just make sure you unplug your phone cord from your modem if you don't want extra charges on your phone biull in addition to a ruined test system).

C2Media is an avertisement company which distributes adware, nothing else and Messenger Plus! gives you a clear choice during installation wether or not you want to install those ads. And one last thing: no-one in the community is paid to help others or beta tests the products and as for your estimated pay check: lol.