Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 BJB007

BJB007

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 20 April 2009 - 10:36 AM

I tried to follow the Prep Guide, sorry if I screwed up. Google links are redirecting in Firefox and IE. I would appreciate any help at your convenience. You guys seem pretty busy. Thanks. Here is the DDS.txt :


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ben at 10:28:47.23 on Mon 04/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1380 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\D-Link\ACU.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.xjt.com/CookieAuth.dll?GetLogon...0&formdir=3
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RcMan.exe
uRun: [RemoteControl]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CTHelper] CTHELPER.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ACU] "c:\program files\d-link\ACU.exe" -nogui
mRun: [RemoteCenter]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186604965687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186604939343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15016/CTPID.cab
TCP: {34064AB1-C25F-43FE-8B82-4AA1F5D7967F} = 24.93.41.126,24.93.41.125
TCP: {8AAC05FD-A671-4E54-922C-E20071AD1D7F} = 24.93.41.126,24.93.41.125
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ben\applic~1\mozilla\firefox\profiles\ahxbut7k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=nw
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search/?fr=ffds1&p=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-12-22 3712]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090420.002\NAVENG.SYS [2009-4-20 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090420.002\NAVEX15.SYS [2009-4-20 876144]
S2 gupdate1c9ae7a33b89df0;Google Update Service (gupdate1c9ae7a33b89df0);c:\program files\google\update\GoogleUpdate.exe [2009-3-26 133104]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-1-25 547744]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-9 33752]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-2-9 49399]
S3 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-11-1 237635]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-4-12 38016]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-3-7 1245064]
S3 WmAdiHid;Logitech WingMan Digital Devices Driver;c:\windows\system32\drivers\WmAdiHid.sys [2003-3-25 20704]

=============== Created Last 30 ================

2009-04-20 10:01 130,337 a------- c:\temp\getservices.zip
2009-04-20 09:29 215,465 a------- c:\windows\system32\nvapps.nvb
2009-04-19 23:41 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-19 23:40 <DIR> --d----- c:\windows\ERUNT
2009-04-19 21:24 <DIR> --d----- c:\documents and settings\ben\DoctorWeb
2009-04-19 21:14 <DIR> --d----- C:\SDFix
2009-04-18 21:22 <DIR> --d----- c:\program files\Lavasoft
2009-04-18 21:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-18 01:11 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 01:09 <DIR> --d----- c:\temp\AdAware 2008 + Crack
2009-04-18 01:01 <DIR> --d----- c:\program files\CCleaner
2009-04-18 00:30 <DIR> --dsh--- c:\documents and settings\ben\IECompatCache
2009-04-15 15:27 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 15:27 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 15:27 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 15:27 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 15:27 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 15:27 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 15:27 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 15:27 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 15:27 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 15:26 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 15:26 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 15:26 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 18:13 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-14 13:56 <DIR> --dsh--- c:\documents and settings\ben\PrivacIE
2009-04-14 13:48 <DIR> --dsh--- c:\documents and settings\ben\IETldCache
2009-04-14 13:44 <DIR> --d----- c:\windows\ie8updates
2009-04-14 13:43 <DIR> -cd-h--- c:\windows\ie8
2009-04-14 13:43 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-14 09:54 98,816 a------- c:\windows\system32\svcnost.exe
2009-04-07 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-27 10:03 1,560,576 a------- c:\windows\system32\nvcuda.dll
2009-03-27 10:03 1,253,376 a------- c:\windows\system32\NvPVEnc.ax
2009-03-27 10:03 401,408 a------- c:\windows\system32\nvcuvid.dll

==================== Find3M ====================

2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 14:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-24 14:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 14:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 14:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 14:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 14:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 14:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2007-12-27 18:20 22,328 -------- c:\docume~1\ben\applic~1\PnkBstrK.sys
2006-03-02 22:32 32,560 -------- c:\docume~1\ben\applic~1\GDIPFONTCACHEV1.DAT
2008-05-12 14:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 10:28:57.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:05 AM

Posted 04 May 2009 - 04:10 PM

Hello BJB007,


Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following (if they exist) by double-clicking on the following entries:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

************

Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by SifuMike, 04 May 2009 - 05:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:05 AM

Posted 22 May 2009 - 05:32 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users