Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Browser is being redirected [Solved]

Started by coolwater777 , Mar 27 2009 08:42 PM

  • This topic is locked This topic is locked

#16
heir
Posted 05 April 2009 - 02:55 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Wasn't much in there.
A file needs to be scanned though.

Step 1.
Filescan:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\lcfep5.drv
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 2.
OTScanIt2:

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - ActiveX StubPath, Reg - App Paths, Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - ICQ Agent, Reg - NetSvcs, Reg - Print Monitors, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors ).
  • Under Rootkit Search change it to Yes
  • Under the Custom Scans box at the bottom left paste the following in

    %systemroot%\*.lte
    %systemroot%\*.smf
    %systemroot%\*.tsp
    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\*.aef
    %systemroot%\system32\drivers\*.aef
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\Temp\*.$$$
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %System%\AcroIeHelpe.dll
    %SYSTEMDRIVE%\*.epk
    %systemroot%\*.epk
    %systemroot%\system32\*.epk
    %systemroot%\system32\bb*.dat
    %systemroot%\system32\cookie*.dat
    %systemroot%\system32\kaxs.dat
    %systemroot%\system32\ps*.dat
    %systemroot%\system32\*32.sys
    %systemroot%\*.dr
    %SYSTEMDRIVE%\*.dr
    %systemroot%\system32\*.dr
    %systemroot%\system32\nods32.dll
    %systemroot%\*.res
    %SYSTEMDRIVE%\*.res
    %systemroot%\system32\*.res
    %systemroot%\system32\sockins32.dll
    %systemroot%\system32\Spool\*.*
    %systemroot%\system32\Spool\*.exe
    %systemroot%\system32\Spool\*.rar /s
    %systemroot%\system32\Spool\*.zip /s
    %systemroot%\system32\Spool\*.dat /s
    %ProgramFiles%\MSN Messenger\*.zip
    %ProgramFiles%\MSN Messenger\*.exe
    %ProgramFiles%\MSN Messenger\*.rar.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.dll
    %systemroot%\*.zip
    %systemroot%\*.rar
    %systemroot%\system32\*.zip
    %systemroot%\system32\*.rar
    %PROGRAMFILES%\*.*
    %DESKTOP%\*.zip
    %DESKTOP%\*.rar
    %DESKTOP%\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.
    %systemroot%\ime\imjp8_1\*bak*.
    %PROGRAMFILES%\QuickTime\*bak*.
    %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*.
    %PROGRAMFILES%\Analog Devices\Core\*bak*.
    %SYSTEMDRIVE%\hp\KBD\*bak*.
    %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*.
    %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*.
    %PROGRAMFILES%\BroadJump\Client Foundation\*bak*.
    %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*.
    %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*.
    %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*.
    %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*.
    %PROGRAMFILES%\Yahoo!\Messenger\*bak*.
    %USERNAME%\*.zip
    %USERNAME%\*.rar
    %USERNAME%\*.exe
    %USERPROFILE%\*.zip
    %USERPROFILE%\*.rar
    %USERPROFILE%\*.exe
    %ALLUSERSPROFILE%\*.zip
    %ALLUSERSPROFILE%\*.rar
    %ALLUSERSPROFILE%\*.exe
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.
    %PROGRAMFILES%\Internet Explorer\*.*
    %PROGRAMFILES%\Internet Explorer\PLUGINS\*.*
    %PROGRAMFILES%\Internet Explorer\*.zip /s
    %PROGRAMFILES%\Internet Explorer\*.rar /s
    %PROGRAMFILES%\Internet Explorer\*.exe /s
    %SYSTEMDRIVE%\*.dat
    %SYSTEMDRIVE%\*.sys
    %SYSTEMROOT%\*.dat
    %SYSTEMROOT%\*.sys
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system\*.exe /s
    %systemroot%\system\*.zip /s
    %systemroot%\system\*.rar /s
    %systemroot%\AppPatch\*.exe /s
    %systemroot%\AppPatch\*.zip /s
    %systemroot%\AppPatch\*.rar /s
    %systemroot%\Cache\*.*
    %systemroot%\Downloaded Program Files\*.*
    %systemroot%\Fonts\*.exe /s
    %systemroot%\Fonts\*.zip /s
    %systemroot%\Fonts\*.rar /s
    %systemroot%\Fonts\*.dll /s
    %systemroot%\Help\*.exe /s
    %systemroot%\Help\*.zip /s
    %systemroot%\Help\*.rar /s
    %systemroot%\Tasks\*.*
    %APPDATA%\*.sys
    %APPDATA%\Google\*.*
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %systemroot%\system32\aeaudio.sys
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\serauth1.dll /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\serauth2.dll /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\sysaudio.sys /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\aeaudio.sys /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32|system32\wdmaud.sys /rs
    %PROGRAMFILES%\*TinyProxy*.
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs
    %systemroot%\system32\inf\*.exe /s
    %systemroot%\system32\inf\*.zip /s
    %systemroot%\system32\inf\*.rar /s
    %systemroot%\system32\inf\*.dll /s
    %APPDATA%\Opera\Opera\profile\widgets\*.*
    %PROGRAMFILES%\Opera\program\plugins\*.* /s
    %APPDATA%\Opera\Opera\profile\toolbar\*.* /s
    %systemroot%\Web\*.exe /s
    %systemroot%\Web\*.dat /s
    %systemroot%\Web\*.dll /s
    %systemroot%\Web\*.sys /s
    %systemroot%\Web\*.zip /s
    %systemroot%\Web\*.rar /s
    %systemroot%\Wbem\*.exe /s
    %systemroot%\Wbem\*.rar /s
    %systemroot%\Wbem\*.zip /s
    %systemroot%\Wbem\*.dll /s
    %systemroot%\Wbem\*.sys /s
    %systemroot%\Wbem\*.dat /s
    %systemroot%\twain_32\*.exe
    %systemroot%\twain_32\*.dat
    %systemroot%\twain_32\*.dll
    %systemroot%\twain_32\*.sys /s
    %systemroot%\twain_32\*.zip /s
    %systemroot%\twain_32\*.rar /s
    %systemroot%\system\*.sys /s
    %systemroot%\system\*.dat /s
    %systemroot%\WinSxS\*.exe /s
    %systemroot%\WinSxS\*.dat /s
    %systemroot%\WinSxS\*.sys /s
    %systemroot%\WinSxS\*.zip /s
    %systemroot%\WinSxS\*.rar /s
    %systemroot%\Sun\*.dll /s
    %systemroot%\Sun\*.rar /s
    %systemroot%\Sun\*.zip /s
    %systemroot%\Sun\*.exe /s
    %systemroot%\Sun\*.sys /s
    %systemroot%\Sun\*.dat /s
    %systemroot%\srchasst\*.rar /s
    %systemroot%\srchasst\*.zip /s
    %systemroot%\srchasst\*.exe /s
    %systemroot%\srchasst\*.dat /s
    %systemroot%\srchasst\*.sys /s
    %systemroot%\Shellnew\*.rar /s
    %systemroot%\Shellnew\*.zip /s
    %systemroot%\Shellnew\*.dat /s
    %systemroot%\Shellnew\*.exe /s
    %systemroot%\Shellnew\*.sys /s
    %systemroot%\Shellnew\*.dll /s
    %systemroot%\Security\*.rar /s
    %systemroot%\Security\*.zip /s
    %systemroot%\Security\*.dat /s
    %systemroot%\Security\*.exe /s
    %systemroot%\Security\*.sys /s
    %systemroot%\Security\*.dll /s
    %systemroot%\Resources\*.rar /s
    %systemroot%\Resources\*.zip /s
    %systemroot%\Resources\*.dat /s
    %systemroot%\Resources\*.exe /s
    %systemroot%\Resources\*.sys /s
    %systemroot%\Repair\*.sys /s
    %systemroot%\Repair\*.exe /s
    %systemroot%\Repair\*.dll /s
    %systemroot%\Repair\*.zip /s
    %systemroot%\Repair\*.rar /s
    %systemroot%\Registration\*.exe /s
    %systemroot%\Registration\*.dat /s
    %systemroot%\Registration\*.zip /s
    %systemroot%\Registration\*.rar /s
    %systemroot%\Registration\*.dll /s
    %systemroot%\Registration\*.sys /s
    %systemroot%\RegisteredPackages\*.rar /s
    %systemroot%\RegisteredPackages\*.zip /s
    %systemroot%\pss\*.rar /s
    %systemroot%\pss\*.zip /s
    %systemroot%\pss\*.exe /s
    %systemroot%\pss\*.dll /s
    %systemroot%\pss\*.dat /s
    %systemroot%\pss\*.sys /s
    %systemroot%\Provisioning\*.rar /s
    %systemroot%\Provisioning\*.zip /s
    %systemroot%\Provisioning\*.exe /s
    %systemroot%\Provisioning\*.sys /s
    %systemroot%\Provisioning\*.dat /s
    %systemroot%\Provisioning\*.dll /s
    %systemroot%\PIF\*.*
    %systemroot%\PeerNet\*.rar /s
    %systemroot%\PeerNet\*.zip /s
    %systemroot%\PeerNet\*.dat /s
    %systemroot%\PeerNet\*.sys /s
    %systemroot%\PeerNet\*.exe /s
    %systemroot%\PcTel\*.rar /s
    %systemroot%\PcTel\*.zip /s
    %systemroot%\Offline Web Pages\*.exe /s
    %systemroot%\Offline Web Pages\*.zip /s
    %systemroot%\Offline Web Pages\*.rar /s
    %systemroot%\Offline Web Pages\*.sys /s
    %systemroot%\Offline Web Pages\*.dat /s
    %systemroot%\network diagnostic\*.sys /s
    %systemroot%\network diagnostic\*.rar /s
    %systemroot%\network diagnostic\*.zip /s
    %systemroot%\network diagnostic\*.dat /s
    %systemroot%\mui\*.*
    %systemroot%\msapps\*.*
    %systemroot%\msagent\*.zip /s
    %systemroot%\msagent\*.rar /s
    %systemroot%\msagent\*.sys /s
    %systemroot%\msagent\*.dat /s
    %systemroot%\minidump\*.*
    %systemroot%\media\*.sys /s
    %systemroot%\media\*.dat /s
    %systemroot%\media\*.rar /s
    %systemroot%\media\*.zip /s
    %systemroot%\media\*.exe /s
    %systemroot%\media\*.dll /s
    %systemroot%\Help\*.sys /s
    %systemroot%\Help\*.dat /s
    %systemroot%\ie7\*.sys /s
    %systemroot%\ie7\*.zip /s
    %systemroot%\ie7\*.rar /s
    %systemroot%\ie7\*.dat /s
    %systemroot%\ie7updates\*.sys /s
    %systemroot%\ie7updates\*.zip /s
    %systemroot%\ie7updates\*.rar /s
    %systemroot%\ime\*.sys /s
    %systemroot%\ime\*.zip /s
    %systemroot%\ime\*.rar /s
    %systemroot%\inf\*.sys /s
    %systemroot%\inf\*.dat /s
    %systemroot%\installer\*.sys /s
    %systemroot%\installer\*.zip /s
    %systemroot%\installer\*.rar /s
    %systemroot%\installer\*.dat /s
    %systemroot%\internet logs\*.sys /s
    %systemroot%\Cursors\*.rar /s
    %systemroot%\Cursors\*.sys /s
    %systemroot%\Cursors\*.exe /s
    %systemroot%\Cursors\*.dat /s
    %systemroot%\Cursors\*.zip /s
    %systemroot%\Cursors\*.vbs /s
    %systemroot%\Cursors\*.dll /s
    %systemroot%\Config\*.*
    %systemroot%\Config\*.rar /s
    %systemroot%\Config\*.sys /s
    %systemroot%\Config\*.exe /s
    %systemroot%\Config\*.dat /s
    %systemroot%\internet logs\*.dat /s
    %systemroot%\Assembly\*sys /s
    %systemroot%\Assembly\*.rar /s
    %systemroot%\internet logs\*.rar /s
    %systemroot%\AppPatch\*.sys
    %systemroot%\AppPatch\*.dat
    %systemroot%\internet logs\*.zip /s
    %systemroot%\internet logs\*.exe /s
    %systemroot%\internet logs\*.dll /s
    %systemroot%\l2schemas\*.sys /s
    %systemroot%\l2schemas\*.dat /s
    %systemroot%\l2schemas\*.rar /s
    %systemroot%\l2schemas\*.zip /s
    %systemroot%\l2schemas\*.exe /s
    %systemroot%\l2schemas\*.dll /s
    %systemroot%\Fonts\*.dat /s
    %systemroot%\Fonts\*.sys /s
    %systemroot%\Debug\*.rar /s
    %systemroot%\Debug\*.sys /s
    %systemroot%\Debug\*.exe /s
    %systemroot%\Debug\*.dat /s
    %systemroot%\Debug\*.zip /s
    %systemroot%\Debug\*.dll /s
    %systemroot%\ehome\*.dll /s
    %systemroot%\ehome\*.sys /s
    %systemroot%\ehome\*.rar /s
    %systemroot%\ehome\*.dat /s
    %systemroot%\ehome\*.zip /s
    %systemroot%\Connection Wizard\*.dat /s
    %systemroot%\Connection Wizard\*.exe /s
    %systemroot%\Connection Wizard\*.sys /s
    %systemroot%\Connection Wizard\*.rar /s
    %systemroot%\Connection Wizard\*.zip /s
    %systemroot%\Connection Wizard\*.*
    %systemroot%\system32\1025\*.*
    %systemroot%\system32\1028\*.*
    %systemroot%\system32\1031\*.*
    %systemroot%\system32\1033\*.exe
    %systemroot%\system32\1033\*.sys
    %systemroot%\system32\1033\*.zip
    %systemroot%\system32\1033\*.rar
    %systemroot%\system32\1033\*.dat
    %systemroot%\system32\1037\*.*
    %systemroot%\system32\1041\*.*
    %systemroot%\system32\1042\*.*
    %systemroot%\system32\1054\*.*
    %systemroot%\system32\2052\*.*
    %systemroot%\system32\3076\*.*
    %systemroot%\system32\appmgmt\*.exe /s
    %systemroot%\system32\appmgmt\*.sys /s
    %systemroot%\system32\appmgmt\*.dll /s
    %systemroot%\system32\appmgmt\*.dat /s
    %systemroot%\system32\appmgmt\*.zip /s
    %systemroot%\system32\appmgmt\*.rar /s
    %systemroot%\system32\bits\*.rar /s
    %systemroot%\system32\bits\*.zip /s
    %systemroot%\system32\bits\*.exe /s
    %systemroot%\system32\bits\*.dat /s
    %systemroot%\system32\bits\*.sys /s
    %systemroot%\system32\catroot\*.rar /s
    %systemroot%\system32\catroot\*.zip /s
    %systemroot%\system32\catroot\*.dll /s
    %systemroot%\system32\catroot\*.sys /s
    %systemroot%\system32\catroot\*.exe /s
    %systemroot%\system32\catroot\*.dat /s
    %systemroot%\system32\catroot2\*.rar /s
    %systemroot%\system32\catroot2\*.zip /s
    %systemroot%\system32\catroot2\*.exe /s
    %systemroot%\system32\catroot2\*.dat /s
    %systemroot%\system32\catroot2\*.dll /s
    %systemroot%\system32\catroot2\*.sys /s
    %systemroot%\system32\com\*.sys /s
    %systemroot%\system32\com\*.zip /s
    %systemroot%\system32\com\*.rar /s
    %systemroot%\system32\config\*.rar /s
    %systemroot%\system32\config\*.zip /s
    %systemroot%\system32\config\*.sys /s
    %systemroot%\system32\config\*.dll /s
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\dhcp\*.*
    %systemroot%\system32\DirectX\*.rar /s
    %systemroot%\system32\DirectX\*.zip /s
    %systemroot%\system32\DirectX\*.sys /s
    %systemroot%\system32\DirectX\*.dll /s
    %systemroot%\system32\DirectX\*.exe /s
    %systemroot%\system32\DirectX\*.dat /s
    %systemroot%\system32\Dllcache\*.zip /s
    %systemroot%\system32\Dllcache\*.rar /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\system32\drivers\*.exe /s
    %systemroot%\system32\drivers\*.zip /s
    %systemroot%\system32\drivers\*.rar /s
    %systemroot%\system32\drvstore\*.dat
    %systemroot%\system32\drvstore\*.exe /s
    %systemroot%\system32\drvstore\*.zip /s
    %systemroot%\system32\drvstore\*.rar /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en\*.exe /s
    %systemroot%\system32\en\*.zip /s
    %systemroot%\system32\en\*.rar /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.sys /s
    %systemroot%\system32\en\*.dat /s
    %systemroot%\system32\en-us\*.exe /s
    %systemroot%\system32\en-us\*.zip /s
    %systemroot%\system32\en-us\*.rar /s
    %systemroot%\system32\en-us\*.dll /s
    %systemroot%\system32\export\*.*
    %systemroot%\system32\GroupPolicy\*.sys /s
    %systemroot%\system32\GroupPolicy\*.dat /s
    %systemroot%\system32\GroupPolicy\*.exe /s
    %systemroot%\system32\GroupPolicy\*.zip /s
    %systemroot%\system32\GroupPolicy\*.rar /s
    %systemroot%\system32\GroupPolicy\*.dll /s
    %systemroot%\system32\ias\*.sys /s
    %systemroot%\system32\ias\*.dat /s
    %systemroot%\system32\ias\*.exe /s
    %systemroot%\system32\ias\*.zip /s
    %systemroot%\system32\ias\*.rar /s
    %systemroot%\system32\ias\*.dll /s
    %systemroot%\system32\icsxml\*.sys /s
    %systemroot%\system32\icsxml\*.dat /s
    %systemroot%\system32\icsxml\*.exe /s
    %systemroot%\system32\icsxml\*.zip /s
    %systemroot%\system32\icsxml\*.rar /s
    %systemroot%\system32\icsxml\*.dll /s
    %systemroot%\system32\ime\*.sys /s
    %systemroot%\system32\ime\*.dat /s
    %systemroot%\system32\ime\*.zip /s
    %systemroot%\system32\ime\*.rar /s
    %systemroot%\system32\inetsrv\*.sys /s
    %systemroot%\system32\inetsrv\*.dat /s
    %systemroot%\system32\inetsrv\*.exe /s
    %systemroot%\system32\inetsrv\*.zip /s
    %systemroot%\system32\inetsrv\*.rar /s
    %systemroot%\system32\LogFiles\*.sys /s
    %systemroot%\system32\LogFiles\*.dat /s
    %systemroot%\system32\LogFiles\*.exe /s
    %systemroot%\system32\LogFiles\*.zip /s
    %systemroot%\system32\LogFiles\*.rar /s
    %systemroot%\system32\LogFiles\*.dll /s
    %systemroot%\system32\Macromed\*.sys /s
    %systemroot%\system32\Macromed\*.dat /s
    %systemroot%\system32\Macromed\*.zip /s
    %systemroot%\system32\Macromed\*.rar /s
    %systemroot%\system32\Microsoft\*.sys /s
    %systemroot%\system32\Microsoft\*.dat /s
    %systemroot%\system32\Microsoft\*.exe /s
    %systemroot%\system32\Microsoft\*.zip /s
    %systemroot%\system32\Microsoft\*.rar /s
    %systemroot%\system32\Microsoft\*.dll /s
    %systemroot%\system32\Msdtc\*.sys /s
    %systemroot%\system32\Msdtc\*.dat /s
    %systemroot%\system32\Msdtc\*.exe /s
    %systemroot%\system32\Msdtc\*.zip /s
    %systemroot%\system32\Msdtc\*.rar /s
    %systemroot%\system32\Msdtc\*.dll /s
    %systemroot%\system32\Mui\*.sys /s
    %systemroot%\system32\Mui\*.dat /s
    %systemroot%\system32\Mui\*.exe /s
    %systemroot%\system32\Mui\*.zip /s
    %systemroot%\system32\Mui\*.rar /s
    %systemroot%\system32\npp\*.sys /s
    %systemroot%\system32\npp\*.dat /s
    %systemroot%\system32\npp\*.zip /s
    %systemroot%\system32\npp\*.rar /s
    %systemroot%\system32\NtMsData\*.sys /s
    %systemroot%\system32\NtMsData\*.dat /s
    %systemroot%\system32\NtMsData\*.exe /s
    %systemroot%\system32\NtMsData\*.zip /s
    %systemroot%\system32\NtMsData\*.rar /s
    %systemroot%\system32\NtMsData\*.dll /s
    %systemroot%\system32\oobe\*.sys /s
    %systemroot%\system32\oobe\*.dat /s
    %systemroot%\system32\oobe\*.zip /s
    %systemroot%\system32\oobe\*.rar /s
    %systemroot%\system32\PreInstall\*.sys /s
    %systemroot%\system32\PreInstall\*.dat /s
    %systemroot%\system32\PreInstall\*.exe /s
    %systemroot%\system32\PreInstall\*.zip /s
    %systemroot%\system32\PreInstall\*.rar /s
    %systemroot%\system32\PreInstall\*.dll /s
    %systemroot%\system32\ras\*.sys /s
    %systemroot%\system32\ras\*.dat /s
    %systemroot%\system32\ras\*.exe /s
    %systemroot%\system32\ras\*.zip /s
    %systemroot%\system32\ras\*.rar /s
    %systemroot%\system32\ras\*.dll /s
    %systemroot%\system32\ReInstallBackups\*.dat /s
    %systemroot%\system32\ReInstallBackups\*.zip /s
    %systemroot%\system32\ReInstallBackups\*.rar /s
    %systemroot%\system32\Restore\*.sys /s
    %systemroot%\system32\Restore\*.zip /s
    %systemroot%\system32\Restore\*.rar /s
    %systemroot%\system32\Restore\*.dll /s
    %systemroot%\system32\Scripting\*.sys /s
    %systemroot%\system32\Scripting\*.dat /s
    %systemroot%\system32\Scripting\*.exe /s
    %systemroot%\system32\Scripting\*.zip /s
    %systemroot%\system32\Scripting\*.rar /s
    %systemroot%\system32\Scripting\*.dll /s
    %systemroot%\system32\Setup\*.sys /s
    %systemroot%\system32\Setup\*.dat /s
    %systemroot%\system32\Setup\*.exe /s
    %systemroot%\system32\Setup\*.zip /s
    %systemroot%\system32\Setup\*.rar /s
    %systemroot%\system32\ShellExt\*.*
    %systemroot%\system32\SoftwareDistribution\*.sys /s
    %systemroot%\system32\SoftwareDistribution\*.dat /s
    %systemroot%\system32\SoftwareDistribution\*.exe /s
    %systemroot%\system32\SoftwareDistribution\*.zip /s
    %systemroot%\system32\SoftwareDistribution\*.rar /s
    %systemroot%\system32\URTTEmp\*.sys /s
    %systemroot%\system32\URTTEmp\*.dat /s
    %systemroot%\system32\URTTEmp\*.zip /s
    %systemroot%\system32\URTTEmp\*.rar /s
    %systemroot%\system32\USMT\*.sys /s
    %systemroot%\system32\USMT\*.dat /s
    %systemroot%\system32\USMT\*.zip /s
    %systemroot%\system32\USMT\*.rar /s
    %systemroot%\system32\Wbem\*.sys /s
    %systemroot%\system32\Wbem\*.zip /s
    %systemroot%\system32\Wbem\*.rar /s
    %systemroot%\system32\Wins\*.*
    %systemroot%\system32\Xircom\*.*
    %systemroot%\system32\XPSViewer\*.sys /s
    %systemroot%\system32\XPSViewer\*.dat /s
    %systemroot%\system32\XPSViewer\*.zip /s
    %systemroot%\system32\XPSViewer\*.rar /s
    %systemroot%\system32\XPSViewer\*.dll /s
    %COMMONPROGRAMFILES%\*.sys /s
    %COMMONPROGRAMFILES%\*.zip /s
    %COMMONPROGRAMFILES%\*.rar /s
    %COMMONPROGRAMFILES%\*.*
    %ProgramFiles%\Movie Maker\*.dll
    %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
    %systemroot%\java\apps\*.*
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    %systemroot%\winstart.bat
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VxD
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\Scripts|Startup /rs
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\MPRServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
    %systemroot%\system32\basequu32.dll
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\cleanuppath
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath




  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Step 3.
Things I would like to see in your reply:

  • The result from the filescan in step 1.
  • The report from OTScanIt2 from step 2 attached in your reply.

  • 0

Advertisements

#17
coolwater777
Posted 05 April 2009 - 05:19 PM

coolwater777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Heir,

The result from the filescan in step 1 is pasted in this reply
The report from OTScanIt2 from step 2 is attached


VirSCAN.org Scanned Report :
Scanned time : 2009/04/05 15:48:12 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : lcfep5.drv
File Size : 1200 byte
File Type : bzip compressed data, version
MD5 : 2fee961c4fcfc15a8c0cf7d143192d8e
SHA1 : abe8b909f728da0ad4c2f9d272cdc60bcd236a88
Online report : http://virscan.org/r...f6a3fd6e66.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090406020355 2009-04-06 2.28 -
AhnLab V3 2009.04.06.00 2009.04.06 2009-04-06 1.00 -
AntiVir 7.9.0.138 7.1.3.14 2009-04-05 1.96 -
Antiy 2.0.18 20090405.2276952 2009-04-05 0.12 -
Authentium 5.1.1 200904051244 2009-04-05 1.12 -
AVAST! 3.0.1 090405-1 2009-04-05 0.00 -
AVG 7.5.52.442 270.11.42/2042 2009-04-05 2.01 -
BitDefender 7.81008.2828900 7.24632 2009-04-06 2.65 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-04 8.10 -
ClamAV 0.95 9205 2009-04-05 0.00 -
Comodo 3.8 1100 2009-04-05 0.54 -
CP Secure 1.1.0.715 2009.04.05 2009-04-05 8.01 -
Dr.Web 4.44.0.9170 2009.04.05 2009-04-05 4.30 -
F-Prot 4.4.4.56 20090405 2009-04-05 1.10 -
F-Secure 5.51.6100 2009.04.05.05 2009-04-05 0.05 -
Fortinet 2.81-3.117 10.248 2009-04-05 0.15 -
GData 19.4430/19.290 20090405 2009-04-05 6.57 -
ViRobot 20090403 2009.04.03 2009-04-03 1.05 -
Ikarus T3.1.01.49 2009.04.05.72528 2009-04-05 2.89 -
JiangMin 11.0.706 2009.04.05 2009-04-05 3.86 -
Kaspersky 5.5.10 2009.04.05 2009-04-05 0.02 -
KingSoft 2009.2.5.15 2009.4.5.21 2009-04-05 0.85 -
McAfee 5.3.00 5575 2009-04-05 2.70 -
Microsoft 1.4502 2009.04.05 2009-04-05 9.97 -
mks_vir 2.01 2009.04.05 2009-04-05 2.63 -
Norman 6.00.06 6.00.00 2009-04-03 10.01 -
Panda 9.05.01 2009.04.05 2009-04-05 3.77 -
Trend Micro 8.700-1004 5.944.02 2009-04-03 0.02 -
Quick Heal 10.00 2009.04.04 2009-04-04 1.29 -
Rising 20.0 21.23.40.00 2009-04-03 0.43 -
Sophos 2.85.0 4.40 2009-04-06 2.02 -
Sunbelt 5078 5078 2009-04-04 1.11 -
Symantec 1.3.0.24 20090405.003 2009-04-05 0.18 -
nProtect 20090405.01 3421135 2009-04-05 5.36 -
The Hacker 6.3.4.0 v00302 2009-04-04 1.61 -
VBA32 3.12.10.2 20090404.1354 2009-04-04 1.80 -
VirusBuster 4.5.11.10 10.102.34/1210107 2009-04-05 1.46 -

Attached Files


  • 0

#18
heir
Posted 06 April 2009 - 01:50 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Are the redirections completely gone now?

Please do this:

Delete Lop S&D.exe on your desktop

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#19
coolwater777
Posted 06 April 2009 - 07:07 AM

coolwater777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Heir, it does appear that my re-direction problem is gone. Below is the Lop S&D Log


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : BIOS Date: 10/29/04 13:42:25 Ver: 08.00.08
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:13 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:92 Go (Free:78 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 04/06/2009| 6:02 )

--------------------\\ Listing folders in APPLIC~1

[03/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/09/2005|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/29/2005|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EnterNHelp
[10/28/2007|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/08/2008|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[03/17/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/08/2008|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[03/29/2009|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/09/2008|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/05/2009|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[03/29/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN Messenger 5.0.0527
[08/15/2003|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[03/19/2009|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[08/15/2003|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/09/2005|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/13/2003|08:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/28/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[04/11/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[03/06/2007|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SSH
[04/11/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/15/2003|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[08/24/2008|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ultima_T15
[08/15/2003|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VAIO Media Platform
[09/29/2005|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/25/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[09/24/2008|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AdobeUM
[08/13/2003|08:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/14/2003|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[08/15/2003|12:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> MSN6
[08/15/2003|12:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[10/15/2003|06:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[12/03/2005|09:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[03/26/2006|09:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/13/2003|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/28/2007|06:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[01/06/2006|08:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[03/29/2009|10:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/30/2005|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

[12/17/2005|07:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> acccore
[03/19/2009|08:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[06/16/2007|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeAUM
[08/18/2007|06:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[11/06/2005|02:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[10/29/2005|01:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[12/28/2007|08:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[11/24/2003|02:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[11/24/2003|01:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Drag'n Drop CD+DVD
[10/20/2007|04:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FEP
[10/17/2006|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[10/03/2005|12:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[03/17/2009|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[04/05/2009|04:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HPAppData
[08/13/2003|08:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[06/11/2008|07:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[08/27/2007|05:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[03/25/2006|12:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/09/2008|07:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[06/01/2008|08:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[12/23/2005|07:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Games
[12/31/2008|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> mjusbsp
[12/17/2005|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[11/24/2003|02:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSN6
[06/01/2008|08:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nikon
[01/06/2006|11:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[11/18/2005|03:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Roxio
[11/09/2005|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sonic
[11/28/2003|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[03/08/2007|08:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SSH
[10/19/2005|07:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[04/11/2008|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/15/2003|06:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[11/28/2003|04:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[01/23/2007|08:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TextPad
[12/02/2007|12:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[02/03/2007|05:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/06/2009 03:01 AM][--a------] C:\WINDOWS\tasks\McAfeeQuickScan.job
[04/05/2009 08:30 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[04/05/2009 08:30 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[04/05/2009 02:22 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[04/03/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
[04/03/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
[04/03/2009 09:00 AM][--ah-----] C:\WINDOWS\tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
[11/15/2003 02:31 PM][--a------] C:\WINDOWS\tasks\Registration reminder 2.job
[04/05/2009 06:48 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/15/2004|09:46] C:\Program Files\<DIR> ABBYY FineReader 6.0
[03/19/2009|08:51] C:\Program Files\<DIR> Adobe
[11/09/2005|09:06] C:\Program Files\<DIR> Ahead
[08/15/2003|02:04] C:\Program Files\<DIR> ATI Technologies
[03/13/2009|09:17] C:\Program Files\<DIR> BroadJump
[08/24/2008|07:17] C:\Program Files\<DIR> Comcast
[03/30/2009|04:48] C:\Program Files\<DIR> Common
[04/05/2009|08:29] C:\Program Files\<DIR> Common Files
[08/13/2003|08:06] C:\Program Files\<DIR> ComPlus Applications
[01/31/2008|10:02] C:\Program Files\<DIR> Cyworld Music Player
[11/09/2005|09:54] C:\Program Files\<DIR> DivX
[11/09/2005|09:54] C:\Program Files\<DIR> DivXCodec
[03/28/2009|04:19] C:\Program Files\<DIR> DNA
[10/15/2003|07:00] C:\Program Files\<DIR> drag'n drop cd+dvd
[10/15/2003|06:56] C:\Program Files\<DIR> Encarta Online
[03/31/2009|05:12] C:\Program Files\<DIR> ERUNT
[11/16/2007|10:14] C:\Program Files\<DIR> Fox
[03/28/2009|04:20] C:\Program Files\<DIR> Google
[11/08/2008|03:37] C:\Program Files\<DIR> Hewlett-Packard
[11/08/2008|03:38] C:\Program Files\<DIR> HP
[03/28/2009|04:36] C:\Program Files\<DIR> InstallShield Installation Information
[08/14/2003|02:50] C:\Program Files\<DIR> Intel
[02/11/2009|04:01] C:\Program Files\<DIR> Internet Explorer
[04/03/2009|06:59] C:\Program Files\<DIR> Java
[03/30/2009|04:18] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/05/2009|08:34] C:\Program Files\<DIR> McAfee
[04/05/2009|08:29] C:\Program Files\<DIR> McAfee.com
[08/23/2008|02:11] C:\Program Files\<DIR> Messenger
[12/29/2008|06:21] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|03:03] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/13/2003|08:08] C:\Program Files\<DIR> microsoft frontpage
[03/28/2009|04:22] C:\Program Files\<DIR> Microsoft Money
[09/29/2005|01:36] C:\Program Files\<DIR> Microsoft Office
[08/15/2003|12:35] C:\Program Files\<DIR> Microsoft Picture It! 7
[03/28/2009|04:25] C:\Program Files\<DIR> Microsoft Works
[03/28/2009|04:26] C:\Program Files\<DIR> MoodLogic
[08/23/2008|02:05] C:\Program Files\<DIR> Movie Maker
[08/15/2003|12:35] C:\Program Files\<DIR> MSN
[06/13/2006|05:49] C:\Program Files\<DIR> MSN Gaming Zone
[09/29/2005|02:48] C:\Program Files\<DIR> MsnMusic
[10/15/2006|03:00] C:\Program Files\<DIR> MSXML 4.0
[11/30/2008|01:13] C:\Program Files\<DIR> Naver
[11/03/2006|12:38] C:\Program Files\<DIR> NCH Swift Sound
[08/23/2008|02:02] C:\Program Files\<DIR> NetMeeting
[08/15/2003|12:21] C:\Program Files\<DIR> Netscape
[02/03/2007|08:41] C:\Program Files\<DIR> NEXON
[06/01/2008|08:37] C:\Program Files\<DIR> Nikon
[11/09/2005|09:54] C:\Program Files\<DIR> NimoCodec Pack
[03/19/2009|08:44] C:\Program Files\<DIR> NOS
[09/29/2005|01:46] C:\Program Files\<DIR> OfficeUpdate11
[12/15/2003|03:23] C:\Program Files\<DIR> Online Services
[08/23/2008|02:02] C:\Program Files\<DIR> Outlook Express
[03/06/2009|03:58] C:\Program Files\<DIR> PartyGaming
[12/06/2006|08:07] C:\Program Files\<DIR> PartyGaming.net
[02/20/2006|06:02] C:\Program Files\<DIR> PartyPoker.net
[07/06/2008|02:02] C:\Program Files\<DIR> PokerStars
[03/03/2006|07:26] C:\Program Files\<DIR> PRTG Traffic Grapher
[03/28/2009|04:31] C:\Program Files\<DIR> Quicken
[03/28/2009|04:31] C:\Program Files\<DIR> QuickTime
[08/15/2003|12:29] C:\Program Files\<DIR> Real
[04/06/2008|10:31] C:\Program Files\<DIR> RegCleaner
[10/18/2005|06:40] C:\Program Files\<DIR> Roxio
[08/15/2003|12:38] C:\Program Files\<DIR> Shield
[04/08/2004|09:22] C:\Program Files\<DIR> Snapshot Viewer
[11/09/2005|09:00] C:\Program Files\<DIR> Sonic
[03/28/2009|04:34] C:\Program Files\<DIR> Sony
[04/11/2008|07:06] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/28/2009|08:16] C:\Program Files\<DIR> SpywareBlaster
[03/28/2009|08:20] C:\Program Files\<DIR> SUPERAntiSpyware
[03/13/2009|09:03] C:\Program Files\<DIR> support.com
[04/05/2009|06:53] C:\Program Files\<DIR> Symantec
[03/28/2009|08:39] C:\Program Files\<DIR> Symantec AntiVirus
[09/29/2005|12:37] C:\Program Files\<DIR> SymNetDrv
[04/06/2008|06:13] C:\Program Files\<DIR> Trend Micro
[08/13/2003|08:11] C:\Program Files\<DIR> Uninstall Information
[08/15/2003|12:47] C:\Program Files\<DIR> VAIOAgent
[05/25/2008|07:19] C:\Program Files\<DIR> Windows Live
[08/23/2008|02:02] C:\Program Files\<DIR> Windows Media Player
[08/23/2008|02:02] C:\Program Files\<DIR> Windows NT
[09/29/2005|12:20] C:\Program Files\<DIR> WindowsUpdate
[11/03/2006|12:38] C:\Program Files\<DIR> WinMX
[01/07/2006|04:38] C:\Program Files\<DIR> WinRAR
[11/25/2006|06:07] C:\Program Files\<DIR> WinZip
[08/13/2003|08:08] C:\Program Files\<DIR> xerox
[12/30/2006|10:13] C:\Program Files\<DIR> XviD
[02/03/2007|05:38] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/19/2009|08:50] C:\Program Files\Common Files\<DIR> Adobe
[03/19/2009|08:51] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/27/2005|12:12] C:\Program Files\Common Files\<DIR> AOL
[04/08/2004|09:19] C:\Program Files\Common Files\<DIR> Designer
[11/08/2008|03:37] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[11/08/2008|03:36] C:\Program Files\Common Files\<DIR> HP
[08/15/2003|12:29] C:\Program Files\Common Files\<DIR> InstallShield
[08/15/2003|12:30] C:\Program Files\Common Files\<DIR> Intuit
[04/05/2009|08:30] C:\Program Files\Common Files\<DIR> McAfee
[03/28/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/13/2003|08:06] C:\Program Files\Common Files\<DIR> MSSoap
[03/28/2009|04:27] C:\Program Files\Common Files\<DIR> Nikon
[12/17/2005|07:08] C:\Program Files\Common Files\<DIR> Nullsoft
[08/13/2003|01:03] C:\Program Files\Common Files\<DIR> ODBC
[01/06/2006|11:32] C:\Program Files\Common Files\<DIR> Real
[11/03/2006|12:38] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/13/2003|08:06] C:\Program Files\Common Files\<DIR> Services
[11/09/2005|09:00] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/15/2003|12:40] C:\Program Files\Common Files\<DIR> Sony Shared
[08/13/2003|01:03] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/29/2008|07:15] C:\Program Files\Common Files\<DIR> supportsoft
[11/24/2003|01:43] C:\Program Files\Common Files\<DIR> SWF Studio
[04/05/2009|06:53] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/23/2008|02:02] C:\Program Files\Common Files\<DIR> System
[11/09/2005|09:00] C:\Program Files\Common Files\<DIR> TiVo Shared
[03/01/2008|06:55] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[04/11/2008|07:06] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/06/2006|11:32] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 47 Processes )

iexplore.exe ~ [PID:2224]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 06:04:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:20][D:12]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:23][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:149][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009| 6:05 - Option : [1]

--------------------\\ Scan completed at 6:05:22
  • 0

#20
heir
Posted 06 April 2009 - 08:14 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, coolwater777 !

Good to hear that it's sorted. :)

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
    Posted Image


Second:

Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTListIt2 Clean Up.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Second:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Third:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#21
coolwater777
Posted 06 April 2009 - 07:25 PM

coolwater777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Heir,

Very glad to hear that the logs came up clean. :)

I want to thank you very much for staying with me and walking me through each step of the process to resolve my infection. The computer is running great; I have taken your advice and D/L'd the programs you recommended above.

Again Thank You. for your time and energy Heir. Having folks like yourself volunteer your time to help others is very appreciative and says alot about who we are. I will now volunteer my time in other ways to help other as well.

All the best to you and your family, live well, eat well. :)

Best Regards
Coolwater777
  • 0

#22
heir
Posted 09 April 2009 - 05:35 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP