Solved I need help removing the Google Redirect Rootkit Help!?

Dell OPTIPLEX 745
December 24, 2012 at 11:32:10
Specs: Windows XP, 3.391 GHz / 2037 MB
Hello. I am having trouble getting rid of the Google Redirect Rootkit. I have searched several forums and pages for help and have tried their methods but still to no prevail it still is there. I am constantly getting redirected to a different page when clicking on a link can you please help me get rid of this without having to completely erase my computer or installing a new os?

See More: I need help removing the Google Redirect Rootkit Help!?

Report •


✔ Best Answer
December 25, 2012 at 18:29:17
No you have done a great job. Your pc should be fine from now on :)
One other thing to speed up your pc, is to add some RAM.
You know where to find us if you have any more concerns.
Don't forget to mark best answer.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?



#1
December 24, 2012 at 12:18:02
Download and run AdwCleaner from this link:
http://www.bleepingcomputer.com/dow...
AdwCleaner Usage Instructions:
Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
Please include the log in your next reply.

Then download and run TDSSkiller from this link:
http://www.bleepingcomputer.com/dow...

Next download, update and run a quick scan of Malwarebytes free, from this link:
http://www.malwarebytes.org/product...
Include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
December 24, 2012 at 14:49:49
Thanks for the quick reply to my question MrGoodguy I will post the logs as soon as they are all done. Im currently running the malwarebytes one and will then post them.

Report •

#3
December 24, 2012 at 15:00:01
Excellent :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

Related Solutions

#4
December 24, 2012 at 16:35:54
Ok here are the logs

AdwCleaner:

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 15:42:34
# Updated 23/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : S. Whiting - S-7DB367BCDE084
# Boot Mode : Normal
# Running from : C:\Documents and Settings\S. Whiting\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\extensions\bbrs_002@blabbers.com

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\prefs.js

C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3123 octets] - [24/12/2012 15:41:51]
AdwCleaner[S1].txt - [3229 octets] - [24/12/2012 15:42:34]

########## EOF - C:\AdwCleaner[S1].txt - [3289 octets] ##########

Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.24.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
S. Whiting :: S-7DB367BCDE084 [administrator]

12/24/2012 5:35:38 PM
mbam-log-2012-12-24 (17-35-38).txt

Scan type: Full scan (A:\|C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278643
Time elapsed: 1 hour(s), 45 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I have yet to check Google to see if those options have fixed it yet but hopefully these logs will tell you. Please let me know if there is anything else I need to do.


Report •

#5
December 24, 2012 at 16:52:27
Things are looking good, try browsing and see if you get any redirects?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#6
December 24, 2012 at 18:05:19
Ok I just tried browsing and using google and ive seemed to have gotten less redirects but there is still some redirects happening so its not gone or at least not fully gone. Any more solutions or ideas?

Report •

#7
December 24, 2012 at 18:11:54
Could you download HighJackThis from this link:
http://sourceforge.net/projects/hjt/
Run HJT and save the log. Do not fix anything. Include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#8
December 24, 2012 at 18:26:01
Ok im going to give HighJackThis ago and will send the log when Im done

Report •

#9
December 24, 2012 at 18:33:29
here is the log

HighJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:56 PM, on 12/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\S. Whiting\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/mi...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

--
End of file - 8126 bytes


Report •

#10
December 24, 2012 at 18:46:11
Your log looks good. Can you run ESET's online scanner from this link:
http://www.eset.com/online-scanner-...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#11
December 24, 2012 at 18:55:17
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe

This entry is not bad, but can not be on your pc. You have Bitdefender running this can cause conflicts in your antivirus protection. As they both have realtime scanning.
You will have to go to Add and Remove Programs and remove Anvi Smart Defender.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#12
December 24, 2012 at 19:31:06
Ok so ESET is going to take awhile still at only 36% but I will post any logs when its done. When I was trying to get rid of the rootkit one forum told me to download and use Anvi Smart Defender to remove it. But as you can tell it did not work. I proceeded to uninstall the program but after it was uninstalled it said some components could not be removed and it is no longer under add or remove programs. So maybe after this problem with the Google redirect rootkit is resolved maybe you could tell me how to remove any left over components of the program. Thanks.

Report •

#13
December 24, 2012 at 19:35:08
Eset can take awhile.
CCleaner should clean up leftovers from removed programs.
http://www.piriform.com/CCLEANER
Run the cleaner first then do the Registry clean after that.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#14
December 24, 2012 at 19:56:31
I already have and used ccleaner on my computer after the uninstall and it did remove some things but i guess some components are still showing up. Also ESET is still only at 37% so i may not be able to post the log till tomorrow.

Report •

#15
December 24, 2012 at 20:22:30
Stop ESET and delete anything it found.
Run HitmanPro3.7 instead, from this link:
http://www.surfright.nl/en

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#16
December 24, 2012 at 20:28:19
Ok I stopped ESET and uninstalled it but I'm not sure it deleted anything. I am running HitmanPro3.7 now and will post a log when Im done. Will i need to use ESET later on in the future?

Report •

#17
December 24, 2012 at 20:40:07
If Eset's taking that long to run, go ahead and remove it.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#18
December 24, 2012 at 20:59:15
Ok i finished with HitmanPro3.7 and i deleted everything it came up with as potentially harmful here is the log

HitmanPro3.7:

[code]
HitmanPro 3.7.0.185
www.hitmanpro.com

Computer name . . . . : S-7DB367BCDE084
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : S-7DB367BCDE084\S. Whiting
License . . . . . . . : Trial (31 days left)

Scan date . . . . . . : 2012-12-24 23:27:31
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 54s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 1
Traces . . . . . . . : 94

Objects scanned . . . : 1,220,875
Files scanned . . . . : 18,594
Remnants scanned . . : 514,007 files / 688,274 keys

Malware _____________________________________________________________________

C:\Documents and Settings\S. Whiting\My Documents\Downloads\Codec-1.5.0.0-setup.exe -> Quarantined
Size . . . . . . . : 637,818 bytes
Age . . . . . . . : 188.1 days (2012-06-19 22:08:13)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 3F5D9178B3640ECCB38DCAA5B6ED7E99924F2BCAAE8D57B237B1BB9203DABF4D
> a-Squared . . . . : Adware.Win32.x3Codec.AMN!A2
Fuzzy . . . . . . : 114.0


Suspicious files ____________________________________________________________

C:\Documents and Settings\S. Whiting\Local Settings\Temp\~nsu.tmp\Au_.exe -> Quarantined
Size . . . . . . . : 288,974 bytes
Age . . . . . . . : 0.4 days (2012-12-24 13:52:16)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 40B68ED9E839CFC77D1DE79ADE036775D9F38AEDF916667180AF05F51EA13344
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1708537768-2146875891-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\S3FB4~1.WHI\LOCALS~1\Temp\~nsu.tmp\Au_.exe


Potential Unwanted Programs _________________________________________________

HKU\.DEFAULT\Software\AskToolbar\ (AskBar) -> Deleted
HKU\.DEFAULT\Software\bbrs_002.tb\ (Blabbers) -> Deleted
HKU\.DEFAULT\Software\Blabbers \ (Blabbers) -> Deleted
HKU\.DEFAULT\Software\Blabbers\ (Blabbers) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}\ (Blabbers) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}\ (Blabbers) -> Deleted
HKU\S-1-5-18\Software\AskToolbar\ (AskBar) -> PendingDelete
HKU\S-1-5-18\Software\bbrs_002.tb\ (Blabbers) -> PendingDelete
HKU\S-1-5-18\Software\Blabbers \ (Blabbers) -> PendingDelete
HKU\S-1-5-18\Software\Blabbers\ (Blabbers) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}\ (Blabbers) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}\ (Blabbers) -> PendingDelete
HKU\S-1-5-21-1708537768-2146875891-725345543-1003\Software\bbrs_002.tb\ (Blabbers) -> Deleted
HKU\S-1-5-21-1708537768-2146875891-725345543-1003\Software\Blabbers\ (Blabbers) -> Deleted

Cookies _____________________________________________________________________

C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:247realmedia.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:2o7.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:7search.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:a1.interclick.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ad.360yield.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ad.bodybuilding.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ad.mlnadvertising.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ad.vuiads.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ad.vuiads.org
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adbrite.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adinterax.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adlegend.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.adk2.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.bleepingcomputer.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.cinamuse.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.creative-serving.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.e-planning.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.eqads.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.eurogamer.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.filmbull.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.glispa.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.lanistaads.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.lukads.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.lzjl.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.moviease.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.p161.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.pixfuture.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.pointroll.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.pubmatic.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.redorbit.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.undertone.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ads.us.e-planning.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adserver.adtechus.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adtech.de
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:adtechus.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:advertise.browardschools.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ar.atwola.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:at.atwola.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:atwola.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:bs.serving-sys.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:clicksor.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:cn.clickable.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:collective-media.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:dmtracker.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:giftscom.122.2o7.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:hearstmagazines.112.2o7.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:in.getclicky.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:interclick.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:invitemedia.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:kontera.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:livejasmin.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:media6degrees.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:microsoftsto.112.2o7.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:myroitracking.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:network.realmedia.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:new.livejasmin.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:overture.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:pointroll.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:questionmarket.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:realmedia.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:revsci.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:ru4.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:server.cpmstar.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:serving-sys.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:smartadserver.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:specificclick.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:stats.complex.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:tacoda.at.atwola.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:tacoda.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:track.adform.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:track.prd.inpwrd.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:track.prd1.netshelter.net
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:tribalfusion.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:www.googleadservices.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:xiti.com
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:yadro.ru
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\cookies.sqlite:yieldmanager.net


[/code]


I am going to head to bed since its Christmas and everything tomorrow but I will follow up with this later on tomorrow. I am going to try again and run ESET overnight and see if it finishes in the morning. Thanks again for your help and I wish you and your significant others a merry Christmas/Hanukkah. Goodnight.


Report •

#19
December 24, 2012 at 21:04:31
Good night talk tomorrow :) Merry Xmas.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#20
December 25, 2012 at 06:45:59
Good Morning and Merry Christmas! I let ESET run over night and it finished. It did not have a log but it did have a list of files it quarantined/deleted. Here is the list

ESET:

C:\Documents and Settings\S. Whiting\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S. Whiting\Application Data\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S. Whiting\Application Data\FrostWire\.AppSpecialShare\frostwire-5.1.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\extensions\olewocotbg@olewocotbg.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13\1ee23a8d-3619b1cd multiple threats deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25\2c81b59-49d87bd2 multiple threats deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\7ace1127-125df43e a variant of Java/Exploit.CVE-2012-4681.CD trojan deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\42\1f1491ea-55a10720 multiple threats deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5\79c89985-4addaa0e multiple threats deleted - quarantined
C:\Documents and Settings\S. Whiting\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55\4f06d9b7-71004771 multiple threats deleted - quarantined
C:\Documents and Settings\S. Whiting\My Documents\Downloads\frostwire-4.21.5.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined

When your free you can tell me the next thing you need me to do.


Report •

#21
December 25, 2012 at 11:25:33
Download and run Combofix from this link:
http://www.bleepingcomputer.com/dow...
NOTE: You need to turn off your antivirus (Realtime Scanner) as it will cause conflicts with Combofix. If your not sure ask. Once it starts do not open, run or move your mouse until fix is finished!

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#22
December 25, 2012 at 11:32:20
Ok i use bitdefender for my antivirus can you tell me how to temporarily turn it off please?

Report •

#23
December 25, 2012 at 11:36:42
How to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2012
In order to disable the antivirus protection,please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield"tab and click on "Turn off" under On-access scanning.Select the time interval that suites your troubleshooting needs and click "OK" . The On-access scanning should be enabled back after finishing the troubleshooting procedure.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#24
December 25, 2012 at 14:23:18
I disabled it and ran combofix but combofix said AVG antivirus was still running even though I deleted that and used ccleaner on that a long time ago so i dont really know if it is still there or not. Anyways here is ComboFix's log

ComboFix:

ComboFix 12-12-25.02 - S. Whiting 12/25/2012 17:03:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -5:00]
Running from: c:\documents and settings\S. Whiting\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1334873923.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\S. Whiting\WINDOWS
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 19:19 . 2012-12-25 19:19 -------- d-----w- c:\windows\LastGood
2012-12-25 05:00 . 2012-12-25 05:00 -------- d-----w- c:\program files\ESET
2012-12-25 04:27 . 2012-12-25 04:52 30616 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2012-12-25 04:27 . 2012-12-25 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-12-25 00:26 . 2012-12-25 00:26 365912 ----a-w- c:\windows\system32\bda3B.tmp
2012-12-24 18:31 . 2012-12-24 18:59 -------- d-----w- c:\documents and settings\S. Whiting\Application Data\Anvisoft
2012-12-24 18:31 . 2012-12-24 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvisoft
2012-12-24 18:30 . 2012-12-24 18:30 -------- d-----w- c:\program files\Anvisoft
2012-12-18 01:00 . 2012-12-18 01:00 -------- d-----w- c:\program files\iPod
2012-12-18 01:00 . 2012-12-18 01:01 -------- d-----w- c:\program files\iTunes
2012-12-18 01:00 . 2012-12-18 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-11 22:41 . 2012-12-11 22:41 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-12-11 22:41 . 2012-12-11 22:41 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-12-11 22:25 . 2012-12-11 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PLAV
2012-12-11 22:24 . 2012-12-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2012-12-11 22:24 . 2012-12-11 23:17 -------- d-----w- c:\program files\ParetoLogic
2012-12-11 21:56 . 2012-12-11 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun
2012-12-11 21:56 . 2012-12-11 21:56 2 --shatr- c:\windows\winstart.bat
2012-12-11 21:56 . 2012-12-11 22:21 -------- d-----w- c:\program files\UnHackMe
2012-12-04 22:57 . 2012-09-28 15:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-11-30 20:25 . 2001-03-26 09:41 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2012-11-30 20:25 . 2001-05-16 22:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2012-11-30 20:25 . 2001-05-11 18:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2012-11-30 20:23 . 2003-04-18 21:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-11-30 20:23 . 2009-04-02 23:28 720896 ----a-w- c:\windows\system32\DLLAV32.dll
2012-11-30 20:23 . 2009-04-02 23:28 212992 ----a-w- c:\windows\system32\DLLDEV32.dll
2012-11-30 20:23 . 2009-04-02 23:28 90112 ----a-w- c:\windows\system32\DLLPRF32.dll
2012-11-30 20:23 . 2009-04-02 23:28 147456 ----a-w- c:\windows\system32\DLLCPY32.dll
2012-11-30 20:23 . 2009-04-02 23:28 77824 ----a-w- c:\windows\system32\DLLPNT32.dll
2012-11-30 20:23 . 2009-04-02 23:28 212992 ----a-w- c:\windows\system32\DLLDRV32.dll
2012-11-30 20:23 . 2009-04-02 23:28 94208 ----a-w- c:\windows\system32\DLLIO32.dll
2012-11-30 20:23 . 2009-04-02 23:28 274432 ----a-w- c:\windows\system32\DLLRES32.dll
2012-11-30 20:23 . 2009-04-02 23:28 65536 ----a-w- c:\windows\system32\STRING32.dll
2012-11-30 20:22 . 2012-11-30 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2012-11-30 20:21 . 2012-11-30 20:52 -------- d-----w- c:\program files\MAGIX
2012-11-30 20:21 . 2007-04-27 15:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2012-11-30 20:21 . 2012-11-30 20:49 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-11-30 20:19 . 2012-11-30 20:25 -------- d-----w- c:\documents and settings\S. Whiting\Application Data\MAGIX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:50 . 2012-04-19 23:58 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-12-12 12:50 . 2012-04-20 00:01 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-12-12 12:50 . 2012-04-20 00:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-12-12 10:58 . 2012-04-02 19:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 10:58 . 2011-05-22 12:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-29 23:54 . 2012-08-07 23:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 15:32 . 2011-04-11 21:50 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-04 00:13 . 2012-12-04 00:13 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-08-29 02:52 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-08-29 02:52 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-08-29 02:52 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-08-29 02:52 239112 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1199344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^S. Whiting^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\S. Whiting\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-05-29 23:00 170520 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-05-29 23:00 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-04 21:04 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-05-29 23:00 141848 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:18 17420464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-08-03 17:59 1044480 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [4/19/2012 7:00 PM 622616]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [7/11/2011 6:33 PM 55032]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [4/19/2012 6:58 PM 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [4/19/2012 7:01 PM 481464]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [4/19/2012 6:59 PM 116248]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [12/24/2012 11:27 PM 30616]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\c:\windows\system32\DRIVERS\asdrs.sys --> c:\windows\system32\DRIVERS\asdrs.sys [?]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [12/20/2012 9:43 PM 735592]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/14/2012 10:37 AM 160944]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [4/19/2012 7:01 PM 63056]
S3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [7/8/2011 2:49 PM 67120]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [7/6/2011 4:48 PM 307544]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:58]
.
2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-12-25 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-12-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-12-25 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-12-25 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{75284886-4487-4A65-9068-30C956D03E07}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\S. Whiting\Application Data\Mozilla\Firefox\Profiles\m0kn6k81.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-92647159.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 17:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,a4,09,c1,69,57,98,4d,8c,f8,b8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-12-25 17:13:50
ComboFix-quarantined-files.txt 2012-12-25 22:13
.
Pre-Run: 32,871,342,080 bytes free
Post-Run: 32,990,507,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 67ED6EE7ECEFB324592926ED69D4BEE2


Sorry This took so long to get to you I was busy with my family. Anyways when you get the chance please tell me what I have to do next.


Report •

#25
December 25, 2012 at 14:47:01
Hows the redirections? Still there?

I will give you instructions to remove AVG2012 and also Anvi Smart Defender.

AVG2012 first, removal tool from this link:
http://techdows.com/2011/09/how-to-...
The download link is half way down the page. Run the tool and it will remove any AVG leftovers.

Anvi Smart Defender removal:
* Click Start –> go to All Programs –> find out Anvisoft –> check whether there is a uninstall option in the directory.
* If not download and run AppRemover, when it starts, choose the Already Uninstalled search option. It takes a while to scan. Check mark any Anvi Smart defender items for removal.
http://www.appremover.com/

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#26
December 25, 2012 at 15:45:25
Okay it seems that the redirection virus/rootkit is gone for now I will reply if there is does come up though. I ran the AVG remover and i think it removed it completely but it did not ask me to restart so we will see. I used appremover but it didnt find Anvi Smart Defender and it didnt have the Already Uninstalled search option your talking about. I dont know if its gone or not. Is there any other program I can try?

Report •

#27
December 25, 2012 at 15:58:41
How to use AppRemover:
http://www.appremover.com/faq

Try looking for Anvi Smart Defender manually.
Start>Search> Files and Folders type in Anvi Smart Defender, or Anvisoft. Highlight and delete the search item results.

or try

Start> My Computer> C:/Drive>Program Files> (Look through and delete any Anvi Smart defender folder)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#28
December 25, 2012 at 16:29:55
Ok i removed the files of Anvi Smart Defender from under program files and i still don't see any redirecting from Google so i think the virus /root kit is finally gone hopefully. Thank you for all your help with this problem and sticking with me through the end. I just have some final requests if you wouldnt mind helping me.

Is there any software I can download to prevent me from getting the Google Redirect Virus/Rootkit again?

Through looking in the logs is there any other viruses that I may have that I should know about?

My computer and my Internet seem awfully slow do you know of any methods to speed this up?

I am using Bitdefender as my antivirus protection. Is this a good antivirus protection software or should I use a different one in the future and if so which one?

Thanks again.


Report •

#29
December 25, 2012 at 16:46:43
Next we need to do some repairs and cleaning.
Uninstall Combofix:
Start>Run>copy and paste the following, then run it.

combofix /uninstall

Now to fix a few things:
Download Tweaking's Windows Repair - All In One tool from this link:
http://www.tweaking.com/content/pag...
Run tool, on the first page go to far right tab Start repairs, it will ask to make a restore point please allow this.
Check mark the following fixes only;
Reset File Permissions
Reset Registry Permissions
Register System Files
Remove Policies Set By Infection

On the far right click the Start button. Warning do not fix anything else please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#30
December 25, 2012 at 17:19:57
"I removed the files of Anvi Smart Defender from under program files."
- Great.

"I still don't see any redirecting from Google so I think the virus /root kit is finally gone hopefully."
- Yes things should running a lot better :)

"Thank you for all your help with this problem and sticking with me through the end."
- Your most welcome.

"I just have some final requests if you wouldn't mind helping me.
Is there any software I can download to prevent me from getting the Google Redirect Virus/Rootkit again?
- There is no one tool that will protect your pc 100%. It is a combination of a good antivirus (Bitdefender 9 ouf of 10), good browsing habits, learn from Google.
But what you can do is look at downloading or installing the following:
WinPatrol is a great download for stopping auto installing/running without your permission. http://www.winpatrol.com/download.html

Browser addon WOT Web Of Trust, it works on a traffic light warning system. (Green - Good, Orange - Warning, Red - Do not go) https://www.mywot.com/
My own WOT info How To Guide.
http://www.computing.net/howtos/sho...

"Through looking in the logs is there any other viruses that I may have that I should know about?"
- The only other thing is the Skype C2C Toolbar which I would remove. Skype works well on it's own, so don't see the need to run it from a browser. (To each their own)

My computer and my Internet seem awfully slow do you know of any methods to speed this up?
- There are a few ways to speed things up;
* Run CCleaner and go to Tools>Startup going through the list can you see anything you can Disable from starting up.

* Check your Taskmanager for any running processes using up your RAM or CPU. Either uninstall any you don't use or need.

* Use the built in Windows - Disk Cleaner.
Start>All Programs>Accessories>System Tools>Disk Cleanup run the cleaner.

* Use the built in Windows - Disk Defragmenter.
Start>All Programs>Accessories>System Tools>Disk Defragmenter run the defragger.

"I am using Bitdefender as my antivirus protection. Is this a good antivirus protection software or should I use a different one in the future and if so which one?"
- I like Bitdefender and wouldn't change it, unless your subscription runs out.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#31
December 25, 2012 at 17:35:47
Ok I did the tweaking windows repairs and uninstalled combofix what do I need to do next?

Report •

#32
December 25, 2012 at 17:58:17
I also downloaded WinPatrol and WOT Web Of Trust. I disabled Skype C2C Toolbar and I did all your methods of cleaning up the computer (currently doing the defragmenting). Once again thank you so much for your help you are a lifesaver MrGoodguy. Is there anything else I need to do before we are completely finished here or is there any other ways, tips, programs, or methods you know to speed up my computer?

Report •

#33
December 25, 2012 at 18:29:17
✔ Best Answer
No you have done a great job. Your pc should be fine from now on :)
One other thing to speed up your pc, is to add some RAM.
You know where to find us if you have any more concerns.
Don't forget to mark best answer.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#34
December 25, 2012 at 18:34:13
Thank you once again for your help MrGooguy the virus/rootkit was really getting on my nerves and I am glad that it is finally gone. You have been a great help to me and if I have any problems in the future I will be sure to go to you. Thanks again and goodbye for now. :)

~Mcgrufer


Report •


Ask Question