Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#16
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK, short scan has just finished and nothing was found, I just started the Complete scan now, so I will notify you when it is done.
  • 0

Advertisements


#17
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I was running the Complete scan last night, and it was about 3 and half hours in and then my windows update interrupted and restarted my Laptop. It had found 3 infections at the time. One was OTM.exe which it moved, and two other files that I could not recall the names but I think they were .tmp files.

I ran the Complete scan this morning and it had found no infections, although I still have the redirect. Could this be because I did not run the Short scan first?
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ronnie10,

It's time to do some testing and try to narrow the problem. Please test your system after each step and see if you get redirected.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c
    netsh winsock reset /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Use the Internet Explorer (No Add-ons) mode
To do this, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Internet Explorer (No Add-ons).
You will get a IE window (with instructions) that you are running in safe mode with no addons or active x.


Note Internet Explorer (No Add-ons) mode is only available for Internet Explorer 7 and Internet Explorer 8.


Step 3

Test if you get redirected while surfing in Safe mode with networking

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 4

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.
  • 0

#19
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL

========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\oficeworks\Desktop\cmd.bat deleted successfully.
C:\Users\oficeworks\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08032011_174913
  • 0

#20
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Still getting redirected when using the Internet Explorer (No Add-Ons), but while using the safe mode with networking it seems to be fine.
  • 0

#21
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Just installed Mozilla Firefox and I have the same redirecting problem with it, will this help you figure out the problem easier?
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Of course it helps. Did you start AVAST scan? If you didn't I would like to try something. If you did then continue with it and post the log here.
  • 0

#23
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
No I did not start the scan yet, I am going for holidays tomorrow and will not be back for another 2 weeks. So can you please try something else for today. Thank you
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
After first step make sure to restart your system and test it for redirection.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/30 04:34:13 | 000,068,096 | ---- | M] () -- C:\Windows\System32\audiosrvs.dll

    :Files
    C:\Windows\System32\audiosrvs.dll

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2


  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#25
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL fix

All processes killed
========== OTL ==========
File move failed. C:\Windows\System32\audiosrvs.dll scheduled to be moved on reboot.
========== FILES ==========
File move failed. C:\Windows\System32\audiosrvs.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: oficeworks
->Temp folder emptied: 76517456 bytes
->Temporary Internet Files folder emptied: 4690419 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11368867 bytes
->Flash cache emptied: 1402 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 719221 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: oficeworks
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08032011_192659

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\audiosrvs.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

Advertisements


#26
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
New OTL scan


OTL logfile created on: 3/08/2011 7:32:00 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\oficeworks\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 63.95% Memory free
3.96 Gb Paging File | 3.26 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 41.01 Gb Free Space | 30.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.55 Gb Free Space | 35.53% Space Free | Partition Type: NTFS

Computer Name: OFICEWORKS-PC | User Name: oficeworks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
PRC - [2009/01/06 02:17:30 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/13 23:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/11/12 21:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 16:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 16:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 16:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 16:49:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/08/28 15:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2006/11/02 19:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
MOD - [2006/11/02 19:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/12 21:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 21:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2006/11/02 19:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006/11/02 19:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2007/11/13 16:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/11/13 16:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/12 21:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/24 20:02:58 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/07 16:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 02:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 15:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 15:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/11/02 18:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.bing.com"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/03 18:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{953CC089-C7C9-447A-9BD3-B731A59828AC}: C:\Users\oficeworks\AppData\Local\{953CC089-C7C9-447A-9BD3-B731A59828AC}

[2011/08/03 18:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oficeworks\AppData\Roaming\mozilla\Extensions
[2011/08/03 18:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/03 03:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 17:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/02 23:38:23 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\oficeworks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\oficeworks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 18:18:57 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Desktop\anti virus
[2011/08/03 18:16:25 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Mozilla
[2011/08/03 18:16:25 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\Mozilla
[2011/08/03 18:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/02 22:49:09 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\DoctorWeb
[2011/08/01 23:19:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/01 23:19:32 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\temp
[2011/08/01 23:18:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/01 23:09:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/01 23:08:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/08/01 23:06:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 21:23:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
[2011/08/01 21:13:39 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Desktop\GooredFix Backups
[2011/08/01 01:11:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/01 01:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/01 01:11:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/31 23:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2011/07/31 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/07/31 20:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/31 20:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/31 19:58:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/31 19:58:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/31 19:58:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/07/31 19:58:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/31 19:58:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 19:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 19:25:23 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\NPE
[2011/07/31 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/31 18:52:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 05:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/07/31 04:25:48 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\Media Get LLC
[2011/07/31 04:25:24 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\MediaGet2
[2011/07/31 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Local\Threat Expert
[2011/07/31 00:18:32 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/07/31 00:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/31 00:12:34 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\AVG10
[2011/07/31 00:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/31 00:11:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/07/31 00:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/07/31 00:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/30 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Argiuz
[2011/07/30 23:43:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/30 23:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\NoAdware5.0
[2011/07/30 22:51:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/30 05:02:04 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\Malwarebytes
[2011/07/30 05:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/30 05:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/28 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\Documents\Downloads
[2011/07/28 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\oficeworks\AppData\Roaming\DMCache
[2011/07/27 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

========== Files - Modified Within 30 Days ==========

[2011/08/03 19:28:08 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 19:28:08 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 19:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 19:27:59 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 18:33:36 | 000,000,951 | ---- | M] () -- C:\Users\oficeworks\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/08/03 18:33:31 | 000,000,951 | ---- | M] () -- C:\Users\oficeworks\Desktop\Internet Explorer.lnk
[2011/08/03 18:02:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/02 23:38:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/01 21:23:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\oficeworks\Desktop\OTL.exe
[2011/08/01 17:00:59 | 000,271,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/01 16:52:19 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/08/01 16:18:09 | 035,192,832 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/01 16:18:09 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/01 16:18:09 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/01 01:58:59 | 000,087,832 | ---- | M] () -- C:\Users\oficeworks\Documents\cc_20110801_015841.reg
[2011/07/31 23:27:46 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/07/31 17:57:57 | 126,296,615 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/31 05:37:43 | 000,017,408 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\WebpageIcons.db
[2011/07/31 04:51:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/31 04:36:15 | 000,237,056 | ---- | M] () -- C:\Users\oficeworks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 04:34:13 | 000,068,096 | ---- | M] () -- C:\Windows\System32\audiosrvs.dll
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/03 18:33:36 | 000,000,951 | ---- | C] () -- C:\Users\oficeworks\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/08/03 18:33:31 | 000,000,951 | ---- | C] () -- C:\Users\oficeworks\Desktop\Internet Explorer.lnk
[2011/08/03 18:15:56 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/03 18:10:39 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/01 16:52:19 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/08/01 03:23:48 | 035,192,832 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/01 03:23:48 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/01 03:23:48 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/01 01:58:52 | 000,087,832 | ---- | C] () -- C:\Users\oficeworks\Documents\cc_20110801_015841.reg
[2011/07/31 23:27:46 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2011/07/31 19:58:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/31 19:58:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/31 19:58:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/31 19:58:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/31 19:58:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/31 17:57:57 | 126,296,615 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/07/31 05:37:39 | 000,017,408 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\WebpageIcons.db
[2011/07/31 02:37:03 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/30 04:42:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/07/30 04:34:13 | 000,068,096 | ---- | C] () -- C:\Windows\System32\audiosrvs.dll
[2011/07/07 19:24:26 | 002,791,259 | ---- | C] () -- C:\Users\oficeworks\Desktop\_DSC6094a.jpg
[2011/05/03 15:36:55 | 000,023,888 | ---- | C] () -- C:\Users\oficeworks\AppData\Roaming\UserTile.png
[2009/06/29 19:05:53 | 000,023,172 | ---- | C] () -- C:\Users\oficeworks\AppData\Roaming\NMM-MetaData.db
[2009/04/04 11:11:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/04 11:11:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/29 16:34:28 | 000,148,996 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/05/22 07:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\Officeworks May Promo 01.ini
[2008/05/22 07:02:39 | 000,007,268 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\d3d9caps.dat
[2008/05/13 13:37:42 | 000,237,056 | ---- | C] () -- C:\Users\oficeworks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/31 04:39:53 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/31 04:39:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/31 04:39:53 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/31 04:39:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/30 21:02:07 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/03/14 06:02:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,271,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,099,422 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 17:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 17:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/07/31 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Argiuz
[2011/07/31 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\AVG10
[2011/07/31 20:28:46 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\BitTorrent
[2011/07/31 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\DMCache
[2011/01/21 11:12:21 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Image Zone Express
[2009/06/29 19:05:53 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Nokia
[2008/07/13 18:38:29 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Nokia Multimedia Player
[2009/06/29 19:04:38 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\PC Suite
[2010/12/16 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\PCDr
[2009/08/15 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Printer Info Cache
[2009/05/20 02:30:00 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\ptidle
[2008/07/16 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\Template
[2009/07/06 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\oficeworks\AppData\Roaming\tmp
[2011/08/03 19:27:15 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looks like OTL failed to remove file. Let's try this:

Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Windows\System32\audiosrvs.dll


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

  • 0

#28
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
It seems to be working fine now, thank you very much for the help. You have been wonderful and very patient through this long process. Anything else I need to do now?

I will paste the log from the Avenger here for you have a look at.


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\audiosrvs.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#29
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! You were great associate too. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendorís patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#30
ronnie10

ronnie10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you so much everything seems to be running fine now and I have cleaned up a few of the programs we have used. I still have MBAM, aswMBR, GooredFix and DR WEB. Should I remove these or do I still need them for regular check ups.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP