Google Search Redirect Virus Help !!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by pizzahut, Nov 29, 2009.

  1. pizzahut

    pizzahut Private E-2

    Hey,
    Can anyone who has experience looking at logs and finding a solution to this very persistent problem help me out!!
    Very annoying!!!!

    Thanks
     
    pizzahut, Nov 29, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.

    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:


    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    TimW, Nov 30, 2009
    #2
  3. pizzahut

    pizzahut Private E-2

    Alright, I'll get right on it. I am afraid though of one thing and that is my safe mode does not function since i've gotten this...do i still proceed
     
    pizzahut, Nov 30, 2009
    #3
  4. pizzahut

    pizzahut Private E-2

    Here are 4 of the logs.
    I put in one more Root log in the next post.
    I did have a rootrepeal error saying "PE image not found"
     

    Attached Files:

    pizzahut, Dec 1, 2009
    #4
  5. pizzahut

    pizzahut Private E-2

    the mgtool is taking awfully long without a complete scan message.
    so ive attached wat it has done.
    I don't know if this is related, but an odd chinese pop up appears with a bunch of unrecognizable characters and then when i close it, an explorer window opens of my home page...
    just fyi.

    good luck
     

    Attached Files:

    pizzahut, Dec 1, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    MGTools ran fine. All that was found in the scans were cookies.

    Why am I not seeing any AV program on this system???

    But lets remove a few things.

    Download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Dec 4, 2009
    #6
  7. pizzahut

    pizzahut Private E-2

    Hey
    Here are the logs...yes i dont have a AV, dont believe in em. mayb i should start after i get my problems fixed.
    soo...
    1- google redirect still occurs
    2- wierd pop ups still appearing, refer to jpeg attachment

    :(
    does throwing my laptop through the window fix the virus?
     

    Attached Files:

    pizzahut, Dec 4, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's do this first:

    • Go to TDSSKiller and Download TDSSKiller.zip to your Desktop
    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Click Start > Run and copy/paste the following bold command into Run box and hit Enter.
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    • Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    • When done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents in your next reply.
    Now install an AV program, update the definitions and run it.
     
    TimW, Dec 6, 2009
    #8
  9. pizzahut

    pizzahut Private E-2

    Ill download the free avg edition

    Heres the contents:

    23:7:42:805 1040 ForceUnloadDriver: NtUnloadDriver error 2
    23:7:42:815 1040 ForceUnloadDriver: NtUnloadDriver error 2
    23:7:42:815 1040 ForceUnloadDriver: NtUnloadDriver error 2
    23:7:42:815 1040 main: Driver KLMD successfully dropped
    23:7:42:925 1040 main: Driver KLMD successfully loaded
    23:7:42:925 1040
    Scanning Registry ...
    23:7:42:985 1040 ScanServices: Searching service UACd.sys
    23:7:42:985 1040 ScanServices: Open/Create key error 2
    23:7:42:985 1040 ScanServices: Searching service TDSSserv.sys
    23:7:42:985 1040 ScanServices: Open/Create key error 2
    23:7:42:985 1040 ScanServices: Searching service gaopdxserv.sys
    23:7:42:985 1040 ScanServices: Open/Create key error 2
    23:7:42:985 1040 ScanServices: Searching service gxvxcserv.sys
    23:7:42:985 1040 ScanServices: Open/Create key error 2
    23:7:42:985 1040 ScanServices: Searching service MSIVXserv.sys
    23:7:42:985 1040 ScanServices: Open/Create key error 2
    23:7:42:995 1040 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
    23:7:42:995 1040 UnhookRegistry: Kernel local addr: 1030000
    23:7:43:15 1040 UnhookRegistry: KeServiceDescriptorTable addr: 10AC020
    23:7:43:135 1040 UnhookRegistry: KiServiceTable addr: 105AB9C
    23:7:43:135 1040 UnhookRegistry: NtEnumerateKey service number (local): 47
    23:7:43:135 1040 UnhookRegistry: NtEnumerateKey local addr: 1173B72
    23:7:43:145 1040 KLMD_OpenDevice: Trying to open KLMD device
    23:7:43:145 1040 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
    23:7:43:145 1040 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4]
    23:7:43:145 1040 UnhookRegistry: NtEnumerateKey service number (kernel): 47
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4]
    23:7:43:145 1040 UnhookRegistry: NtEnumerateKey real addr: 8061AB72
    23:7:43:145 1040 UnhookRegistry: NtEnumerateKey calc addr: 8061AB72
    23:7:43:145 1040 UnhookRegistry: No SDT hooks found on NtEnumerateKey
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA]
    23:7:43:145 1040 UnhookRegistry: No splicing found on NtEnumerateKey
    23:7:43:145 1040
    Scanning Kernel memory ...
    23:7:43:145 1040 KLMD_OpenDevice: Trying to open KLMD device
    23:7:43:145 1040 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
    23:7:43:145 1040 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
    23:7:43:145 1040 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82F90530
    23:7:43:145 1040 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
    23:7:43:145 1040 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82F507D8
    23:7:43:145 1040 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F507D8
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F507D8[0x38]
    23:7:43:145 1040 DetectCureTDL3: DRIVER_OBJECT addr: 82F90530
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F90530[0xA8]
    23:7:43:145 1040 KLMD_ReadMem: Trying to ReadMemory 0xE1896758[0x208]
    23:7:43:145 1040 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (0) addr: F86FABB0
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (1) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (2) addr: F86FABB0
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (3) addr: F86F4D1F
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (4) addr: F86F4D1F
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (5) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (6) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (7) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (8) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (9) addr: F86F52E2
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (10) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (11) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (12) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (13) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (14) addr: F86F53BB
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (15) addr: F86F8F28
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (16) addr: F86F52E2
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (17) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (18) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (19) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (20) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (21) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (22) addr: F86F6C82
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (23) addr: F86FB99E
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (24) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (25) addr: 804F355A
    23:7:43:145 1040 DetectCureTDL3: IrpHandler (26) addr: 804F355A
    23:7:43:145 1040 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
    23:7:43:145 1040 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
    23:7:43:195 1040 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82F50BA0
    23:7:43:205 1040 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F50BA0
    23:7:43:205 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F50BA0[0x38]
    23:7:43:205 1040 DetectCureTDL3: DRIVER_OBJECT addr: 82F90530
    23:7:43:205 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F90530[0xA8]
    23:7:43:205 1040 KLMD_ReadMem: Trying to ReadMemory 0xE1896758[0x208]
    23:7:43:205 1040 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (0) addr: F86FABB0
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (1) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (2) addr: F86FABB0
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (3) addr: F86F4D1F
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (4) addr: F86F4D1F
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (5) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (6) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (7) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (8) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (9) addr: F86F52E2
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (10) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (11) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (12) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (13) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (14) addr: F86F53BB
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (15) addr: F86F8F28
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (16) addr: F86F52E2
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (17) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (18) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (19) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (20) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (21) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (22) addr: F86F6C82
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (23) addr: F86FB99E
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (24) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (25) addr: 804F355A
    23:7:43:205 1040 DetectCureTDL3: IrpHandler (26) addr: 804F355A
    23:7:43:205 1040 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
    23:7:43:205 1040 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
    23:7:43:226 1040 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82F23030
    23:7:43:226 1040 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F23030
    23:7:43:226 1040 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82FCB798
    23:7:43:226 1040 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FCB798
    23:7:43:226 1040 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82F94470
    23:7:43:226 1040 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F94470
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F94470[0x38]
    23:7:43:226 1040 DetectCureTDL3: DRIVER_OBJECT addr: 82EE7808
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0x82EE7808[0xA8]
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F52030[0x38]
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F94E40[0xA8]
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0xE18BED40[0x208]
    23:7:43:226 1040 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (0) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (1) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (2) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (3) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (4) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (5) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (6) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (7) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (8) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (9) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (10) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (11) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (12) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (13) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (14) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (15) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (16) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (17) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (18) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (19) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (20) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (21) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (22) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (23) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (24) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (25) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: IrpHandler (26) addr: 82F28369
    23:7:43:226 1040 DetectCureTDL3: All IRP handlers pointed to one addr: 82F28369
    23:7:43:226 1040 KLMD_ReadMem: Trying to ReadMemory 0x82F28369[0x400]
    23:7:43:226 1040 TDL3_HookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
    23:7:43:226 1040 Driver atapi infected by TDSS rootkit ... 23:7:43:226 1040 TDL3_HookCure: Processing driver in memory: atapi
    23:7:43:226 1040 KLMD_WriteMem: Trying to WriteMemory 0x82F283CE[0xD]
    23:7:43:226 1040 cured
    23:7:43:226 1040 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\atapi.sys
    23:7:43:226 1040 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
    23:7:43:246 1040 File C:\WINDOWS\system32\Drivers\atapi.sys infected by TDSS rootkit ... 23:7:43:256 1040 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\Drivers\atapi.sys
    23:7:43:256 1040 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
    23:7:43:256 1040 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
    23:7:43:576 1040 cured
    23:7:43:636 1040
    Completed

    Results:
    23:7:43:636 1040 Infected / Cured drivers in memory: 1 / 1
    23:7:43:636 1040 Infected / Cured drivers on disk: 1 / 1
    23:7:43:636 1040 Files deleted on next reboot: 0
    23:7:43:636 1040 Registry nodes deleted on next reboot: 0
    23:7:43:636 1040
     

    Attached Files:

    pizzahut, Dec 6, 2009
    #9
  10. pizzahut

    pizzahut Private E-2

    the 30 day AVG trial found a "generic 11" trojan and some spyware.
    However, do I trust that my computer is healthy and virus free?
     
    pizzahut, Dec 7, 2009
    #10
  11. pizzahut

    pizzahut Private E-2

    No sign of google redirect or wierd chinese pop ups.
    I think you resolved my problem bud.

    Thanks a lot!!

    Martin
     
    pizzahut, Dec 8, 2009
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you tell me exactly what it found? The exact path to the file it found?

    I think you are good to go but I would like to know what was found.
     
    TimW, Dec 8, 2009
    #12
  13. pizzahut

    pizzahut Private E-2

    Here is what it found:

    "PUP";"Potentially harmful program Logger.EPS";"C:\Program Files\XemiComputers\Active Desktop Calendar\ADC World Clock.scr";"";"07/12/2009, 1:44:48 PM"

    "Infection";"Trojan horse Generic11.IDR";"C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP745\A0150601.exe";"";"07/12/2009, 1:47:05 PM"

    "PUP";"Potentially harmful program Logger.EPS";"C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP765\A0154486.scr";"";"07/12/2009, 1:52:02 PM"
     
    pizzahut, Dec 9, 2009
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well....I think the first is probably a false positive, but if you want to be certain, you should just uninstall the program.

    The last two are in your system restore folders which will be removed one you do the final clean up and toggle your system restore.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Dec 11, 2009
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds