Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: trojan rootkit and virus prevention

30 Oct 2012   #91
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Quote   Quote: Originally Posted by chas53 View Post
when I downloaded YUMI (it was either that or Macrium), I clicked on the wrong download button
Who knows what you did - there is no "wrong" download button, so who knows what has happened.

Using YUMI to write the Macrium ISO, and then boot from that is a 5 minute job, not 20 pages spanning several days. I'm at a loss, I really don't know what more I can do to make this any simpler......my only advice is to get a friend that is a bit more knowlegable to help you.


My System SpecsSystem Spec
.
30 Oct 2012   #92
chas53

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Golden View Post
Quote   Quote: Originally Posted by chas53 View Post
when I downloaded YUMI (it was either that or Macrium), I clicked on the wrong download button
Who knows what you did - there is no "wrong" download button, so who knows what has happened.

Using YUMI to write the Macrium ISO, and then boot from that is a 5 minute job, not 20 pages spanning several days. I'm at a loss, I really don't know what more I can do to make this any simpler......my only advice is to get a friend that is a bit more knowlegable to help you.

on the YUMI website near the top there is an ad for 7zip download button. down lower on the left, is another download button. I think thats an ad button too.

the correct button is down lower.

I mistakenly clicked one of the other buttons. I had a whole bunch of apps that wanted to install on my computer. one of them changed my homepage.

I am sorry for displeasing you Golden.

thats ok if you do not want to help me anymore. if you tell me to go away, I will do that also.

however, if Jacee is still around and wants to help me with my problems, I hope you don't mind.

just feel like saying, with the help of you Golden, and some other people, I feel like I have learned alot here at this forum. sincerely thank you.
My System SpecsSystem Spec
30 Oct 2012   #93
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download adwcleaner http://general-changelog-team.fr/en/...e/2-adwcleaner

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

My System SpecsSystem Spec
.

30 Oct 2012   #94
chas53

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

roger that.

thank you very much Jacee.

should I have script blocking disabled?

or should I re-enable it?
My System SpecsSystem Spec
30 Oct 2012   #95
chas53

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

here's the log.


Attached Files
File Type: txt AdwCleaner[S1].txt (9.1 KB, 6 views)
My System SpecsSystem Spec
30 Oct 2012   #96
chas53

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

not sure if you wanted me to copy and paste the log, but here goes:



# AdwCleaner v2.006 - Logfile created 10/30/2012 at 21:03:12
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : chaz - CHAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\chaz\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\chaz\AppData\Local\APN
Folder Deleted : C:\Users\chaz\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\chaz\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\chaz\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v22.0.1229.94
File : C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.241] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=E83B76653155821B27EC4C50858CD105&tbp=homepage&v=1_2",
Deleted [l.355] : urls_to_restore_on_startup = ["hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=E83B76653155821B27EC4C50858CD105&tbp=homepage&v=1_2"],
Deleted [l.359] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=E83B76653155821B27EC4C50858CD105&tbp=homepage&v=1_2",
Deleted [l.362] : urls_to_restore_on_startup = ["hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=E83B76653155821B27EC4C50858CD105&tbp=homepage&v=1_2"],
*************************
AdwCleaner[S1].txt - [9241 octets] - [30/10/2012 21:03:12]
########## EOF - C:\AdwCleaner[S1].txt - [9301 octets] ##########
My System SpecsSystem Spec
31 Oct 2012   #97
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Looks like a lot of junk got cleaned up!
My System SpecsSystem Spec
31 Oct 2012   #98
chas53

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

my God. it actually worked!


thank you so much Jacee!!
My System SpecsSystem Spec
31 Oct 2012   #99
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You're welcome!
My System SpecsSystem Spec
01 Nov 2012   #100
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

So is YUMI running as expected? Is Macrium booting?
My System SpecsSystem Spec
Reply

 trojan rootkit and virus prevention




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Rootkit virus left me with BSOD
Hi everyone...I am new here and fairly new to computer problems. I handle a number of laptops but this has got me beat. Couldn't remove rootkit virus (Alureon) till downloaded Kapersky free download. Got rid quickly but now got BSOD. No backups. Its an old but newly acquired Dell Inspiron....
BSOD Help and Support
Trojan Fake..with Rootkit..HELP
I have been trying for days to get rid of this trojan but I'm getting no where. It is so deep rooted that I can't even get windows to boot up. I have a Dell Inspirion 560 32 bit windows 7. I have tried every thing and can't get windows to load. I can't get the dvd/cd drive to work so that I can run...
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security
Corrupt ci.dll rootkit virus help
Hi guys, I am new here and I have to admit that I am not very good with computers. I know my way around the software and terminology, but once the console opens up I am clueless. I have been battling a rootkit virus for a few days now and I think I am very close to the solution. My computer...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App