TechSpot

Cannot remove "Rootkit.Agent"

By jfringer
Sep 20, 2010
  1. Hello,
    I've tried following other postings to remove this virus, but it keeps showing up in Malwarebytes. Last week my computer got infected with "AV Security Suite". I removed that with Malwarebytes. Then I removed a Google redirect virus by following directions for using ComboFix from another posting. Please help. I followed the 8 steps yesterday. I hope you don't mind that I've attached my files. (I'm using Avira Antivir Premium and SuperAntispyware Pro.)

    Thanks very much,
    John
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  3. jfringer

    jfringer TS Member Topic Starter Posts: 59

    Here you go:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 140):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A52000 \WINDOWS\system32\KDCOM.DLL
    0xF7962000 \WINDOWS\system32\BOOTVID.dll
    0xF7552000 ayguwgiw.sys
    0xF7423000 ACPI.sys
    0xF7A54000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7412000 pci.sys
    0xF7562000 isapnp.sys
    0xF733F000 slvqka.sys
    0xF7B1A000 pciide.sys
    0xF77D2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7572000 MountMgr.sys
    0xF7320000 ftdisk.sys
    0xF7A56000 dmload.sys
    0xF72FA000 dmio.sys
    0xF77DA000 PartMgr.sys
    0xF7582000 VolSnap.sys
    0xF72E2000 atapi.sys
    0xF7212000 iastor.sys
    0xF7592000 disk.sys
    0xF75A2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF71F2000 fltmgr.sys
    0xF71E0000 sr.sys
    0xF7A58000 DLACDBHM.SYS
    0xF71C9000 DRVMCDB.SYS
    0xF71B2000 KSecDD.sys
    0xF7125000 Ntfs.sys
    0xF70F8000 NDIS.sys
    0xF70DE000 Mup.sys
    0xF76C2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF5D50000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF5D3C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF5D14000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF5CE7000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xF78A2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5CC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF76D2000 \SystemRoot\system32\DRIVERS\IntelC53.sys
    0xF5CA0000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF5B79000 \SystemRoot\system32\DRIVERS\IntelC51.sys
    0xF5AE4000 \SystemRoot\system32\DRIVERS\IntelC52.sys
    0xF78E2000 \SystemRoot\system32\DRIVERS\mohfilt.sys
    0xF78B2000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF78BA000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF76E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76F2000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7702000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7C40000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7712000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF6FD5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5ACD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7722000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7732000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5ABC000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7742000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF78CA000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF78D2000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF5A8C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7752000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF78DA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF78EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A90000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5A2E000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A46000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7A92000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xF70AA000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF7772000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF39B9000 \SystemRoot\system32\drivers\sthda.sys
    0xF3995000 \SystemRoot\system32\drivers\portcls.sys
    0xF75C2000 \SystemRoot\system32\drivers\drmk.sys
    0xF2D9E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7AC4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF782A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF6FE9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF2D8E000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF7AC6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7C2E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7AC8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF783A000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0xF7842000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF784A000 \SystemRoot\System32\drivers\vga.sys
    0xF7ACC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7ACE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7852000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF785A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF5A26000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF0FAE000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF0F55000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF0F05000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF0EDF000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF5A16000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xF0EBD000 \SystemRoot\System32\drivers\afd.sys
    0xF2D4E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF2D3E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF7862000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xF0E9B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF786A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xF0E20000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF0DB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF2D1E000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF5EDD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF17F1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF08A0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xF088C000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0xF086A000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7AD6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF0F4D000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF0F41000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB2783000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB3F20000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB43FB000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF0C3A000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF054000 \SystemRoot\System32\ati2cqag.dll
    0xBF093000 \SystemRoot\System32\atikvmag.dll
    0xBF0C9000 \SystemRoot\System32\ati3duag.dll
    0xBF34D000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAF24A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xF7642000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xEB780000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0xAF231000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0xEB076000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0xB626C000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0xF0E5B000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0xF0E4B000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0xAF21B000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0xAF204000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0xB58D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAF0FB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xAEE44000 \SystemRoot\system32\DRIVERS\srv.sys
    0xAE9A7000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAED8C000 \SystemRoot\system32\drivers\sysaudio.sys
    0xAE452000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xADAF0000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 55):
    0 System Idle Process
    4 System
    988 C:\WINDOWS\system32\smss.exe
    1108 csrss.exe
    1168 C:\WINDOWS\system32\winlogon.exe
    1244 C:\WINDOWS\system32\services.exe
    1256 C:\WINDOWS\system32\lsass.exe
    1476 C:\WINDOWS\system32\ati2evxx.exe
    1492 C:\WINDOWS\system32\svchost.exe
    1584 svchost.exe
    1684 C:\WINDOWS\system32\svchost.exe
    1776 svchost.exe
    340 C:\WINDOWS\system32\brsvc01a.exe
    380 C:\WINDOWS\system32\spoolsv.exe
    408 C:\WINDOWS\system32\brss01a.exe
    488 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    860 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    900 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    960 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    1072 C:\Program Files\Bonjour\mDNSResponder.exe
    1076 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1116 C:\WINDOWS\system32\Brmfrmps.exe
    1112 C:\WINDOWS\ehome\ehrecvr.exe
    1192 C:\WINDOWS\ehome\ehSched.exe
    1904 C:\WINDOWS\system32\svchost.exe
    212 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    540 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    612 C:\Program Files\IObit\IObit Security 360\is360srv.exe
    816 C:\Program Files\Java\jre6\bin\jqs.exe
    832 C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    1040 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1404 C:\Program Files\Common Files\Motive\McciCMService.exe
    2200 C:\WINDOWS\system32\IoctlSvc.exe
    2240 svchost.exe
    2344 C:\WINDOWS\system32\searchindexer.exe
    2596 mcrdsvc.exe
    3280 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    3728 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    4028 C:\WINDOWS\system32\dllhost.exe
    4060 C:\WINDOWS\explorer.exe
    2616 alg.exe
    3348 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3372 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3636 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2680 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3916 C:\WINDOWS\system32\ctfmon.exe
    1728 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    2032 C:\Program Files\Internet Explorer\iexplore.exe
    3144 C:\Program Files\Internet Explorer\iexplore.exe
    2088 C:\WINDOWS\system32\svchost.exe
    564 C:\WINDOWS\system32\searchprotocolhost.exe
    708 C:\WINDOWS\system32\searchprotocolhost.exe
    4004 searchfilterhost.exe
    736 C:\Documents and Settings\John Fringer\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

    PhysicalDrive0 Model Number: ST3160828AS, Rev: 8.03

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Done!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. jfringer

    jfringer TS Member Topic Starter Posts: 59

    "C:\ComboFix.txt" is attached.

    (file was too big to paste here.)
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Please, uninstall Frontline Registry Cleaner and SpeedingUpMyPC
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    ===========================================================================

    Uninstall Ask.com, known adware.

    ==========================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\Qwihamu.bin
    c:\windows\Jdaganugazixo.dat
    c:\windows\system32\drivers\slvqka.sys
    c:\windows\system32\4020E6CF02.sys
    
    
    Folder::
    c:\documents and settings\John Fringer\Local Settings\Application Data\ppouedcto
    c:\documents and settings\John Fringer\Local Settings\Application Data\upxueubln
    
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6092
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\slvqka]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. jfringer

    jfringer TS Member Topic Starter Posts: 59

    Looks like that did it!

    Am I right? Just ran a Malwarebytes Quick Scan and no detections! mbam-log and ComboFix.txt attached. Thank you, thank you!
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    You didn't follow:
    You didn't follow:
    Post back, when done with the above, along with an information on current computer behavior.
     
  9. jfringer

    jfringer TS Member Topic Starter Posts: 59

    Sorry, I didn't see the Uninstall Ask.com. That's the Ask Toolbar, isn't it? (I'm removing it in "Add/Remove Programs".) But I did uninstall SpeedingUpMyPC, but could not find Frontline Registry Cleaner.
     
  10. jfringer

    jfringer TS Member Topic Starter Posts: 59

    Broni,
    Computer seems to be running OK. When Windows boots, is it normal to have a black screen flash on startup with "Please select Operating System to start..." and the message, "RPCSS is starting"? I didn't get these before I had these virus/malware problems.
    Thanks,
    John
     
  11. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Yes. Combofix installed Recovery Console, very important troubleshooting tool in case of Windows XP.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. jfringer

    jfringer TS Member Topic Starter Posts: 59

    OTL.txt and Extras.txt

    Broni,
    Files attached. (Text is too long to paste here.)
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    You have some Norton's leftovers.
    Please, run Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
      [2010/09/23 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Fringer\Local Settings\Application Data\AskToolbar
      [2010/09/17 10:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
      [2010/09/17 10:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
      [2010/09/13 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedingUpMyPC
      [2008/12/21 15:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
      [2009/01/02 19:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
      [2007/02/11 21:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2008/12/12 22:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Fringer\Application Data\RegClean
      [2009/11/27 17:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Fringer\Application Data\Registry Mechanic
      [2010/09/13 10:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Fringer\Application Data\Uniblue
      [2007/02/11 21:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Fringer\Application Data\Viewpoint
      @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
      @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5
      @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  14. jfringer

    jfringer TS Member Topic Starter Posts: 59

    OTL log as instructed

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {1F2F4C9E-6F09-47BC-970D-3C54734667FE}
    C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    C:\Documents and Settings\John Fringer\Local Settings\Application Data\AskToolbar folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner\RegistryDefrag\Backup folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner\RegistryDefrag folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner folder moved successfully.
    C:\Program Files\SpeedingUpMyPC folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SITEguard folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\RegClean\Registry Backups folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\RegClean\Log folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\RegClean folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Registry Mechanic folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Uniblue\RegistryBooster folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Uniblue folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\John Fringer\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John Fringer
    ->Temp folder emptied: 19160964 bytes
    ->Temporary Internet Files folder emptied: 22649465 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 767 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix 2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix.D3BJHC91
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16639 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 156329 bytes

    Total Files Cleaned = 40.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: John Fringer
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix 2
    ->Flash cache emptied: 0 bytes

    User: NRC Citrix.D3BJHC91
    ->Flash cache emptied: 0 bytes

    User: Owner

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09232010_221323

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_9f4.dat not found!

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,891   +344

     
  16. jfringer

    jfringer TS Member Topic Starter Posts: 59

    previous was Run Fix log.

    Quick Scan log attached.
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMOPRTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  18. jfringer

    jfringer TS Member Topic Starter Posts: 59

    checkup.txt & ESETScan.txt files attached

    I'm still infected, I see.
     

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    No biggies here...
    Two files are in Combofix quarantine folder, which is going to be removed in a moment.
    Another one is in system restore, which will be also reset in our next step.

    Now, there is one malicious file in your Outlook Express Inbox folder.
    I don't want to remove a whole folder, so make sure, you scan every single attachment before handling it.

    Then, this:
    C:\Documents and Settings\John Fringer\Desktop\Nero-7.10.1.0_eng_update.exe
    If you have legit Nero installation...

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\Documents and Settings\John Fringer\Desktop\Nero-7.10.1.0_eng_update.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  20. jfringer

    jfringer TS Member Topic Starter Posts: 59

    File too big (177.7 MB) to upload

    I got this error message: "Maximum size exceeded: you have tried to upload a file which is larger than 20MB". Also, I deleted "Outlook Express" using "Add/Remove Windows Components" in Control Panel since I use Outlook.

    I just did an Avira virus scan and attached the log. Is it normal to keep getting these virus detections?
     

    Attached Files:

  21. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    I didn't ask for Avira scan....

    It's all about your computer habits. I'll post some advice later on.

    Regarding Nero...
    Is your Nero legit?
    Where was that update downloaded from?
     
  22. jfringer

    jfringer TS Member Topic Starter Posts: 59

    Broni,
    I'm not sure if my Nero installation is legit; I got it cheap ($5) from eBay in July 2007: "Nero 7 Premium Reloaded edit photography digital camera". Do you think I should uninstall and get another version?
    Thanks,
    John
     
  23. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    You still didn't answer my other question.
    Where did you get this update from:
    C:\Documents and Settings\John Fringer\Desktop\Nero-7.10.1.0_eng_update.exe?

    Do you really need Nero?
    What do you use it for?
     
  24. jfringer

    jfringer TS Member Topic Starter Posts: 59

    I found the 7/16/07 instructions for downloading it:
    "Nero 7 Premium Serial Number
    =======================================

    Your product can be downloaded at the Nero homepage.

    Goto the Nero Homepage

    http://www.nero.com/nero7/eng/nero7-up.php

    If you have any problems please email me for support.

    Fully install and run the trial version first.

    Then install a key to activate Nero 7 Premium.

    Serial:
    1C80-0000-19E5-MA2X-4009-7788-2318

    1C80-0000-19E5-MA2X-4001-2365-6441

    1C80-0000-19E5-MA2X-4002-2679-1159

    1C80-0000-19E5-MA2X-4008-8597-8255


    1. Click on the Nero StartSmart icon to run StartSmart.
    2. Click on the fire icon on the right bottom corner to go into Product Setup.
    3. Click on license then click on the add tab. Enter key.

    We strongly recommend that you burn the downloaded trial version
    installer on a CD and your Nero 7 Premium serial number on it. That way,
    you will always have a backup.

    To download user manuals for Nero 7 Premium and its components:
    http://www.nero.com/link.php?topic_id=7070

    For returns or exchanges please email me."

    ----Steven Simms [stevensimms611@yahoo.com]
     
  25. jfringer

    jfringer TS Member Topic Starter Posts: 59

    I use Nero for copying/recording CDs. I got it because the program that came with my computer wasn't working.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...