8 steps logs inside

[TonyG]

This is off my wives computer and she was being redirected after clicking links on google. Please advise. I removed AVG before scanning these. Didnt seem to find much...but what do I know?? THANKS in advance

Any advice...I dont wanna turn the computer back on until I get the go from you guys. Thanks hopefully I got all the info you needed.

 

[kimsland]

I think support members don't really like helping you here because you have LimeWire installed

That's my feeling too

You could run this though:
Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

But there's no use, as you will likely be back again due to filesharing with Limewire still installed

 

[TonyG]

Thank you for the response. I guess I will have to let the wife know..that limewire will be removed...she wont be too happy since she just paid for a year. Oh well I am definitely not enjoying all this scanning/malware tracking
Thanks I will remove limewire and do combofix.

 

[kimsland]

Whilst you're at it, you may as well uninstall

1. AVG7 (you already have an AntiVirus ->Avira)
2. Spybots S&D (with the resident protection enable, it's possible to hinder support)
3. Ad-aware (not needed)

 

[TonyG]

Do I need to rescan everything after removal?

 

[kimsland]

With Avira updated (you just open the program and manually confirm it's updated)
Make sure that it's enabled and protecting in the background (ie near the clock)

Yes run another Malwarebytes (updated again) full scan

 

[TonyG]

I removed software, and updated the malware, and re ran. Please let me know the next step. Thank you again for your time!

 

[kimsland]

Please re-open HJT and place a tick next to all of the following, then select Fix

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0990 -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0990 -f video -m logitech -d 11.5.0.1145 (User 'Default user')

Black-> Not needed
Blue-> Uninstall in Add Remove Programs
Red-> Update

 

[TonyG]

I did as you mentioned above...minus the AVG removal...it wasnt in my programs, but I ran the removal tool you guys had, along with checked it to fix on HJT.
Here is my latest HJT...

Also what is the prefered security software....Avira,.......
What type of firewall, I see you reccomend Comodo?

Thanks again!

 

[kimsland]

Looks good :grinthumb

You can also remove these 3 as well (in HJT)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

As for 3rd party security software

1. Avira
2. Malwarebytes (quick scan, updated first, once in a while)
3. Windows security updates completed

4. Oh that's all

Firewalls don't stop Malware or anything like that
They stop things like your Credit card info being stolen (if this is used online)
Otherwise not needed. Just use Windows firewall

5. Safe surfing

 

[TonyG]

Well still found the computer to be getting redirected via google link.
So I ran ComboFix.....here is my log. Any advice would be great!

 

[kimsland]

c:\program files\hideip.exe is not bad for $35 here: http://www.hide-ip-soft.com/

But generally this is a useless product. It can not hide your IP from anyone in the know. I already have your real IP (not that I care anyway)
HideIP is made for those real basic things like basic browsing, but when it comes to downloading, everything is sent out as per normal. Except it says User downloading from (I'll use *) From: ***.***.***.*** Using this address **.**.***.**

Sooo what's the use?

Anyway because you have Limewire still installed
Then this thread is finished
Here's your options:
Live with malware (you know the stuff that sends all your info everywhere)
or Uninstall Limewire (well that aint happening for you)
or Use a live free Linux CD (preferred) Then you won't get any malware! Here's one: http://www.ubuntu.com/products/GetUbuntu
(you can even get a free CD )

Anyway, I'm not starting from the start again, but you are advised to (once every 2 days!)

Good luck :grinthumb

Edit:
You know being a gamer, you really should stick around here though
Basically TechSpot was built on gaming and support
I have stacks of games, but I'm pretty much bored with all that
But there's many here that really get into gaming help and support
ie Lets not burn any bridges here

 

[TonyG]

woah I un installed limewire...I did that through add/remove...is there a way its still on my comp some way. Seriously I told the wife its gone, and she has seen my frustration with this...so no worries she said.

I dont know why it showed up on Combofix. What can I do to remove this file/program? Besides the add/remove via Control Panel.

I really dont wanna waste any of your time or others on the board. I understand that the limewire is bad news now. My wife has an ipod and she uses it for that, but its gone...at least I thought. Besides, I am wasting a lot of my time too with this stupid problem......so please dont think I am just trying to fix it and go back to Limewire....that is not the case. I am greatful for all the help up to this point, and would hope that someone would help me permenantly remove limewire, so I can get this bug off the computer, and get my wife happy.

Thanks again for your time and understanding.

 

[kimsland]

To remove Combofix
Start-> Run-> combofix /u

Please download and run SDFix (I'm sorry, but I must refer you to t h i s tutorial on its use, scroll down to "SDFix Instructions")

Download, and run the "RunThis.bat" in Safe Mode, as advised
Then attach the log and (after the SDFix scan) a new HJT log

 

[TonyG]

Alright here is the sdfix and hjt logs..thanks!!!

 

[kimsland]

Looks clean, except for "AskBar" an addon to IE that's just not required
Check in Add\Remove Programs for this entry or even better reset IE settings: https://www.techspot.com/vb/post682762-2.html

Clear system restore points

• 
  Clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

Restart
How does it seem to be working now?

 

[TonyG]

Everything seems to be working good now!!! AWESOME!!
Thanks so much for your time and patience,

 

[kimsland]

Thanks for the update :grinthumb