Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection, Search Results Redirection


  • This topic is locked This topic is locked
18 replies to this topic

#1 sparky310

sparky310

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 05 August 2012 - 03:22 PM

Hello,

I am attemtping to clean a computer for a family member. The owner is unable to pinpoint an exact day or action after which the computer began exhibiting signs of infection, however it has been at least two to three weeks ago. When utilizing any browser I can navigate to a website correctly via typing the URL or IP into the browser, however if I use a search engine like Bing or Google when I click on any of the search results I get redirected to various business websites. Browsing on the computer is also unbelievably slow, frequently taking two or three minutes to open websites that are very image-lite.

I attempted to follow the instructions in the preparation post, however neither DDS nor GMER appear to be working properly for me. In the case of DDS, the scan will start but even after allowing it to run for 3-4 hours it did not complete. When I attempted to close DDS I found that I was unable to take any action besides hard powering the computer (it was odd, I am not sure the computer was truly locked up, but I certainly could not exit out of DDS or start any other application). I attempted to scan the machine again after powering back up, but ultimately ended up with the same result.

In the case of GMER, when I run it I receive a pop-up stating "LoadDriver("C:\DOCUME~1\MRC61F~1.G\LOCALS~1\Temp\pxtdipow.sys") error 0xC000010E: cannot create a stable subkey under a volatile parent key." The GMER screen then opens, however all of the options indicated in the screenshot of GMER in the preparation thread are greyed out and cannot be selected.

I appreciate any time and help you can give me.

Chris

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 10 August 2012 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 10 August 2012 - 09:04 PM

Hello Nasdaq,

Thank you for your assistance.

I attempted to run both scanners that you indicated, however neither would run for me. Each download appears to have completed successfully, but when I attempt to run the scanners I get the dialog asking me if I would like to run the .exe and nothing happens when I select run. I rebooted the machine and tried again, but I still got the same result.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 11 August 2012 - 09:21 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.

Without restarting the computer after this scan try to run the DDS, TDSSKiller and aswMBR tools.
Post whatever logs you have.

#5 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 11 August 2012 - 08:42 PM

The first version (.exe) worked fine. I will attempt to rerun the other scanners now, but in the meantime here are the rkiller log file contents:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/11/2012 09:37:55 PM in x86 mode.
Windows Version: Windows XP

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\stsystra.exe (PID: 312) [WD-HEUR]
* C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe (PID: 3072) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/11/2012 09:38:25 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 12 August 2012 - 08:25 AM

Make sure you execute the instructions mentioned in the Rkill log.
http://www.bleepingcomputer.com/forums/topic405109.html
===

As in dicated on the log you may be or have been infected by this rogue program.

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

Execute the fix on the page is not already done.

#7 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 12 August 2012 - 02:02 PM

Even after running rkiller and having it successfully terminate the two processes, an attempt to run DDS still resulted in the same behavior (scan seemed to hang indefinitely, attempting to close the scan resulted in needing to hard power the machine).

I also attempted to follow the instructions provided in the second link of your response (reboot into safe mode w/ networking, run rkiller, rename TDSSKiller and run it), however even after running rkiller I am still unable to run TDSSKiller. When I rebooted into safe mode rkiller did not find any processes to terminate (though it did alert on the same smtmp folder). After renaming TDSSKiller (I tried both a random name as well as iexpore.com as suggested), attempting to launch TDSSKiller still gave me the dialog asking if I wanted to run it but then did nothing.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 13 August 2012 - 06:58 AM

Try this.

PLEASE NOTE: Most authorities say that a PC with a polymorphic file infector can never again be trusted and should be reformatted. You should seriously consider reformatting and reinstalling Windows.

That said, if you wish we can attempt disinfection but you are cautioned that theoretically you can never be sure cleaning is 100% complete.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

#9 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 13 August 2012 - 05:34 PM

The system owner is currently out of town, unfortunately. My original suggestion to him was to reformat the drive, but he said he no longer has any of the Windows CDs or other installation media that came with the computer. When I can speak with him again I will explain the situation and ask him what he wants to do, but in the mean time I suppose I will continue with your instructions and see what comes of the process.

Given the nature of the infection, a couple questions for you:

1) When I complete your instructions should I copy the log results / attach the log file here? Should I attempt to run TDSSKiller / DDS / MBAM afterwards, or wait for a response from you?

2) The computer was used for a substantial amount of picture storage / editing, and as such if we reformat there would be a strong desire to save those files. I suppose the risk of infecting any removable hard drive that is plugged into the computer is probably quite high? Would there be any mechanism that would be even remotely "safe" by which to save the pictures?

3) I have had to plug the infected machine into my home network. Do you think there is a significant risk that any portion of the infection could have spread to other machines connected to the network? I have not copied any files from the infected machine to the others (sounds like this is a virus rather than a worm?), nor are they exhibiting any symptoms, but I suppose it would be wise to scan each in turn when finished with the infected one?

Thanks again for all your help, especially as we continually hit dead-ends. Interesting as it is to run into such a persistent infection, I could wish it wasn't on a family member's machine.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 14 August 2012 - 07:01 AM

1) When I complete your instructions should I copy the log results / attach the log file here? Should I attempt to run TDSSKiller / DDS / MBAM afterwards, or wait for a response from you?


Post the log or attach it if very long.
You can also try to run the other tools and post what ever log you can get.
===

2) The computer was used for a substantial amount of picture storage / editing, and as such if we reformat there would be a strong desire to save those files.

Save the file to a CD. The CD cannot be infected. However some files might. Scanning the CD with a virus software may be recommended.

3) I have had to plug the infected machine into my home network.

It the malware is a worm you may get infected. You would I think know by now. If all is well then you should be OK.

#11 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 15 August 2012 - 05:36 PM

Looks like the Kaspersky Rescue Disk yielded some success. I ran the scan and it found a rootkit, supposedly successfully cleaned it, and now the scanners appear to run properly and search results don't appear to be getting redirected. I've attached a bunch of logs (figured copy / pasting the contents would be a bit much for multiple logs).

kasperskyrescue10.txt - log from running the rescue disk
Rkill.txt - log from running rkill after rebooting into Windows post-Kasperky Rescue 10
dds.txt / attach.txt - logs from running DDS after Rkill
TDSSKiller.txt - log from running TDSSKiller after DDS
ark.txt - log from running GMER

Performance does seem to be significantly improved (as mentioned, search results don't seem to be getting redirected, although I have not yet rebooted to see if that will continue to hold true), but browsing is still a bit slow.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 16 August 2012 - 09:50 AM

Good work.

Lets continue with the cleaning.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the 3 logs for my review.

#13 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 16 August 2012 - 09:45 PM

Since the logs are a bit lengthy I have attached them again.

EDIT: Thought I would mention that ComboFix failed to download the recovery console for an unknown reason. I had a functioning internet connection as I had just gotten down downloading the three programs from your post. When it failed to download the recovery console it also gave me no choice but to allow it to complete the scan and cleaning (I suppose I could have killed the app/process, but I figured that would be less ideal than just letting it continue without the recovery console).

Attached Files


Edited by sparky310, 16 August 2012 - 09:55 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:18 AM

Posted 17 August 2012 - 07:54 AM

EDIT: Thought I would mention that ComboFix failed to download the recovery console for an unknown reason. I had a functioning internet connection as I had just gotten down downloading the three programs from your post. When it failed to download the recovery console it also gave me no choice but to allow it to complete the scan and cleaning (I suppose I could have killed the app/process, but I figured that would be less ideal than just letting it continue without the recovery console).

We found out a few days ago that the Microsoft site is down at the moment.

Your ComboFix is clean.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log and let me know what problem persists.

#15 sparky310

sparky310
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 17 August 2012 - 05:36 PM

Attemtping to remove the old version of Reader results in the following error message (which I have not seen before):

"This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package."

Not sure if this is just a quasi-common problem with Reader, or it might be the result of the infection. I'll do some Google research in the mean time, but figured I would mention it.

adwcleaner log:

# AdwCleaner v1.801 - Logfile created 08/17/2012 at 18:21:52
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : George Koncke - HOME1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mr. G\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Mr. G\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Mr. G\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Mr. G\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Mr. G\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\Searchqu Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Mr. G\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://www.searchnu.com/406",
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/406" ]
Deleted : "name": "Search Results",
Deleted : "search_url": "hxxp://dts.search-results.com/sr?src=crb&appid=393&systemid=406&sr=0&q={searchT[...]
Deleted : "homepage": "hxxp://www.searchnu.com/406",
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[R1].txt - [4045 octets] - [16/08/2012 22:15:56]
AdwCleaner[S1].txt - [4050 octets] - [17/08/2012 18:21:52]

########## EOF - C:\AdwCleaner[S1].txt - [4178 octets] ##########

It seems like the computer is running much better. Search results are still functioning properly (no redirection), and while not completely snappy, browsing is much faster than it was (probably just the age / quality of the computer showing here). I have not noticed any other issues as yet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users