Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified malware - poss. Google redirect/rootkit


  • This topic is locked This topic is locked
24 replies to this topic

#16 dafyddo

dafyddo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 November 2013 - 04:40 AM

Many thanks for all your help CB. Am now able to launch IE, Chrome, Malwarebytes & McAfee no problem. Google redirects to https://www.google.co.uk/?gws_rd=cr&ei=g6d8UpL_Du_40gX-8YDoBg Is that legitimate?

I hope that's the end of it. What was/were the infection/s?

More importantly, how do I avoid a recurrence? Should I run any of the software you've asked me to download above in future?

Is it enough if I make sure that my son runs something Malwarebytes regularly, or am I better off investing in a subscription to a commercial product like McAfee/Norton?

If you can point me in the direction of any info on the basics of computer security I'd be wildly grateful.

Thanks again.

Dafydd


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by morys (administrator) on MORYS-TOSH on 08-11-2013 08:54:07
Running from E:\Daf\Malware
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() C:\Windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223180 2012-03-22] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Winlogon: [Userinit] C:\windows\system32\userinit.exe,,C:\Users\morys\AppData\Local\qocdroru\yutpgdaj.exe [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121006122315.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121006122315.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=c7fef34c-38a0-4627-ab63-09d3d8b716ca&searchtype=ds&q={searchTerms}&installDate={installDate}
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: () - C:\Users\morys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-07-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-07-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1082472 2012-01-17] (Realtek Semiconductor Corporation )
S3 Tosrfcom; No ImagePath
U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\help\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-07 21:17 - 2013-11-07 21:24 - 00000000 ____D C:\AdwCleaner
2013-11-07 21:16 - 2013-11-07 20:59 - 01073262 _____ C:\Users\morys\Desktop\adwcleaner.exe
2013-11-07 21:08 - 2013-11-07 21:08 - 00003757 _____ C:\Users\morys\Desktop\JRT.txt
2013-11-07 20:54 - 2013-11-07 20:54 - 00000000 ____D C:\windows\ERUNT
2013-11-07 20:53 - 2013-11-07 20:51 - 01034531 _____ (Thisisu) C:\Users\morys\Desktop\JRT.exe
2013-11-07 20:36 - 2013-11-07 20:36 - 00018857 _____ C:\ComboFix.txt
2013-11-07 08:03 - 2011-06-26 06:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-07 08:03 - 2010-11-07 17:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-07 08:03 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-07 08:03 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-07 08:03 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-07 08:03 - 2000-08-31 00:00 - 00098816 _____ C:\windows\sed.exe
2013-11-07 08:03 - 2000-08-31 00:00 - 00080412 _____ C:\windows\grep.exe
2013-11-07 08:03 - 2000-08-31 00:00 - 00068096 _____ C:\windows\zip.exe
2013-11-06 23:54 - 2013-11-07 20:36 - 00000000 ____D C:\Qoobox
2013-11-06 23:54 - 2013-11-07 09:30 - 00000000 ____D C:\windows\erdnt
2013-11-06 23:53 - 2013-11-06 23:17 - 05144303 ____R (Swearware) C:\Users\morys\Desktop\help.exe
2013-11-04 18:29 - 2013-11-04 18:29 - 00000000 ____D C:\FRST
2013-11-02 13:29 - 2013-11-02 13:29 - 00018336 _____ C:\Users\morys\Desktop\dds.txt
2013-11-02 13:29 - 2013-11-02 13:29 - 00008344 _____ C:\Users\morys\Desktop\attach.txt
2013-10-20 09:53 - 2013-11-08 08:50 - 00069792 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2013-10-20 09:53 - 2013-10-20 09:53 - 00069792 ____N (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.exe
2013-10-20 09:53 - 2013-10-20 09:53 - 00000000 ____D C:\Users\morys\Desktop\rkill
2013-10-20 09:52 - 2013-10-20 09:55 - 00001994 _____ C:\Users\morys\Desktop\Rkill.txt
2013-10-20 09:52 - 2013-10-20 09:45 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\morys\Downloads\iExplore.exe
2013-10-20 09:50 - 2013-11-08 08:50 - 00017920 _____ C:\windows\system32\rpcnetp.exe
2013-10-20 09:50 - 2013-10-20 09:50 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.exe
2013-10-20 09:50 - 2013-10-20 09:50 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.dll
2013-10-10 22:22 - 2013-10-10 22:22 - 00000000 ____D C:\windows\pss

==================== One Month Modified Files and Folders =======

2013-11-08 08:54 - 2012-05-11 18:58 - 00001839 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-11-08 08:54 - 2009-07-14 05:13 - 00727182 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-08 08:53 - 2012-09-25 23:46 - 01180646 _____ C:\windows\WindowsUpdate.log
2013-11-08 08:50 - 2013-10-20 09:53 - 00069792 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2013-11-08 08:50 - 2013-10-20 09:50 - 00017920 _____ C:\windows\system32\rpcnetp.exe
2013-11-08 08:50 - 2012-09-25 23:49 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-11-08 08:50 - 2012-05-11 18:52 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 08:50 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-08 08:49 - 2009-07-14 04:51 - 00064549 _____ C:\windows\setupact.log
2013-11-07 21:41 - 2012-10-02 17:36 - 00000000 ____D C:\Users\morys\AppData\Roaming\SoftGrid Client
2013-11-07 21:36 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 21:36 - 2009-07-14 04:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 21:25 - 2012-05-11 18:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-07 21:25 - 2010-11-21 03:47 - 00016130 _____ C:\windows\PFRO.log
2013-11-07 21:24 - 2013-11-07 21:17 - 00000000 ____D C:\AdwCleaner
2013-11-07 21:22 - 2012-05-11 18:48 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-07 21:08 - 2013-11-07 21:08 - 00003757 _____ C:\Users\morys\Desktop\JRT.txt
2013-11-07 20:59 - 2013-11-07 21:16 - 01073262 _____ C:\Users\morys\Desktop\adwcleaner.exe
2013-11-07 20:54 - 2013-11-07 20:54 - 00000000 ____D C:\windows\ERUNT
2013-11-07 20:53 - 2012-05-11 18:52 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-07 20:51 - 2013-11-07 20:53 - 01034531 _____ (Thisisu) C:\Users\morys\Desktop\JRT.exe
2013-11-07 20:36 - 2013-11-07 20:36 - 00018857 _____ C:\ComboFix.txt
2013-11-07 20:36 - 2013-11-06 23:54 - 00000000 ____D C:\Qoobox
2013-11-07 20:28 - 2009-07-14 02:34 - 00000215 _____ C:\windows\system.ini
2013-11-07 10:00 - 2012-09-25 23:49 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-11-07 09:33 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-07 09:30 - 2013-11-06 23:54 - 00000000 ____D C:\windows\erdnt
2013-11-07 08:59 - 2009-07-14 02:34 - 65273856 _____ C:\windows\system32\config\SOFTWARE.bak
2013-11-07 08:59 - 2009-07-14 02:34 - 20185088 _____ C:\windows\system32\config\SYSTEM.bak
2013-11-07 08:59 - 2009-07-14 02:34 - 00786432 _____ C:\windows\system32\config\DEFAULT.bak
2013-11-07 08:59 - 2009-07-14 02:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-11-07 08:59 - 2009-07-14 02:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-11-07 08:55 - 2013-02-10 20:37 - 00000000 ____D C:\Users\morys\AppData\Local\qocdroru
2013-11-07 08:55 - 2012-09-25 18:30 - 00000000 ___RD C:\Users\morys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-06 23:53 - 2013-02-10 20:37 - 00000028 _____ C:\Users\morys\AppData\Local\abgiycug.log
2013-11-06 23:17 - 2013-11-06 23:53 - 05144303 ____R (Swearware) C:\Users\morys\Desktop\help.exe
2013-11-04 18:29 - 2013-11-04 18:29 - 00000000 ____D C:\FRST
2013-11-02 13:29 - 2013-11-02 13:29 - 00018336 _____ C:\Users\morys\Desktop\dds.txt
2013-11-02 13:29 - 2013-11-02 13:29 - 00008344 _____ C:\Users\morys\Desktop\attach.txt
2013-10-30 11:11 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\NDF
2013-10-20 09:55 - 2013-10-20 09:52 - 00001994 _____ C:\Users\morys\Desktop\Rkill.txt
2013-10-20 09:53 - 2013-10-20 09:53 - 00069792 ____N (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.exe
2013-10-20 09:53 - 2013-10-20 09:53 - 00000000 ____D C:\Users\morys\Desktop\rkill
2013-10-20 09:51 - 2009-07-14 05:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-20 09:50 - 2013-10-20 09:50 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.exe
2013-10-20 09:50 - 2013-10-20 09:50 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.dll
2013-10-20 09:45 - 2013-10-20 09:52 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\morys\Downloads\iExplore.exe
2013-10-19 07:53 - 2012-05-11 18:52 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 18:45 - 2012-05-11 18:52 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 18:45 - 2012-05-11 18:52 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 22:22 - 2013-10-10 22:22 - 00000000 ____D C:\windows\pss
2013-10-10 21:43 - 2012-11-17 17:43 - 00000000 ____D C:\Users\morys\AppData\Roaming\Skype
2013-10-10 18:22 - 2013-04-28 14:27 - 00000044 _____ C:\Users\morys\AppData\Roaming\mbam.context.scan
2013-10-10 18:08 - 2012-05-11 18:50 - 00000000 ____D C:\ProgramData\Adobe

Some content of TEMP:
====================
C:\Users\morys\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-01 19:11

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   23.29KB   1 downloads


BC AdBot (Login to Remove)

 


#17 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,436 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:43 AM

Posted 08 November 2013 - 01:00 PM

we have a tiny bit more work to do.

Remove Search Provider
In order to change the Search Engine in Google Chrome, please follow the instructions below:
    • Open Google Chrome, click on the "Customize and control Google Chrome" icon by the right side of the address bar
    • Click on "Settings" > Under "Search" click on "Manage search engines":
    • If you see "Snap.do" as default, please click on a different option (ie: Google, Bing etc.) Make your new selection "default", then remove Snap.do by clicking the small "x"
NEXT

Download attached fixlist.txt file and save it to E:\Daf\Malware as that is where FRST64 is saved.

Attached File  FixList.txt   561bytes   3 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT

    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
    (I'll answer your questions when we are done)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#18 dafyddo

dafyddo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 10 November 2013 - 04:21 PM

First log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by morys at 2013-11-10 20:41:20 Run:2
Running from E:\Daf\Malware
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Winlogon: [Userinit] C:\windows\system32\userinit.exe,,C:\Users\morys\AppData\Local\qocdroru\yutpgdaj.exe [x]
CHR DefaultSearchURL: (Web) - http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=c7fef34c-38a0-4627-ab63-09d3d8b716ca&searchtype=ds&q={searchTerms}&installDate={installDate}
2013-11-07 08:55 - 2013-02-10 20:37 - 00000000 ____D C:\Users\morys\AppData\Local\qocdroru
2013-11-06 23:53 - 2013-02-10 20:37 - 00000028 _____ C:\Users\morys\AppData\Local\abgiycug.log
C:\Users\morys\AppData\Local\Temp\Quarantine.exe
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
CHR DefaultSearchURL: (Web) - http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=GB&userid=c7fef34c-38a0-4627-ab63-09d3d8b716ca&searchtype=ds&q={searchTerms}&installDate={installDate} ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\morys\AppData\Local\qocdroru => Moved successfully.
C:\Users\morys\AppData\Local\abgiycug.log => Moved successfully.
C:\Users\morys\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

 

Attached Files



#19 dafyddo

dafyddo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 10 November 2013 - 04:26 PM

Re Malwarebytes, as it happens I ran it after I'd carried out .your prev instructions.  Log as follows.  I had the 4 Registry Data Items removed.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
morys :: MORYS-TOSH [administrator]

08/11/2013 09:06:52
mbam-log-2013-11-08 (09-06-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206082
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\windows\system32\userinit.exe,,C:\Users\morys\AppData\Local\qocdroru\yutpgdaj.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

I just ran Malwarebytes again and it came up clean:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
morys :: MORYS-TOSH [administrator]

10/11/2013 20:42:56
mbam-log-2013-11-10 (20-42-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206624
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#20 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,436 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:43 AM

Posted 10 November 2013 - 05:19 PM

That's good news,

Were you able to run the ESET on-line scan?

Edited by CatByte, 10 November 2013 - 05:20 PM.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#21 dafyddo

dafyddo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 11 November 2013 - 08:58 AM

ESET took ages - about 16 hours.  I didn't get a chance to untick Remove Found Threats or tick Scan Archives, but here's the log anyway:

 

C:\FRST\Quarantine\5060686.830059147.exe Win32/Ramnit.A virus cleaned by deleting - quarantined
C:\FRST\Quarantine\qarkifcs.exe Win32/Ramnit.A virus cleaned by deleting - quarantined
C:\FRST\Quarantine\yutpgdaj.exe Win32/Ramnit.A virus cleaned by deleting - quarantined

 

Cheers

 

Daf



#22 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,436 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:43 AM

Posted 11 November 2013 - 01:28 PM

Please do the following:

javaicon.jpg
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u45
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u45-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.
NEXT

Please advise how the computer is running now and if there are any outstanding issues.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#23 dafyddo

dafyddo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 17 November 2013 - 07:04 AM

Hi CB.  Sorry it took me a while.  Done,  All seems fine - can launch all programmes and just ran a Malwarebytes scan which came up clean.

 

I await your next instruction.

 

Daf



#24 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,436 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:43 AM

Posted 18 November 2013 - 11:47 AM

good to hear,

 

we just have to clean up our tools

 

 

You can delete the DDS, JRT and FRST logs and programs from your desktop.

 

NEXT

 

Follow these steps to uninstall Combofix 

 

  • Make sure your security programs are totally disabled.

  • Press the WinKey +R to open a run box

  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

 

Combofix_uninstall_image.jpg

 

 

NEXT

 

  • Double click on adwcleaner.exe to run the tool.

  • Click on Uninstall.

  • Confirm with yes.

 

 

If there are any logs/tools remaining on your desktop > right click and delete them.

 

 

NEXT

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

 

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

     

     

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

     

     

  • Make Internet Explorer more secure

    • Click Start > Run

    • Type Inetcpl.cpl & click OK

    • Click on the Security tab

    • Click Reset all zones to default level

    • Make sure the Internet Zone is selected & Click Custom level

    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

     

     

  • Download TFC to your desktop

    • Close any open windows.

    • Double click the TFC icon to run the program

    • TFC will close all open programs itself in order to run,

    • Click the Start button to begin the process.

    • Allow TFC to run uninterrupted.

    • The program should not take long to finish it's job

    • Once its finished it should automatically reboot your machine,

    • if it doesn't,  manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

     

     

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go

    • Yellow for caution

    • Red to stop

    WOT has an addon available for both Firefox and IE

     

  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!

    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube

    • Protects your online privacy

    • Two-click installation,  It's free!

    • click the icon that corresponds to your browser and download.

     

     

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories.  This article is full of good information on alternatives for home backup solutions.

     

     

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet

 

Thank you for your patience, and performing all of the procedures requested.

 

Please respond one last time so we can consider the thread resolved and close it, thank-you.


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#25 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,436 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:43 AM

Posted 20 January 2014 - 06:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users