Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log: Please Diagnose


  • This topic is locked This topic is locked
16 replies to this topic

#1 glikka

glikka

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 07 April 2012 - 09:45 AM

My brother directed me to post info here in order to remove a virus. Norton Antivirus reports a trojan on my computer - I've attached the DDS and HiJackThis logs. How should I proceed?

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 07 April 2012 - 03:17 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 09 April 2012 - 10:06 PM

Here are the logs that those steps generated. Thanks!
and .

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 09 April 2012 - 10:10 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 10 April 2012 - 08:00 PM

Here is the log that ComboFix generated:

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 10 April 2012 - 08:14 PM

Hi,

we have a little more work to do,

it appears that malware has invaded your Net Services which we will need to correct

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


NEXT


I would like to see a list of installed programs, so please do this:
  • Press the Win key + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

  • A text file should open.
  • Post the contents of that file in your next reply.

Edited by CatByte, 10 April 2012 - 08:15 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 10 April 2012 - 08:40 PM

Alright, here are the three requested files: , , and .

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 10 April 2012 - 09:24 PM

Hi

Please do the following:

Open notepad and copy/paste the text in the box below into it:

@echo off
swreg query hklm\system\currentcontrolset\services /s |(
SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
SED -r "/.*\\(.*)\t/!d; s//\1/"
)))>Log.txt
Start Notepad Log.txt

  • Save this as peek.bat Choose to "Save type as - All Files"
  • It should look like this: Posted Image
  • Right click on peek.bat and select "Run as administrator". A notepad file will open. Copy that information into your next reply, please.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 10 April 2012 - 09:44 PM

When I right-clicked the file there was no 'run as administrator' option, but when I clicked 'open' it created this log:

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 10 April 2012 - 10:03 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

NetSvc::
aic116x
softfax
USB_NDIS_51
dot4print
lirsgt
wtwservice
db2governor
hidgame
flashcomadmin
emAudio
oracleorahome92pagingserver
ntpr_nic_service2
brmfrmps
nwlnkipx
hap17v2k
VAIOMediaPlatform-MusicServer-UPnP
Exportit
kwatchsvc
toddsrv
interactivelogon
anbmservice
MagicTune
pepifilter
acrotray
ms_mpu401
A88xTuner
pav_service
mdmxsdk
vmnetdhcp
BootScreen
se58mdm
portmapper
mgabg
NetMsmqActivator
TVALG
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
hamachi
DKbFltr
CTEAPSFX.DLL
https-nassry
RushTopDevice
procexp111
wg5n
commserver
lpds
msi_wlan_service
SndTDriverV32
axsaki
MpFilter
Anydlc
SaiClass
psasrv
sqlagent$pinnaclesys
winss
savrt
bthidmgr
SE2Cbus
cvsnt
tsscoreservice
sdcplh
cwafreportscheduler
penclass
Subsonic
ZSMC303
QWAVEDRV
k750mgmt
ESDCR
rwbackupsrv
kpfwsvc
UVCFTR
avcgbfl
cebdaldr
avidsdmservice
isdrv122
cdrbsvsd
retrowdsvc
bthenum
CSDriver
konfig
TMBMServer
ATWPKT2
se58obex
ehstart
curtainssyssvc
shuttleengine
nsvclog
xfilt
lfsfilt
ALABULK
StMp3Rec
bdpredir
WavxDMgr
i81x
elaunidr
SrvcEPECioctl
nvsvc
p2pimsvc
spbbcsvc
ccsetmgr
NVR0Dev
dlaopiom
GTWModem
pcnet
fsbwsys
AtlsAud
MobilityService
IPSECSHM
alcxsens
MTDVC2_ENUM
WmaCVideo32
LMouFilt
pavatscheduler
pivot
ClntMgmt.sys
fuj02b1
STV672
sfvfs02
slave
adsservice
nsengine
IJPLMSVC
smartwiservice
z800obex
TPPWRIF
nvenetfd
aiclient
symndis
tosrfcom
citrixxteserver
NWDNS
MxlW2k
acnusvc
clcapsvc
SE2Bmdm
RecAgent
TuneUp.ProgramStatisticsSvc
dlaifs_m
WaveEnrollmentService
KR3NPXP
usr11g
se44mdfl
cwcwdm
transarcafsdaemon
wltwo51b
BRCMDECO
camdrl
vmkbd
nmindexingservice
guardian2
emu10k
symids
qbposdbextservices
sandboxu
mgabgexe
elnkupdateservice
w200mdm
F700imd
merakpop3
pavagente
issimon
e1000
dlacdbhm
pctavsvc
bridgemp
freesshdservice
ICAM3NT5
L6POD
smcirda
AdfuUd
OsaFsLoc
NPDriver
caili
s217nd5
SWNC8U20
schscnt
iAimFP7
w200bus
cxusb
centennialiptransferagent
telnet
mohfilt
IBMTPCHK
clmtomcatstartersvc
ql2100
AEADIFilters
meiudf
liveupdate
WinDriver6
WDM_YAMAHAAC97
w800bus
revudfservice
msvsmon90
sandradatasrv
srvdpi
usbio
nwlnknb
AVerTV
dot4scan
VMAUDIO
tfsnpool
scsiaccess
BASFND
dcfssvc
s7otranx
PCTINDIS5
slpmonx
GVCplDrv
EntDrv51
ati
atixsaudio
mssql$soshome22
blueletscoaudio
webfilter
McciCMService
lxcz_device
mdc8021x
p2psvc
usb_rndisx
Defrag32b
iam
com0com
wdelmgr20
amoagent
ddxgb
EagleNT
AR5416
TIEHDUSB
hsf_dp
bvrp_pci
ftpqueue
SE2Dobex
SWMX00
teefer2
taphss
PcdrNt
lxbu_device
DVDVRRdr_xp
Atmuni
U81xmdfl
soma
ASMMAP
btwavdt
db2remotecmd
NVR0FLASHDev
mcshield
wmp54gssvc
SaiNtHid
pwisvc
zpnodecollector
roxliveshare
epson_pm_rpcv2_01
isdrv120
fasttx2k
susbser
pdlnctdl
icepack
nvnetbus
armoucfltr
webcompserver
InterBaseServer
ghaio
nimcdldu
sit_flt
agnwifi
lmimaint
irbus
elotouchscreen
slapd-config52
tosrfusb
cicssfs.scmmc223
AVRec
macformatservice
bdselfpr
dkeysync
s116mdfl
mf
aaksrv
avp
MRESP50
s117mdm
RIOUNIV
qmofiltr
nvsmu
lxbt_device
enxpsvc
DNE
DCamUSBMke2
MA_CMIDI
amdagp
vcommmgr
aawservice
pciSd
s3savagenb
prepdrvr
ownershipprotocol
https-admserv61
netdetect
mcafeeframework
MQAC
proxyserverservice
queuemgr
inort
TCtrlIO
logonsvcid
USA49W
oracle%oracle_home_service%clientcache80
dlcj_device
ctljystk
wampmysqld
FVXSCSI
NetPipeActivator
wg4n
VCIDRV
WIBUKEY
trackcam4
vaiomediaplatform-musicserver-appserver
googledesktopmanager
dktknsrv
papyjoy
appdrv
CTMSHD
wg111nd5
PEVSystemStart
rt2500usb
irda
vpcnets2
wintabservice
PDExchange
MASPINT
webrootenterpriseclientservice
mxserver
IWCA
carboncopy32
mail2ec
Afc
cmudau
XilinxPC4Driver
mirrorv3
infrastructure
psadd
lvupdtio
NtMtlFax
avinitnt
SNPSTD3
Shockprf
hwpsgt
pcidrv
hotspotshieldservice
AlteraByteBlaster
bdrsdrv
intcazaudaddservice
symmpi
websenseclientdeployservice
cwafadminmonitor
igniteservice.exe
dsNcAdpt
epson_pm_rpcv4_01
QPSched
DniVad
sddmi2
bjmcmng
PSI_SVC_2
NVENET
s117mdfl
s3twistr
AsusACPI
lusbaudio
rpskt
nicser_wmp11
vxsvc
SNDO763
dnetc
wusb54gv2svc
mgisvr
wencrservice
pdlndtdl
regspy
vaiomediaplatform-integratedserver-upnp
InterBaseGuardian
AVerBDA
cpuidlep
sansaservice
timounter
AdobeActiveFileMonitor6.0
EACSvrMngr
ScFBPNT2
dladresm
cpqnicmgmt
se45mdfl
VirtualFD
apache
USB11LDR
downloadmanagerlite
svcwrsssdk
vrservice
GBDevice
vetmsgnt
Ndismeetro
gmer
comhost
cwafrmiregistry
RTHDMIAzAudService
vrfwsvc
Stltrk2k
rootmodem
scramby
sfcure01
ASNDIS5
GMSIPCI
sermouse
mwssched
pdlnsv25
irsir
dcpflics
prosync1
razerusb
roxupnprenderer
btserial
Nmea
HWIONT
tversitymediaserver
qbfcservice
FreeTdi
bgmainsvc
cwafnotesservice
pdlncbas
cwcspud
tsp
pnkbstrb
pdlndsdl
imonnt
ccpwdsvc
SbcpHid
mssqlserverolapservice
epson_pm_rpcv2_02
AsIO
cmigameport
ASFWHide
IntelC52
SRVLOC
coste
jaguar
amdk77
cnxtdiag
icdsptsv
tavsvc
hpci
sony_ssm.sys
TMHIDSRV
HBtnKey
compaq_rba
F700iat
akshasp
PTDCBus
servicelayer
nwlnkspx
backupexecrpcservice
TPM
ntsecure
aksusb
UMPass
ASInsHelp
cmdagent
cfosspeeds
bc_pat_f
arrayssl_vpn_service3,0,1,9
ctxcpusched
samfilt
Pnp680r
awhost32
PCDRSRVC
websensedcagent
lkclassads
SerTVOutCtlr
CBTNDIS5
phc600
dlaudf_m
bmuservice
ATNT40K

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 14 April 2012 - 01:09 PM

Here's the log that ComboFix produced:

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 14 April 2012 - 01:21 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 14 April 2012 - 10:02 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kristen :: NOKAMO [administrator]

Protection: Enabled

4/14/2012 10:06:10 PM
mbam-log-2012-04-14 (22-06-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214721
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached File  ESETSCAN.txt   27.86KB   1 downloads

My computer appears to be running fairly well now, thanks! Is there anything in particular that I should do or avoid in the future to prevent something like this happening again?

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:48 AM

Posted 15 April 2012 - 11:09 AM

Hi,

We just have some housekeeping to do, the ESET scan found items in old restore points which we will be cleaning up now, please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


You can delete the TDSSKiller, DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 glikka

glikka
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 15 April 2012 - 08:32 PM

Awesome, thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users