Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
22 replies to this topic

#16 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 20 April 2014 - 06:10 AM

C:\Peer to peer\Avira internet security suite 14.0.2.286 fr + clé 2020\avira_internet_security_suite_fr.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Peer to peer\Masters.of.Sex.S01E02.FASTSUB.VOSTFR.HDTV.XviD-MiND\2- Office Pro + 2010 32bits.iso    Win32/HackKMS.A potentially unsafe application
C:\Peer to peer\Windows Loader 2.2.1 by Daz\Windows Loader.exe    Win32/HackTool.WinActivator.I potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files\NCH Software\Switch\switch.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\Switch\switchsetup_v4.60.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files (x86)\VNT\vntldr.exe    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\System Volume Information\_restore{D0211F08-6B24-4E7F-BA9D-EB4AFD63EADE}\RP4\A0001151.dll    Win32/OpenCandy potentially unsafe application
C:\Users\Public\Desktop\+\Logiciels\Core-Temp\Core-Temp-setup.exe    probably a variant of Win32/Complitly.A potentially unwanted application
C:\Users\samir\AppData\Local\Temp\CDBurnerXP.exe    Win32/OpenCandy potentially unsafe application
C:\Users\samir\AppData\Local\Temp\dsk.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\samir\AppData\Local\Temp\FoxitReader.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\samir\AppData\Local\Temp\GOMPLAYERENSETUP.EXE    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\samir\AppData\Local\Temp\KMPlayer.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\samir\AppData\Local\Temp\rcv.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\samir\AppData\Roaming\IDM\DwnlData\samir\www_01net_com_153\www_01net_com    a variant of Win32/InstallCore.LF potentially unwanted application
C:\Users\samir\Downloads\Compressed\sniffpass.zip    a variant of Win32/Sniffer.SniffPass.A potentially unsafe application
C:\Users\samir\Downloads\Programs\switchsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\samir\Downloads\Programs\01net_Recuva\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Nouveau dossier\windows\Pack Win7 Pro Duo SP1 v2-Orion\Pack Logiciels-Orion\Pack Logiciels-Orion.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
E:\Mes documents\Downloads\Compressed\FlashToMp3converter_setup.zip    a variant of Win32/Somoto.A potentially unwanted application
E:\Mes documents\Downloads\Compressed\spy-lantern-keylogger-home.zip    a variant of Win32/KeyLogger.SpyLantern.B application
E:\p\Mes documents\Downloads\Compressed\FacebookPasswordDecryptor.zip    a variant of Win32/SecurityXploded.A potentially unsafe application
E:\p\Mes documents\Downloads\Compressed\kg-setup.zip    a variant of Win32/KeyLogger.Gratis.B application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068456.exe    Win32/OpenCandy potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068457.exe    Win32/OpenCandy potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068466.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068468.exe    Win32/Malavida.A potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068469.exe    a variant of Win32/LogicielsEspions.C potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068470.exe    Win32/OpenCandy potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068471.exe    MSIL/Solimba.M potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068473.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068476.exe    Win32/InstallMonetizer.AQ potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP145\A0068482.exe    MSIL/Solimba potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068923.exe    Win32/OpenCandy potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068926.exe    Win32/SoftonicDownloader.E potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068927.exe    Win32/SoftonicDownloader.E potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068928.exe    Win32/SoftonicDownloader.E potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068929.exe    Win32/SoftonicDownloader.E potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068930.exe    a variant of Win32/SoftonicDownloader.F potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068931.exe    Win32/SoftonicDownloader.E potentially unwanted application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP146\A0068933.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\System Volume Information\_restore{D4354BF1-BA0F-4DFB-92E3-84524FE1E365}\RP77\A0012961.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\Mes Logiciels\daemon-tools-lite_daemon_tools_lite_4.45.4_francais_10729.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Mes Logiciels\Autre\CCleaner 4.09.4471 Pro & Business Edtion + Crack - neilsp\Setup\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Mes Logiciels\Bureautique\install_flashplayer12x32_mssd_aaa_aih.exe    a variant of Win32/InstallCore.IW potentially unwanted application
F:\Mes Logiciels\Bureautique\Office pro+ 2010 32bits.rar    Win32/HackKMS.A potentially unsafe application
F:\Mes Logiciels\Bureautique\Adobe.Acrobat.XI.Pro. + Keygen-X-Force\serial-Keygen\xf-mccs6.exe    Win32/Keygen.HA potentially unsafe application

 



BC AdBot (Login to Remove)

 


#17 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:02 AM

Posted 20 April 2014 - 01:41 PM

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Copy/paste the text inside the Codebox below into notepad:

 

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

 

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
C:\Program Files (x86)\AskPartnerNetwork File::C:\Peer to peer\Avira internet security suite 14.0.2.286 fr + clé 2020\avira_internet_security_suite_fr.exe   
C:\Peer to peer\Masters.of.Sex.S01E02.FASTSUB.VOSTFR.HDTV.XviD-MiND\2- Office Pro + 2010 32bits.iso    W
C:\Peer to peer\Windows Loader 2.2.1 by Daz\Windows Loader.exe  C:\Users\samir\AppData\Local\Temp\CDBurnerXP.exe  
C:\Users\samir\AppData\Local\Temp\dsk.exe   
C:\Users\samir\AppData\Local\Temp\FoxitReader.exe   
C:\Users\samir\AppData\Local\Temp\GOMPLAYERENSETUP.EXE   
C:\Users\samir\AppData\Local\Temp\KMPlayer.exe   
C:\Users\samir\AppData\Local\Temp\rcv.exe   
C:\Users\samir\AppData\Roaming\IDM\DwnlData\samir\www_01net_com_153\www_01net_com   
E:\Mes documents\Downloads\Compressed\FlashToMp3converter_setup.zip   
E:\Mes documents\Downloads\Compressed\spy-lantern-keylogger-home.zip
E:\p\Mes documents\Downloads\Compressed\FacebookPasswordDecryptor.zip  
E:\p\Mes documents\Downloads\Compressed\kg-setup.zip 
F:\Mes Logiciels\Bureautique\Office pro+ 2010 32bits.rar  
F:\Mes Logiciels\Bureautique\Adobe.Acrobat.XI.Pro. + Keygen-X-Force\serial-Keygen\xf-mccs6.exe    

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

 

Save this file to your desktop, Save this as "CFScript"

 

Here's how to do that:

 

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

 

CFScriptB-4.gif

 

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system.
  • It may reboot your system when it finishes. This is normal.

 

 

When finished, it shall produce a log for you.

  • Copy and paste the contents of the log in your next reply.

     

     

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#18 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 20 April 2014 - 03:51 PM

ComboFix 14-04-12.01 - samir 20/04/2014  21:45:28.2.2 - x86
Microsoft Windows 7 Professionnel   6.1.7601.1.1252.33.1036.18.1014.279 [GMT 1:00]
Lancé depuis: c:\users\samir\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\samir\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
- Mode FONCTIONNALITES REDUITES -
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\samir\AppData\Local\temp\chrome.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-03-20 au 2014-04-20  ))))))))))))))))))))))))))))))))))))
.
.
2014-04-20 20:46 . 2014-04-20 20:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-20 08:19 . 2014-04-20 08:19    --------    d-----w-    c:\program files\ESET
2014-04-20 05:50 . 2014-04-20 08:02    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-20 05:49 . 2014-04-03 08:51    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-20 05:49 . 2014-04-03 08:51    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 05:49 . 2014-04-03 08:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-20 05:49 . 2014-04-20 05:57    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-20 05:49 . 2014-04-20 05:49    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-19 22:05 . 2014-04-19 22:07    --------    d-----w-    C:\AdwCleaner
2014-04-19 22:01 . 2014-04-19 22:01    --------    d-----w-    c:\windows\ERUNT
2014-04-19 21:30 . 2014-04-19 21:30    --------    d-----w-    c:\programdata\NCH Software
2014-04-19 21:30 . 2014-04-19 21:30    --------    d-----w-    c:\program files\NCH Software
2014-04-19 21:30 . 2014-04-19 21:30    --------    d-----w-    c:\users\samir\AppData\Roaming\NCH Software
2014-04-19 21:25 . 2014-04-19 21:26    --------    d-----w-    C:\Music
2014-04-19 21:24 . 2014-04-19 21:24    --------    d-----w-    c:\program files\Sagasoft
2014-04-15 15:48 . 2014-04-15 15:48    --------    d-----w-    c:\program files\VS Revo Group
2014-04-09 16:01 . 2014-04-12 20:14    --------    d-----w-    C:\FRST
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\users\samir\AppData\Roaming\Gadwin
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\users\samir\AppData\Local\Gadwin
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\program files\Gadwin
2014-04-06 11:20 . 2014-04-06 11:20    --------    d-----w-    c:\users\samir\AppData\Roaming\PhotoDentelle
2014-04-06 11:18 . 2014-04-06 11:18    --------    d-----w-    c:\users\samir\AppData\Local\Adobe
2014-04-05 22:52 . 2014-04-07 09:23    --------    d-----w-    C:\Downloads
2014-04-05 22:51 . 2014-04-07 09:23    --------    d-----w-    c:\users\samir\AppData\Roaming\BitComet
2014-04-05 18:44 . 2014-04-15 15:50    --------    d-----w-    c:\program files\Kepard
2014-04-05 09:09 . 2014-04-05 09:09    --------    d-----w-    c:\users\samir\AppData\Roaming\Avira
2014-04-05 09:07 . 2013-12-13 13:20    69240    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-04-05 09:07 . 2013-12-13 13:20    90400    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-04-05 09:07 . 2013-12-13 13:20    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2014-04-05 09:07 . 2013-12-13 13:20    135648    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-04-05 09:07 . 2014-04-05 09:07    --------    d-----w-    c:\programdata\Avira
2014-04-05 09:07 . 2014-04-05 09:07    --------    d-----w-    c:\program files\Avira
2014-04-05 08:39 . 2014-04-05 08:39    52928    ----a-w-    c:\windows\system32\drivers\wStLib.sys
2014-04-04 23:02 . 2014-04-05 09:36    --------    d-----w-    c:\program files\Runtime Software
2014-04-04 22:55 . 2014-04-05 09:35    --------    d-----w-    c:\program files\InstallShield Installation Information
2014-04-04 22:55 . 2014-04-04 22:55    --------    d-----w-    c:\program files\Ontrack
2014-04-04 22:55 . 2014-04-04 22:55    --------    d-----w-    c:\program files\Common Files\InstallShield
2014-04-02 09:40 . 2014-04-02 09:40    --------    d-----w-    c:\users\samir\AppData\Local\Ahead
2014-04-02 09:37 . 2004-03-02 15:37    125184    ------w-    c:\windows\system32\drivers\imagesrv.sys
2014-04-02 09:37 . 2004-03-02 15:37    5504    ------w-    c:\windows\system32\drivers\imagedrv.sys
2014-04-02 09:37 . 2000-06-26 09:45    106496    ----a-w-    c:\windows\system32\TwnLib20.dll
2014-04-02 09:37 . 2001-07-09 09:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
2014-04-02 09:37 . 2014-04-02 09:37    --------    d-----w-    c:\program files\Common Files\Ahead
2014-04-02 09:37 . 2014-04-02 09:37    --------    d-----w-    c:\program files\Ahead
2014-04-02 09:29 . 2002-07-17 13:20    84832    ----a-w-    c:\windows\system32\drivers\ASPI32.SYS
2014-04-02 09:24 . 2009-09-04 01:36    299008    ----a-w-    c:\windows\system32\TubeFinder.exe
2014-04-02 09:24 . 2009-06-19 17:51    364544    ----a-w-    c:\windows\system32\PropertyGrid.ocx
2014-04-02 09:24 . 2009-06-19 17:51    119568    ----a-w-    c:\windows\system32\VB6FR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
2014-04-02 09:24 . 2009-06-19 17:51    9728    ----a-w-    c:\windows\system32\PCCLPFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    84512    ----a-w-    c:\windows\system32\PICCLP32.OCX
2014-04-02 09:24 . 2009-06-19 17:51    24576    ----a-w-    c:\windows\system32\ControlSubX.ocx
2014-04-02 09:24 . 2009-06-19 17:51    141312    ----a-w-    c:\windows\system32\MSCMCFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    32768    ----a-w-    c:\windows\system32\CMDLGFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    152848    ----a-w-    c:\windows\system32\COMDLG32.OCX
2014-04-01 09:58 . 2014-04-01 10:32    --------    d-----w-    c:\users\samir\AppData\Roaming\PhotoFiltre Studio X
2014-04-01 09:57 . 2014-04-01 09:58    --------    d-----w-    c:\program files\PhotoFiltre Studio X
2014-04-01 08:55 . 2014-04-01 08:56    --------    d-----w-    c:\users\samir\AppData\Roaming\Nero
2014-04-01 08:51 . 2014-04-03 12:31    --------    d-----w-    c:\programdata\Nero
2014-03-26 16:27 . 2014-04-17 08:33    --------    d-----w-    c:\users\samir\AppData\Roaming\IDM
2014-03-26 16:27 . 2014-03-26 16:27    --------    d-----w-    c:\program files\Internet Download Manager
2014-03-25 15:21 . 2014-03-25 15:21    --------    d-----w-    c:\users\samir\AppData\Local\ElevatedDiagnostics
2014-03-24 13:33 . 2014-03-24 13:33    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\windows\PCHEALTH
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft.NET
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft Sync Framework
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2014-03-24 13:30 . 2014-03-24 13:39    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2014-03-24 13:29 . 2014-03-24 13:29    --------    d-----w-    c:\program files\Microsoft Analysis Services
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-07 08:49 . 2014-03-07 08:49    27168    ----a-w-    c:\windows\system32\bdsandboxuh.dll
2014-03-07 08:20 . 2014-03-07 08:20    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin.dll
2014-02-20 23:10 . 2014-02-20 23:10    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-20 23:10 . 2014-02-20 23:10    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-20 23:10 . 2014-02-20 23:10    523264    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-20 23:10 . 2014-02-20 23:10    38400    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-20 23:10 . 2014-02-20 23:10    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-20 23:10 . 2014-02-20 23:10    185344    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-20 23:10 . 2014-02-20 23:10    1767936    ----a-w-    c:\windows\system32\wininet.dll
2014-02-20 23:10 . 2014-02-20 23:10    158720    ----a-w-    c:\windows\system32\msls31.dll
2014-02-20 23:10 . 2014-02-20 23:10    150528    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-20 23:10 . 2014-02-20 23:10    138752    ----a-w-    c:\windows\system32\wextract.exe
2014-02-20 23:10 . 2014-02-20 23:10    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-20 23:10 . 2014-02-20 23:10    12800    ----a-w-    c:\windows\system32\mshta.exe
2014-02-20 23:10 . 2014-02-20 23:10    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-20 23:10 . 2014-02-20 23:10    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-20 23:10 . 2014-02-20 23:10    61952    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-20 23:10 . 2014-02-20 23:10    61440    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-20 23:10 . 2014-02-20 23:10    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-20 23:10 . 2014-02-20 23:10    361984    ----a-w-    c:\windows\system32\html.iec
2014-02-20 23:10 . 2014-02-20 23:10    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-20 23:10 . 2014-02-20 23:10    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-20 23:10 . 2014-02-20 23:10    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-20 23:10 . 2014-02-20 23:10    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-20 23:10 . 2014-02-20 23:10    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-20 23:06 . 2014-02-20 23:06    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-02-20 23:05 . 2014-02-20 23:05    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-20 23:04 . 2014-02-20 23:04    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-02-20 23:04 . 2014-02-20 23:04    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-02-20 23:04 . 2014-02-20 23:04    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-02-20 23:04 . 2014-02-20 23:04    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-02-20 23:04 . 2014-02-20 23:04    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-20 23:04 . 2014-02-20 23:04    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-02-20 23:04 . 2014-02-20 23:04    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-02-20 23:04 . 2014-02-20 23:04    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-02-20 23:04 . 2014-02-20 23:04    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-02-20 23:04 . 2014-02-20 23:04    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-02-20 23:04 . 2014-02-20 23:04    1988096    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-20 23:04 . 2014-02-20 23:04    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-02-20 23:04 . 2014-02-20 23:04    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-02-20 23:04 . 2014-02-20 23:04    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2014-02-20 23:04 . 2014-02-20 23:04    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-20 23:04 . 2014-02-20 23:04    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-02-20 23:04 . 2014-02-20 23:04    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-02-20 23:03 . 2014-02-20 23:03    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-02-20 14:50 . 2014-02-20 14:50    899184    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-20 14:40 . 2014-02-20 14:40    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-20 14:40 . 2014-02-20 14:40    639312    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-20 07:08 . 2014-02-20 07:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 07:08 . 2014-02-20 07:08    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-17 00:32 . 2014-03-06 02:49    7947048    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC1AA9C8-CE33-40A0-AB23-E33314D7FC80}\mpengine.dll
2014-01-27 08:58 . 2014-02-20 23:14    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-08 . DF0A0DDC4F4B6974805AA14C94D2804F . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[-] 2012-02-08 . ED4B3A206DCAC8E4071DD427F5C6AE99 . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2012-02-08 . C7BF9033DB886B1776C339193620FD27 . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2012-02-08 . 653175E41C29D547C790A0AC67E8F7F0 . 2723328 . . [6.1.7600.16385] . . c:\windows\explorer.exe
.
[-] 2012-01-08 . 447622A80C2A3E40F6D2DCF16C63069B . 599040 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2012-01-08 . 447622A80C2A3E40F6D2DCF16C63069B . 599040 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-26 3821136]
"uTorrent"="c:\users\samir\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-05 1264984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-04-05 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
2006-09-21 03:01    139264    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-20 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S1 wStLib;wStLib;c:\windows\system32\drivers\wStLib.sys [2014-04-05 52928]
S2 AntiVirMailService;Avira Protection e-mail;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-04-05 910416]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-04-05 440400]
S2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-04-05 1017424]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-13 69240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - MBAMWebAccessControl
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: &Envoyer à OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 142.91.92.120 8.8.8.8
FF - ProfilePath - c:\users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-Kepard - c:\program files\Kepard\Kepard.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4246969510-2668884010-4153552468-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C35BA6-81AA-8E74-E527-0B5C3DAF4243}*]
"maajkehckikkhififdbadblmhh"=hex:69,61,68,6c,69,6f,70,62,6f,65,6a,67,6f,61,68,
   62,67,62,00,00
.
[HKEY_USERS\S-1-5-21-4246969510-2668884010-4153552468-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C35BA6-81AA-8E74-E527-0B5C3DAF4243}*]
"maajkehckikkhififdbadblmhh"=hex:69,61,68,6c,69,6f,70,62,6f,65,6a,67,6f,61,68,
   62,67,62,00,00
.
[HKEY_USERS\S-1-5-21-4246969510-2668884010-4153552468-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C35BA6-81AA-8E74-E527-0B5C3DAF4243}*]
"maajkehckikkhififdbadblmhh"=hex:69,61,68,6c,69,6f,70,62,6f,65,6a,67,6f,61,68,
   62,67,62,00,00
.
[HKEY_USERS\S-1-5-21-4246969510-2668884010-4153552468-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C35BA6-81AA-8E74-E527-0B5C3DAF4243}*]
"maajkehckikkhififdbadblmhh"=hex:69,61,68,6c,69,6f,70,62,6f,65,6a,67,6f,61,68,
   62,67,62,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-04-20  21:48:30
ComboFix-quarantined-files.txt  2014-04-20 20:48
ComboFix2.txt  2014-04-15 14:53
.
Avant-CF: 20 260 798 464 octets libres
Après-CF: 20 898 246 656 octets libres
.
- - End Of File - - BB3176DF2D8C8A9D8BE13314F5D7F6AB
A36C5E4F47E84449FF07ED3517B43A31
 



#19 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:02 AM

Posted 20 April 2014 - 08:26 PM

Please advise how the computer is running now and if there are any outstanding issues.

 

 


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#20 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 22 April 2014 - 12:33 PM

My computer run better  than before. i haven't noticed anormalies for the moment, he run good. Thank you .



#21 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:02 AM

Posted 22 April 2014 - 02:19 PM

We just have some housekeeping to do now,

Please do the following:

You can delete the FRST, MBAR and JRT logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#22 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 24 April 2014 - 02:29 AM

Thank you for your time .



#23 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:02 AM

Posted 24 April 2014 - 11:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users