Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome .exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 kennyD1

kennyD1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 October 2014 - 01:51 PM

Hi,

 

New to the site and having issues with that google chrome .exe fake program.  It generates a bunch of the program and run it in process.  Could anyone help me?  I ran malwarebyte have norton installed and even ran AdwCleaner but its still there and causes my pc to lag and flashes sometimes.  Oh here is the 2 FRST files.

 

Edit:  After trying out some malware removal programs I seem to have been able to remove it and here is the updated FRST logs in case you catch anything else or if I didn't really solve the root of the problem.  Thank You.

Attached Files


Edited by kennyD1, 22 October 2014 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 25 October 2014 - 01:43 AM

Can someone help and look to see if my pc is clean now?  Thanks



#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 27 October 2014 - 12:09 PM

Hello kennyD1, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please consider the following warning before proceeding. 
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitComet 1.36 64-bit). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
Did you install this programme? Yahoo! Messenger 
 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
    2014-10-22 13:36 - 2013-05-03 17:18 - 00000000 ____D () C:\Program Files (x86)\IObit
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    Folder: C:\Users\BrokenBlade\AppData\Local\{B1854CDA-CD44-4902-A0EA-11449667980B}
    Folder: C:\Users\BrokenBlade\AppData\Roaming\Media Player Classic
    Folder: C:\Windows\Tasks\ImCleanDisabled
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you install the programme? 
  • Fixlog.txt
  • JRT.txt

Posted Image

#4 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 27 October 2014 - 04:24 PM

Ok did everything you asked and yes i installed Yahoo Messenger.  Here are the logs.

 

Attached Files



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 27 October 2014 - 04:42 PM

Hello, 

 

Please provide an update on your computer after completing the steps below. Are there any outstanding issues?

 

STEP 1

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • Are there any outstanding issues?

Posted Image

#6 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 27 October 2014 - 06:54 PM

Pc is running fine and no problem as I can see.  Here are the log of the scans.

Attached Files



#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 27 October 2014 - 08:21 PM

Are you aware your computer had a file encrypting ransomware on it? Are you able to open your personal documents? 


Posted Image

#8 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 27 October 2014 - 08:59 PM

No I had no idea which file had this?  I can open everything fine.



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 October 2014 - 10:12 AM

Looks like you may have been lucky. 

Please do the following. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Type the following text into the Search: textbox:
    DECRYPT_INSTRUCTION.*;INSTALL_TOR.*
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will be open, and saved in the same location as FRST.exe.  
  • Copy the contents of the log and paste in your next reply.

Posted Image

#10 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 28 October 2014 - 12:31 PM

Here are the search logs

 

Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by BrokenBlade at 2014-10-28 13:28:13
Running from C:\Users\BrokenBlade\Downloads\download programs
Boot Mode: Normal

================== Search Files: "DECRYPT_INSTRUCTION.*;INSTALL_TOR.*" =============

C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.HTML
[2014-10-17 14:53][2014-10-17 14:53] 0008542 ____A () 2E0F7AE9FCB860A088EEE5837D4ED8EA

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.TXT
[2014-10-17 14:53][2014-10-17 14:53] 0004214 ____A () BD9E25289CA566B90041CA72C91A4592

C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\INSTALL_TOR.URL
[2014-10-17 14:53][2014-10-17 14:53] 0000276 ____A () 6071FE0F11EE5B9C7848E4EABCF40B7E

====== End Of Search ======



#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 October 2014 - 01:10 PM

OK. Lets remove those files, and update your vulnerable software.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\ProgramData\IObit
    C:\Users\All Users\IObit
    C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\INSTALL_TOR.URL
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.HTML
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.TXT
    C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\INSTALL_TOR.URL
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Flash Player 11 ActiveX 
    • Java™ 6 Update 21 (64-bit)
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

Posted Image

#12 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 28 October 2014 - 04:10 PM

Pc is running well here are the logs requested.

234
 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version out of Date!
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

And Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by BrokenBlade at 2014-10-28 16:51:15 Run:2
Running from C:\Users\BrokenBlade\Downloads\download programs
Loaded Profile: BrokenBlade (Available profiles: BrokenBlade)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\IObit
C:\Users\All Users\IObit
C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\INSTALL_TOR.URL
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.HTML
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.TXT
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\INSTALL_TOR.URL
EmptyTemp:
end
*****************

C:\ProgramData\IObit => Moved successfully.
"C:\Users\All Users\IObit" => File/Directory not found.
C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\RCTemp\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\Skin\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\raidcall\ImageCache\ads\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\Silverlight\is\hisfctah.ud4\e22ybcne.4ra\1\s\dyvvjzmpob4q0d4kqqj4vkck2hypzt2mgon23fq0dh35hbc3zraaabga\f\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\INSTALL_TOR.URL => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\BrokenBlade\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\INSTALL_TOR.URL => Moved successfully.
EmptyTemp: => Removed 132 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 October 2014 - 05:52 PM

Pc is running well here are the logs requested.

Excellent!
 
Now for the good news. 
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using BleepingComputer.
 
Safe Surfing.  :thumbup2: 
Adam (LiquidTension).


Posted Image

#14 kennyD1

kennyD1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 28 October 2014 - 06:16 PM

Pc is working fine and thank you again for your help and time.



#15 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 October 2014 - 06:17 PM

You're more than welcome. :)

 

I shall close this topic now. 

 

All the best, 
Adam. 


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users