I recently bought a "refurbished," 6-year-old laptop - a Dell Latitude E6410 - from a company that recycles second-hand (usually ex-business) computers to people on low incomes. It came with Windows 7 Pro installed, including (Microsoft Malware Bytes) [correction: Microsoft Security Essentials]. Despite keeping (Malware Bytes) [should be: Security Essentials] up to date, just a few days ago, my Firefox browser was infected by the web-start.org shortcut-hijacker described here, and also by the two adwares SmartNew Tab virus and cpmofferconvert.com, (I suspect all three are related.)
When I realised how the web-start hijacker was operating, I immediately edited the shortcuts, but, concerned that the malwares were still lurking in my system, I started downloading and installing the anti-malware programs mentioned here, intending to follow that removal procedure. Initially, I just ran DDS.com and FRST64.exe.
But then I also downloaded ComboFix. I ran it, assuming that it was an installation file, not realising that it is a portable program, which would immediately do its thing with no further input from me (that was not mentioned anywhere). I was horrified, on reading the report it generated, to see how aggressive it had been, deleting many DLL files from ProgramData folders (which I imagine were there for a purpose) and doing I-know-not-what to the registry. It did however, make a system restore point first and, IIRC, its own backup of the registry.
I found and zipped up the Qoobox folders (3.1MB) (after some initial struggling with the folder permissions), and I have uploaded it to this webpage (tiny.cc/combofix-mg), together with the ComboFix report and the two DDS reports and the two FRST reports. (I hope these will be some help to responders)
I find it hard to believe that ALL of the files deleted by ComboFix were infected. It even deleted Teamviewer.exe, which had been pre-installed by the computer vendor (presumably for support purposes.)
I now know that I should not have run ComboFix without expert advice to do so. But I am now seeking that expert advice as to which of three things to do next:
a. Should I do nothing, and just accept that ComboFix did the right thing, and that the computer can do without the files it deleted?
b. Should I use Windows 7 system restore to revert back? (Will that also bring back the files from the quarantine box?)
c. or should I use the tool CFDQ-UsrPrf.exe mentioned here to restore things to the way they were? (Is there any info on exactly what it does?)
Presumably, in all 3 cases (or at least b and c), I should then use other anti-malware programs to remove the malware.
I am an experienced computer user, but I feel a little out of my depth at this stage, and would welcome whatever help I can get.
Edited by Moongazer, 23 October 2016 - 07:53 AM.