FBI Cybercrime Virus

T

theflush

New Member
Thread author
Nov 13, 2013
9
I had Microsoft Security Essentials set up on this laptop before giving it to my daughter, but appears to have been disabled along with the firewall and system restore. I also noticed that when using the admin account, a couple Chrome extensions automatically tried to add themselves, so this or another virus might be trying to do something to the new admin account. One of the extensions was called wajam. My daughter chose to use IE instead of Chrome, so that was probably the browser in used when the laptop was infected.
 

Attachments

  • mbam-log-2013-11-13 (19-21-31).txt
    151.1 KB · Views: 77
  • mbam-log-2013-11-13 (20-04-22).txt
    938 bytes · Views: 81
  • mbam-log-2013-11-13 (22-26-03).txt
    3.5 KB · Views: 133
  • aswMBR.txt
    2.1 KB · Views: 83
  • Extras.Txt
    17.1 KB · Views: 102
  • OTL.Txt
    36 KB · Views: 117
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


You're infected with multiple viruses, including ZeroAccess. We need to work outside the Windows to get rid of it.


Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>For 32 bit systems download <>Farbar Recovery Scan Tool</> and save it to a USB/flash drive.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
T

theflush

New Member
Thread author
Nov 13, 2013
9
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by SYSTEM on MININT-CGQ9GB5 on 15-11-2013 17:39:13
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3732848 2012-03-23] (Dell Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\Chloe\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\Chloe\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\Chloe\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\Chloe\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Chloe\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\Chloe\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKU\Chloe\...\Run: [Google Update] - [x]
HKU\Chloe\...\Run: [Wow6432Node] - C:\Users\Chloe\AppData\Roaming\jvsfrfec\cvejhrri.exe
HKU\Chloe\...\RunOnce: [ed14a1r] - C:\ProgramData\kaaw\xkwqcp.exe [477184 2013-11-11] (NVIDIA Corporation)
HKU\Chloe\...\Winlogon: [Shell] C:\ProgramData\muwel\uweu.exe,explorer.exe <==== ATTENTION

==================== Services (Whitelisted) =================

S2 AECLFilters; C:\Windows\system32\AECLSr64.exe [93696 2012-01-24] (Andrea Electronics Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{78471049-99fa-4929-c677-087f515a326a}\ \...\???\{78471049-99fa-4929-c677-087f515a326a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35328 2012-04-02] (Cirrus Logic)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 vcmlrika; \??\C:\Windows\system32\drivers\vcmlrika.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST
2013-11-15 14:27 - 2013-11-15 14:28 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt
2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat
2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt
2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt
2013-11-14 15:36 - 2013-11-14 15:38 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns
2013-11-13 19:06 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 19:06 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 19:06 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 19:06 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 19:06 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 19:06 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:06 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 19:06 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 19:06 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 19:06 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 19:06 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 19:06 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 19:06 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 19:06 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 19:05 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 19:05 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 19:05 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:05 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures
2013-11-13 17:27 - 2013-11-13 17:31 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe
2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-13 16:38 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 16:38 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:37 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 16:37 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 16:37 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 16:37 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:37 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:37 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:37 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 16:37 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 16:37 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 16:37 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 16:37 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 16:37 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 16:37 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 16:37 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 16:37 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 16:37 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:37 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:37 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:37 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:37 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 16:37 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-13 16:32 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 16:32 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 16:32 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 16:32 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:32 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 16:32 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 16:32 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-11-13 16:15 - 2013-11-13 17:34 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare
2013-11-13 16:14 - 2013-11-13 16:15 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2013-11-13 16:12 - 2013-11-13 16:14 - 00000000 ____D C:\users\admin
2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks
2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 19:27 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-11 20:05 - 2013-11-13 19:49 - 00000000 ____D C:\ProgramData\roh
2013-11-11 20:05 - 2013-11-13 19:33 - 00000000 ____D C:\ProgramData\tequd
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw
2013-11-11 19:59 - 2013-11-13 19:53 - 00000000 ____D C:\ProgramData\almyt
2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648}
2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk
2013-11-06 16:22 - 2013-11-06 16:23 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA}
2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-02 08:54 - 2013-11-02 08:55 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143}
2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F}
2013-10-29 08:51 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-29 08:51 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126}
2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B}
2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3}

==================== One Month Modified Files and Folders =======

2013-11-15 17:39 - 2013-11-15 17:39 - 00000000 ____D C:\FRST
2013-11-15 14:31 - 2012-11-14 05:23 - 01052597 _____ C:\Windows\WindowsUpdate.log
2013-11-15 14:28 - 2013-11-15 14:27 - 01957794 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-11-15 14:18 - 2012-12-14 14:49 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 14:17 - 2012-12-25 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 18:49 - 2013-11-14 18:49 - 00002051 _____ C:\Users\admin\Downloads\aswMBR.txt
2013-11-14 18:49 - 2013-11-14 18:49 - 00000512 _____ C:\Users\admin\Downloads\MBR.dat
2013-11-14 18:12 - 2012-12-14 14:49 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 16:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 15:44 - 2013-11-14 15:44 - 00035022 _____ C:\Users\admin\Downloads\Extras.Txt
2013-11-14 15:43 - 2013-11-14 15:43 - 00073652 _____ C:\Users\admin\Downloads\OTL.Txt
2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:39 - 2009-07-13 20:45 - 00020880 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 15:38 - 2013-11-14 15:36 - 04745728 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2013-11-14 15:36 - 2013-11-14 15:36 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-11-13 19:53 - 2013-11-11 19:59 - 00000000 ____D C:\ProgramData\almyt
2013-11-13 19:49 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\roh
2013-11-13 19:34 - 2012-11-14 05:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-13 19:33 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\tequd
2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-13 19:33 - 2012-11-14 06:10 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-13 19:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 19:32 - 2009-07-13 20:51 - 00047684 _____ C:\Windows\setupact.log
2013-11-13 19:23 - 2009-07-13 21:13 - 00778644 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\qudlao
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\cyblx
2013-11-13 19:21 - 2013-11-13 19:21 - 00000000 ____D C:\ProgramData\beuqns
2013-11-13 19:16 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-11-13 17:38 - 2013-11-13 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 17:38 - 2012-12-14 15:17 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-13 17:38 - 2012-12-14 15:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-13 17:36 - 2010-11-20 19:47 - 00328282 _____ C:\Windows\PFRO.log
2013-11-13 17:34 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-11-13 17:32 - 2013-11-13 17:32 - 00000000 ____D C:\Windows\TempB5FB6F14-B263-7D1D-93B8-0412C3BF339B-Signatures
2013-11-13 17:31 - 2013-11-13 17:27 - 13670584 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mseinstall.exe
2013-11-13 16:57 - 2012-11-14 05:46 - 00000000 ____D C:\ProgramData\Sonic
2013-11-13 16:55 - 2013-11-13 16:55 - 00074856 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-13 16:22 - 2013-11-13 16:22 - 00000000 ____D C:\Users\admin\AppData\Local\Apple
2013-11-13 16:18 - 2013-11-13 16:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Roxio
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Users\admin\AppData\Local\Wondershare
2013-11-13 16:15 - 2013-11-13 16:14 - 00002265 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2013-11-13 16:14 - 2013-11-13 16:14 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2013-11-13 16:14 - 2013-11-13 16:12 - 00000000 ____D C:\users\admin
2013-11-13 16:12 - 2013-11-13 16:12 - 00000020 ___SH C:\Users\admin\ntuser.ini
2013-11-13 16:12 - 2013-11-13 16:12 - 00000000 ____D C:\Users\admin\AppData\Local\SoftThinks
2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:27 - 2013-11-12 19:27 - 00001119 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Malwarebytes
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:27 - 2013-11-12 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 18:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\muwel
2013-11-11 20:05 - 2013-11-11 20:05 - 00000000 ____D C:\ProgramData\kaaw
2013-11-11 19:59 - 2012-12-25 11:00 - 00000000 ____D C:\Users\Chloe\AppData\Roaming\Skype
2013-11-08 18:01 - 2013-11-08 18:01 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5A060B3D-F8F1-40BD-A1B5-0BE623CB4648}
2013-11-07 17:35 - 2013-11-07 17:35 - 00001068 _____ C:\Users\Chloe\Desktop\Music - Shortcut.lnk
2013-11-06 16:23 - 2013-11-06 16:22 - 00000000 ____D C:\Users\Chloe\AppData\Local\{85524DF9-6153-4267-81E2-492496F995DA}
2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-05 17:41 - 2013-11-05 17:41 - 00001789 _____ C:\ProgramData\Desktop\iTunes.lnk
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iTunes
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files\iPod
2013-11-05 17:41 - 2013-11-05 17:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-05 15:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-02 08:55 - 2013-11-02 08:54 - 00000000 ____D C:\Users\Chloe\AppData\Local\{597D3BE4-C0EC-4F44-981D-1AEA2414C143}
2013-10-29 16:50 - 2013-10-29 16:50 - 00000000 ____D C:\Users\Chloe\AppData\Local\{108675B5-FCB2-4027-B618-444ACF96551F}
2013-10-27 15:20 - 2013-10-27 15:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{5E0B59D5-DF7E-47CF-96FF-9EB0CE72D126}
2013-10-27 09:41 - 2012-12-14 14:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-27 09:40 - 2012-12-14 14:49 - 00000000 ____D C:\Users\Chloe\AppData\Local\Google
2013-10-21 17:20 - 2013-10-21 17:20 - 00000000 ____D C:\Users\Chloe\AppData\Local\{B1F9D029-D5A0-4821-B874-88D9872C3F3B}
2013-10-21 17:12 - 2013-10-21 17:12 - 00000000 ____D C:\Users\Chloe\AppData\Local\{1FE9DBA0-1AB4-4C3E-8A0C-2BE09A1B93B3}

Files to move or delete:
====================
ZeroAccess:
C:\Users\Chloe\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\JavaIC.dll
C:\Users\admin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\msscct32.dll
C:\Users\Chloe\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Chloe\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Chloe\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Chloe\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chloe\AppData\Local\Temp\tbMixi.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

2
Restore point made on: 2013-11-13 19:16:25
Restore point made on: 2013-11-15 14:29:35

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3971.35 MB
Available physical RAM: 3221.23 MB
Total Pagefile: 3969.5 MB
Available Pagefile: 3217.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:384.95 GB) NTFS
Drive e: (JIM) (Removable) (Total:0.93 GB) (Free:0.43 GB) FAT
Drive f: (Recovery) (Fixed) (Total:13.67 GB) (Free:5.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C126BBC0)
Partition 1: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 953 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.


LastRegBack: 2013-11-10 16:39

==================== End Of Log ============================
 

Attachments

  • FRST.txt
    27.1 KB · Views: 94
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


On your clean PC, download the following file by right-clicking it and select save as

[attachment=6235]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    983 bytes · Views: 89
T

theflush

New Member
Thread author
Nov 13, 2013
9
Thanks, Twin.

Attached is the fix log.

I was able to enter my daughter's account for the first time, so definite progress has been made.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by SYSTEM at 2013-11-16 07:01:46 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Chloe\...\Run: [Google Update] - [x]
HKU\Chloe\...\Run: [Wow6432Node] - C:\Users\Chloe\AppData\Roaming\jvsfrfec\cvejhrri.exe
HKU\Chloe\...\RunOnce: [ed14a1r] - C:\ProgramData\kaaw\xkwqcp.exe [477184 2013-11-11] (NVIDIA Corporation)
HKU\Chloe\...\Winlogon: [Shell] C:\ProgramData\muwel\uweu.exe,explorer.exe <==== ATTENTION
C:\Users\Chloe\AppData\Roaming\jvsfrfec
C:\ProgramData\kaaw
C:\ProgramData\muwel
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{78471049-99fa-4929-c677-087f515a326a}\ \...\???\{78471049-99fa-4929-c677-087f515a326a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files (x86)\Google\Desktop\Install
S1 vcmlrika; \??\C:\Windows\system32\drivers\vcmlrika.sys [x]
C:\Windows\system32\drivers\vcmlrika.sys
C:\ProgramData\qudlao
C:\ProgramData\cyblx
C:\ProgramData\beuqns
C:\ProgramData\roh
C:\ProgramData\tequd
C:\ProgramData\almyt
C:\Users\Chloe\AppData\Local\Google\Desktop\Install
C:\Users\admin\AppData\Local\Temp
*****************

HKU\Chloe\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
HKU\Chloe\Software\Microsoft\Windows\CurrentVersion\Run\\Wow6432Node => Value deleted successfully.
HKU\Chloe\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ed14a1r => Value deleted successfully.
HKU\Chloe\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Chloe\AppData\Roaming\jvsfrfec => Moved successfully.
C:\ProgramData\kaaw => Moved successfully.
C:\ProgramData\muwel => Moved successfully.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
vcmlrika => Service deleted successfully.
"C:\Windows\system32\drivers\vcmlrika.sys" => File/Directory not found.
C:\ProgramData\qudlao => Moved successfully.
C:\ProgramData\cyblx => Moved successfully.
C:\ProgramData\beuqns => Moved successfully.
C:\ProgramData\roh => Moved successfully.
C:\ProgramData\tequd => Moved successfully.
C:\ProgramData\almyt => Moved successfully.
C:\Users\Chloe\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\admin\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====
 

Attachments

  • Fixlog.txt
    2.5 KB · Views: 105
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
That's good to hear :)

Let's check for remnants:


Step 1.

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.

Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.



Step 2.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
T

theflush

New Member
Thread author
Nov 13, 2013
9
Attached are the requested logs.
 

Attachments

  • FRST.txt
    34.8 KB · Views: 87
  • Addition.txt
    17.7 KB · Views: 102
  • ComboFix.txt
    19.3 KB · Views: 83
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.


[attachment=6241]



System is clean, how are the things now?
 

Attachments

  • fixlist.txt
    2 KB · Views: 302
T

theflush

New Member
Thread author
Nov 13, 2013
9
Attached is the log.

System appears to be running fine.

I did have to manually reset browser search engines from snap.do to google. I assume any underlying issues with snap.do have been fixed?
 

Attachments

  • Fixlog.txt
    5 KB · Views: 154
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
theflush said:
Attached is the log.

System appears to be running fine.

I did have to manually reset browser search engines from snap.do to google. I assume any underlying issues with snap.do have been fixed?
Click to expand...

Correct, Snap.do must be fixed manually and you already did it, so we're done here.


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.


Uninstall Adobe Reader and Java and download/install latest versions.

Stay safe :)
 
T

theflush

New Member
Thread author
Nov 13, 2013
9
Completed!

Anything else or am I good to go?

Thanks so much for you help. Now off to lecture the daughter on safe browsing.
 
T

theflush

New Member
Thread author
Nov 13, 2013
9
I ran Malwarebytes one more time and it flagged PUP.Optional.Quickshare.A

Do I need to do anything about this?
 
T

theflush

New Member
Thread author
Nov 13, 2013
9
I already removed it, reran malwarebytes and it shows clean, so I think we are done.

Thanks again for your help.
 

Similar threads

suthey1
  • Locked
Google Chrome Extension Can't Be Removed
Replies
6
Views
716
Windows Malware Removal Help & Support
nasdaq
nasdaq
xonaxa
  • Locked
Help
Replies
8
Views
502
Windows Malware Removal Help & Support
nasdaq
nasdaq
tracker
  • Locked
I am infected with a hijack loader that has never been detected by any antivirus software, and I cannot remove it.
Replies
7
Views
832
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top