Status
Not open for further replies.
Infection date and initial symptoms
may 19
Current issues and symptoms
web browser opens by itself to a variety of different web sites. when this happen task manager show COM Surrogate. I ran Combofix and I have the report if that helps
Steps taken in order to remove the infection
I have ran malwarebytes, windows security essentials, uninstalled any suspicious programs and TDSSKiller(which said 0 threats)

funpolice652

New Member
web browser opens by itself to a variety of different web sites. when this happen task manager show COM Surrogate. I ran Combofix and I have the report if that helps.
I have ran malwarebytes, windows security essentials, uninstalled any suspicious programs and TDSSKiller(which said 0 threats)
 

TwinHeadedEagle

Moderator
Verified
Staff member
Hello,

Why are you running ComboFix on you own?

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
 

funpolice652

New Member
I saw somewhere else to try it. I guess I shouldn't have. I haven't done anything with the info but I am still getting pop ups
 

TwinHeadedEagle

Moderator
Verified
Staff member
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

TwinHeadedEagle

Moderator
Verified
Staff member
Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:
  • Microsoft Security Essentials
  • AVG AntiVirus Free Edition 2014

Uninstallation procedure:
  • Press the
    + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.
This should be done until any other steps will be taken.



Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Attachments

funpolice652

New Member
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Living Room on Mon 05/25/2015 at 16:46:10.09.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Living Room\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5/25/2015 5:46:27 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Runtime Software deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\Users\Living Room\AppData\Roaming\15853 deleted successfully
C:\Users\Living Room\AppData\Roaming\22508 deleted successfully
C:\Users\Living Room\AppData\Roaming\24447 deleted successfully
C:\Users\Living Room\AppData\Roaming\asoftech deleted successfully
C:\Users\Living Room\AppData\Roaming\DVD Flick deleted successfully
C:\Users\Living Room\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Living Room\AppData\Local\Bundled software uninstaller deleted successfully
C:\Users\Living Room\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-155920243-2648623898-2564677760-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hshld deleted successfully

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Runtime Software not found
C:\PROGRA~2\Samsung not found
C:\PROGRA~2\iExplorer deleted
C:\windows\SysNative\Tasks\0414bUpdateInfo deleted
C:\PROGRA~3\{a66f28fa-34f1-5fec-a66f-f28fa34fa3e8} deleted
C:\Users\Living Room\AppData\LocalLow\Conduit deleted
C:\Users\Living Room\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~2\Windows Password Recovery Tool Professional deleted
C:\PROGRA~2\Hotspot Shield deleted
C:\PROGRA~2\Conduit deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\2C+62062%25252C+1362542470%252529%25253Buf%252528%252527r%252527%25252C+2800648%25252C+1362542470%252529%25253B%2526ccd%253D%2525212wUcMwj4jR8QiPiqARiy_AkgBA.[1].js deleted
C:\2C+62062%25252C+1362542482%252529%25253Buf%252528%252527r%252527%25252C+2800648%25252C+1362542482%252529%25253B%2526ccd%253D%2525212wUcMwj4jR8QiPiqARiy_AkgBA.[1].js deleted
C:\Users\Living Room\AppData\Roaming\Wondershare deleted
C:\Users\Living Room\AppData\Roaming\Hotspot Shield deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\wmpp.dat deleted
C:\PROGRA~3\Avg_Update_0215tb deleted
C:\PROGRA~3\Avg_Update_0414b deleted
C:\PROGRA~3\Avg_Update_1214tb deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Living Room\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\tasks\0414bUpdateInfo.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\Hotspot Shield deleted
"C:\Windows\Installer\250ec18f.msi" deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81


AdBlock - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ProxMate - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki
Chrome Hotword Shared Module - Living Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Preferences
tent_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071981112967028","lastpingday":"13077010799111487","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"56134BE0EF454CBD16900925A810B4F7C0775EE61B6BFDE2ED72785421B40827"},"default_search_provider":{"keyword":"57CBE270B6B336C30575C953E207C56EA7E896CA9C71D35439EE147F00576616","name":"9E0F5296C85937AA8AC828DF0510EA410F951624E0329FB75EF59F15DB319564","search_url":"7B07041C8B2C42F78303F71E64E2B04F84426ADFCE617B8E21EC0E6C5FB5C1EF"},"default_search_provider_data":{"template_url_data":"87F9AD718B6F978BA21E5BBBD2E9F65A408CD8392715B70CE4401EC5F3697F62"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"17109C86B926A33B9527C0F5A384411DF16BA4E8EBE675FD03474E68DCD2F746","aohghmighlieiainnegkcijnfilokake":"403432DCFC4B83777E2D62EA3F8C0E01226CF5D17681147A5132B57CBAC10F9C","apdfllckaahabafndbhieahigkjlhalf":"B29D2D10BA57E2EED863F737BE29DC0721DFD9F3A3682B64D8FC797BD3166F51","bepbmhgboaologfdajaanbcjmnhjmhfn":"1166FCC25DFC2F6FA16C506B4B8313A7318D811373974397043BBF76A06A1F0F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"EFA42316720EFD20697A627F70F3C8801A974C6BF062C664B00149E336ED638E","bopakagnckmlgajfccecajhnimjiiedh":"B60D35FF57F587A522405ADA661E854F0BC576020C4D65A1147BB902E26121BD","coobgpohoikkiipiblmjeljniedjpjpf":"3190897535314576BDFF237CBE2F62C02BE9F12D24CC9D449B680BC07B6A20F5","dnhpdliibojhegemfjheidglijccjfmc":"02448B693E449D641FBC52C3EDF8553071CF760CF512E1C5E6D7B647269078A5","eemcgdkfndhakfknompkggombfjjjeno":"33003368023B7CC752DE17DB85A01850F576E667E7D943DB1C1477741D609E6A","ennkphjdgehloodpbhlhldgbnhmacadg":"0EB2AC02FE19FACA0557E4B1453A01990A956FAC80BB52D1475A5C73468F37AF","flllaefendgkfhdjnnmjkfchebmmiiai":"1D97AE07331A336AF34A0AB516458B5405523582DCEBD92A0C035B3908ECAEC6","gfdkimpbcpahaombhbimeihdjnejgicl":"9A5B5DF2C5FE80BB6AFFE3D2BB2C2CD06F77172E94DD8C44BF7EC574774D3577","gighmmpiobklfepjocnamgkkbiglidom":"3D859793DD3B85484CA4578D7BEB10398FA3420F29208468801668A11DBDA075","ifalmiidchkjjmkkbkoaibpmoeichmki":"40E92A8760BBD2F76D7500DF264BC63BE6AAA2CAB381F81536024DA31AE34157","khacmeffkobhfmndjomlnbblkdfmgnjg":"FE59E265A60C3852945305CF01432426742FB6165DFC98DB170DF714F017C48A","kmendfapggjehodndflmmgagdbamhnfd":"364BF8D6B0E180D83CF2BB4CB8F3A326E30328E5957DBF68AB19EDD6B78002F9","knipolnnllmklapflnccelgolnpehhpl":"DE52BE103C9C3832EEE59D05522C77849E7A6B3018797AD88D1123B5738DA030","lccekmodgklaepjeofjdjpbminllajkg":"E0821B97606D05992928343F868D147018CD54B5166C7EF7829AAE77E59D799E","mfehgcgbbipciphmccgaenjidiccnmng":"19F0228D40B7972F265F9981B5457F14F16E46921FB7DBC41F3B02AFA508E165","mgndgikekgjfcpckkfioiadnlibdjbkf":"C0DB2DCDCCD7D44170431BBD4B95E4F687C3CA28E52F39CB32D593B294FD7682","mhjfbmdgcfjbbpaeojofohoefgiehjai":"0C53DF620CB0412629D7B3E135EB76772F6F3EE01732F964920E7A80A0B76F7D","nbpagnldghgfoolbancepceaanlmhfmd":"7EEE10F2F460764864485AA2991554C71BD66DCD7439798D371AFBF1D53D60C3","ndibdjnfmopecpmkdieinmbadjfpblof":"71A6D4FB5D1EC75469751A031AEAB295216B41083B12E118B49710356FFB07B3","neajdppkdcdipfabeoofebfddakdcjhd":"EA25A0EF431E1CFA4007BF618AB720439C3739C465B10546EAB776A9D7016B75","ngkdkjcpebmjehnmifmggipfeeikgibo":"27BE524FED864980F5980A446EAFFAFF552C16E30CB9D2AC5312AEDAD7D610E4","nkeimhogjdpnpccoofpliimaahmaaome":"1F17E5A0AD54230BCAA5D319AD8BBB66C9F53A4EC6E7EE8DAE4E31FF7B76CE54","nmmhkkegccagdldgiimedpiccmgmieda":"0C1ABC7833066ABC191BDEE6DEA28C716B6D744E295562FBFB1C6A62D1075744","ohndfobmingccdaiefnbopoapjjgcgfp":"A8DA38D8BCDE0FA0F244B39DE291BFE18CAEA6D081BEF6A445553776F943A84C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"EBE34A273674B02EF8EDF9A9952B0DD74100421354C28835EE3893BAE490CE43","pjkljhegncpnkpknbcohdijeoejaedia":"F93CFECBBFB4975DB5807EDF6D6816E1901553C182634550FE2A222E3A743BFC"}},"google":{"services":{"last_username":"75C9688FCD61259311FF59113644B4752FE2A61429786C23130B1BEABCD3A630","username":"0535B1446701F641137A23774F5388301B5172026AEFF351B3A73EF60F11B393"}},"homepage":"FCA77F1926E51E9F37E18183E5B686BBDE1B7C214457FB28D5EB4E84BEB25854","homepage_is_newtabpage":"620A5E5C135B93D0ED0C76B00A887ED2300115DB99097C5B122A0B75313CFCE5","pinned_tabs":"8893C23CD87FF1BA47DEEB6FE53A44E37C40F1EEED7C5EB3BA6ADCF09DC8E3DE","prefs":{"preference_reset_time":"8D6E1312D6F5269E09D3F3CAEB78299CC3CB7BE8A0F713A96477717C2A58CB81"},"profile":{"reset_prompt_memento":"1EB4BEE8D1CBD572211A6E57E3B5B2F7387C1521F3CA15388EA4BE8608F1B97D"},"safebrowsing":{"incidents_sent":"8EA26295A17DC4CECAFAF33785B6A76B56B8D01A1EBDBAB8B3CBCFFD4BAC8F68"},"search_provider_overrides":"AECB18E0C9E30EE096521E062D03496F9FEEC55745D1C2DA274E75746F8BEB5F","session":{"restore_on_startup":"BBAAC8CA1916CF250ED3F2AEE42F2FE035D0C1886BD036BA953FF04D415F0572","startup_urls":"D4ADFB7D8108BED974D41E124B08A13EA78C88F5FBC2849CDD6C8937E72083D5"},"software_reporter":{"prompt_reason":"4DFF15C513421E1045B89E714D9B0A8D9C49FDC9CC10E1A540E5A980195E547A","prompt_seed":"AF1D8E9BF995A4EEBED9FF8BE69CEB9667272205B722E8B2335C30B2AFB1B31F","prompt_version":"3CF2597C15725E23B89F3B8D28AB8967AEAC21EC162057259CFDD5A46BE62B9E"},"sync":{"remaining_rollback_tries":"ECABB9B4DD77D0709C30AC85AFE912D6D6CFC398B293CCDE9290BB4A49570BBA"}},"super_mac":"777CA5E785E54E31F98EE15B6D2762D1DB6E65421DD31BBB91E02CC6E56B907A"},"session":{"restore_on_startup":4,"startup_urls":["http://google.com/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F032EE83136FF15488002EF9E5C5E9D7 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38EE230F-F631-451F-8800-E29F5E5C9E7D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F032EE83136FF15488002EF9E5C5E9D7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Living Room\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Living Room\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=452 folders=90 148874132 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Living Room\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LIVING~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 05/25/2015 at 18:21:09.60 ======================
 

TwinHeadedEagle

Moderator
Verified
Staff member
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
MUST READ - security tips:

MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is
very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.




Recommended additional software:
CCleaner - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 
Status
Not open for further replies.