Laptop infected with FBI Moneypack virus!

[Marvel]

Hi,

The laptop is infected with FBI malware virus. All safe modes are disabled. Its running Windows 7 Home Premium x64. I have followed the procedure and ran the FRST scan.

Below is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013

Ran by SYSTEM on 15-05-2013 18:53:51

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-11] (IDT, Inc.)

HKLM-x32\...\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)

HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2011-10-28] (Bradford Networks)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [83232 2013-04-23] (Sendori, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKU\Lulu\...\Run: [bitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [12761392 2012-03-13] (www.BitComet.com)

HKU\Lulu\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Lulu\...\Run: [GoogleChromeAutoLaunch_6332051E4FB2A17A548BE37C90C23E53] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)

HKU\Lulu\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKU\Lulu\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

HKU\Lulu\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)

HKU\Lulu\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Lulu\Documents\769af278.exe [25088 2013-05-14] ()

HKU\Lulu\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Lulu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-04-23] (Sendori, Inc.)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)

S2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3079960 2011-10-28] (Bradford Networks)

S2 ctrlcenter EasySupport; C:\Program Files (x86)\ctrlcenter EasySupport\esService.exe [991680 2012-10-11] (Support.com, Inc.)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [19744 2013-04-23] (sendori)

S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-04-23] (Sendori)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-12-11] (Broadcom Corporation.)

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-12-11] (Broadcom Corporation.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)

S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-10-08] (support.com, Inc)

S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-15 18:31 - 2013-05-15 18:31 - 00000000 ____D C:\FRST

2013-05-14 19:27 - 2013-05-14 19:27 - 00404877 ____A C:\Users\Lulu\AppData\Local\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00404864 ____A C:\Users\Lulu\AppData\Roaming\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00404861 ____A C:\ProgramData\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00025088 ____A C:\Users\Lulu\Documents\769af278.exe

2013-05-08 19:45 - 2013-05-08 19:45 - 00002166 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-05-08 19:45 - 2013-05-08 19:45 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-05-08 19:45 - 2013-05-08 19:45 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-05-01 09:06 - 2013-05-01 09:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-01 09:05 - 2013-05-01 09:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-01 09:05 - 2013-05-01 09:06 - 00000000 ____D C:\Program Files\iTunes

2013-05-01 09:05 - 2013-05-01 09:06 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-01 09:05 - 2013-05-01 09:05 - 00000000 ____D C:\Program Files\iPod

2013-04-23 12:18 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-15 18:31 - 2013-05-15 18:31 - 00000000 ____D C:\FRST

2013-05-15 16:57 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-15 16:56 - 2012-06-13 09:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-15 16:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-15 16:56 - 2009-07-13 20:51 - 00072393 ____A C:\Windows\setupact.log

2013-05-15 16:31 - 2010-11-20 19:47 - 00777082 ____A C:\Windows\PFRO.log

2013-05-15 16:01 - 2011-12-04 23:58 - 00000262 ____A C:\Windows\Tasks\HP Photo Creations Messager.job

2013-05-15 16:00 - 2011-10-20 18:57 - 01082329 ____A C:\Windows\WindowsUpdate.log

2013-05-15 15:47 - 2013-03-12 19:52 - 08534408 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-05-15 15:47 - 2012-06-13 09:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 15:47 - 2011-07-28 15:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-15 15:46 - 2012-06-06 09:22 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-14 20:15 - 2012-06-06 09:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-14 19:27 - 2013-05-14 19:27 - 00404877 ____A C:\Users\Lulu\AppData\Local\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00404864 ____A C:\Users\Lulu\AppData\Roaming\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00404861 ____A C:\ProgramData\2433f433

2013-05-14 19:27 - 2013-05-14 19:27 - 00025088 ____A C:\Users\Lulu\Documents\769af278.exe

2013-05-14 19:27 - 2011-11-30 05:44 - 00000000 ____D C:\Users\Lulu\Documents\Youcam

2013-05-14 19:23 - 2012-06-06 09:22 - 00000000 ____D C:\Users\Lulu\AppData\Roaming\BitComet

2013-05-14 13:55 - 2013-01-16 16:55 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-14 13:49 - 2011-12-11 18:57 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-05-14 10:09 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-14 10:09 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-14 10:02 - 2012-11-24 10:54 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-05-14 10:02 - 2011-12-18 22:45 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForLulu.job

2013-05-14 09:55 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup

2013-05-08 19:53 - 2011-12-18 18:12 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-05-08 19:45 - 2013-05-08 19:45 - 00002166 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-05-08 19:45 - 2013-05-08 19:45 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-05-08 19:45 - 2013-05-08 19:45 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2013-05-08 19:45 - 2011-07-28 15:43 - 00000000 ____D C:\ProgramData\Adobe

2013-05-07 21:28 - 2011-12-05 20:46 - 00000000 ____D C:\Users\Lulu\AppData\Roaming\Skype

2013-05-07 08:49 - 2012-09-06 17:57 - 00000000 ____D C:\Users\Lulu\Documents\university of the pacific

2013-05-06 16:19 - 2012-09-05 08:02 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-06 16:19 - 2011-12-05 20:45 - 00000000 ____D C:\ProgramData\Skype

2013-05-01 09:06 - 2013-05-01 09:06 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-01 09:06 - 2013-05-01 09:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-01 09:06 - 2013-05-01 09:05 - 00000000 ____D C:\Program Files\iTunes

2013-05-01 09:06 - 2013-05-01 09:05 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-01 09:05 - 2013-05-01 09:05 - 00000000 ____D C:\Program Files\iPod

2013-04-25 11:19 - 2011-12-11 19:24 - 00000000 ____D C:\Users\Lulu\AppData\Local\CrashDumps

2013-04-25 03:17 - 2012-12-15 13:36 - 00000000 ____D C:\ProgramData\Sendori

2013-04-25 03:17 - 2012-12-15 13:36 - 00000000 ____D C:\Program Files (x86)\Sendori

2013-04-23 14:13 - 2012-12-15 13:36 - 00325920 ____A (Sendori) C:\Windows\SysWOW64\Sendori.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-26 06:40:47

Restore point made on: 2013-04-02 08:23:19

Restore point made on: 2013-04-09 08:21:46

Restore point made on: 2013-04-10 05:51:12

Restore point made on: 2013-04-18 20:51:11

Restore point made on: 2013-04-24 06:13:58

Restore point made on: 2013-05-01 08:41:14

Restore point made on: 2013-05-14 09:54:41

Restore point made on: 2013-05-14 09:55:07

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 4043.86 MB

Available physical RAM: 3285.36 MB

Total Pagefile: 4042.01 MB

Available Pagefile: 3269.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.11 GB) (Free:475.9 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive e: (Recovery) (Fixed) (Total:20.9 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 (Disk=0 Partition=4)

Drive h: (HP v125w) (Removable) (Total:3.73 GB) (Free:0.38 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 96A83840)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=571 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)

Last Boot: 2013-05-14 09:18

==================== End Of Log ============================

[MrCharlie]

Looking at it now.....MrC

[MrCharlie]

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

[Marvel]

The laptop seems to be working fine now. Thanks Charlie for your time and help.

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013

Ran by SYSTEM at 2013-05-16 16:57:24 Run:1

Running from H:\

Boot Mode: Recovery

==============================================

HKEY_USERS\Lulu\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.

HKEY_USERS\Lulu\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\Lulu\AppData\Local\2433f433 => Moved successfully.

C:\Users\Lulu\AppData\Roaming\2433f433 => Moved successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\Lulu\Documents\769af278.exe => Moved successfully.

==== End of Fixlog ====

Running Malwarebytes scan now ... I do have a quick question, is the virus all removed on do I still need to run AV and rootkit scans?

Thanks

[MrCharlie]

Yes we have to run a couple of scans to make sure you're clean:

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

[Marvel]

Ran Malwarebytes scan and it come out clean.

Ran Malwarebytes Anti-Rootkit and it came out clean as well.

Internet, Windows Updates and Firewall is also functional.

The problem seems to have been fixed.

Thanks Charlie for all your great help and fast response.

[MrCharlie]

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!