My dad has the FBI Ransom Virus

[BertArnett]

Hi my dads computer got the new FBI Ransom virus would like some help. It is the one that shuts down safe mode and also blocks resetting computer to a previous version. here are the logs you have asked from others with the same issue.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013 04

Ran by SYSTEM on 12-06-2013 20:39:12

Running from F:\

Windows 7 Professional (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-11] (Realtek Semiconductor)

HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-12] ()

HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()

HKLM\...\Run: [] [x]

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)

HKU\user\...\Winlogon: [shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat <==== ATTENTION

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk

ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()

BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)

S2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

S4 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)

S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation)

S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-22] (AVG Technologies CZ, s.r.o.)

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )

S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )

S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )

S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )

S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)

S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)

S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)

S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-12] (AVG Technologies)

S4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)

S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-12 20:38 - 2013-06-12 20:38 - 00000000 ____D C:\FRST

2013-06-12 14:00 - 2013-06-12 16:42 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini

2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-16 06:16 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-16 06:16 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-16 06:16 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-16 06:16 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-16 06:16 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-16 00:04 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 00:04 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 00:04 - 2013-04-04 21:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 00:04 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 00:04 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 00:04 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 00:04 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-15 10:08 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 10:08 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 10:08 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 10:08 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 10:08 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

==================== One Month Modified Files and Folders ========

2013-06-12 20:38 - 2013-06-12 20:38 - 00000000 ____D C:\FRST

2013-06-12 19:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles

2013-06-12 16:42 - 2013-06-12 14:00 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini

2013-06-12 16:39 - 2013-04-29 15:49 - 00000306 ____A C:\Windows\Tasks\qoln.job

2013-06-12 16:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-12 16:39 - 2009-07-13 20:39 - 00053830 ____A C:\Windows\setupact.log

2013-06-12 15:01 - 2009-07-13 20:55 - 01382999 ____A C:\Windows\WindowsUpdate.log

2013-06-12 14:39 - 2012-05-08 06:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-12 14:07 - 2011-01-10 19:15 - 00000000 ____D C:\Windows\System32\Drivers\AVG

2013-06-12 14:07 - 2011-01-10 18:30 - 00000000 ____D C:\ProgramData\MFAData

2013-06-11 21:42 - 2012-05-08 06:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-11 21:42 - 2011-10-17 20:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-11 14:17 - 2013-01-23 18:37 - 00000000 ____D C:\Users\user\Documents\10K

2013-06-10 17:59 - 2011-01-10 20:41 - 00000000 ____D C:\Users\user\Documents\Mom

2013-06-10 16:50 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-10 16:50 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-10 09:11 - 2011-01-10 20:34 - 00000000 ____D C:\Users\user\Documents\Mahlon's

2013-06-10 06:27 - 2011-05-07 09:21 - 00000000 ____D C:\Users\user\Documents\Pagan

2013-06-09 18:19 - 2011-01-09 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2013-06-09 18:19 - 2010-12-11 04:56 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-29 19:57 - 2011-01-13 06:57 - 00376832 __ASH C:\Users\user\Documents\Thumbs.db

2013-05-29 13:36 - 2009-07-13 20:53 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-29 10:09 - 2011-01-10 20:45 - 00000000 ____D C:\Users\user\Documents\Politics

2013-05-23 13:30 - 2011-01-10 20:22 - 00000000 ____D C:\Users\user\Documents\Arnett Farm

2013-05-20 00:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2013-05-19 13:57 - 2012-05-04 11:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-05-18 09:11 - 2011-01-10 20:24 - 00000000 ____D C:\Users\user\Documents\Farm

2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-16 07:41 - 2011-01-10 20:31 - 00000000 ____D C:\Users\user\Documents\Hutto EdF

2013-05-16 00:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-16 00:22 - 2009-07-13 20:33 - 02373080 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 00:05 - 2011-01-09 15:43 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-16 00:00 - 2011-01-10 19:23 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:

====================

C:\Users\user\avg_isc_stb_all_2012_2180.exe

C:\Users\user\AppData\Roaming\skype.dat

C:\Users\user\AppData\Roaming\skype.ini

C:\Users\user\Application Data\skype.dat

C:\Users\user\Application Data\skype.ini

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 4060.8 MB

Available physical RAM: 3553.71 MB

Total Pagefile: 4059.08 MB

Available Pagefile: 3559.18 MB

Total Virtual: 2047.88 MB

Available Virtual: 1919.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.03 GB) (Free:146.22 GB) NTFS

Drive e: (HP DJ1050_J410) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

Drive f: (STORE'N'GO) (Removable) (Total:3.76 GB) (Free:3.74 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (RECOVERY) (Fixed) (Total:10.76 GB) (Free:6.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: EC0328C2)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 2C6B7369)

Partition 1: (Not Active) - (Size=883 GB) - (Type=68)

Partition 2: (Not Active) - (Size=257 GB) - (Type=79)

Partition 3: (Not Active) - (Size=667 GB) - (Type=53)

Partition 4: (Not Active) - (Size=10 MB) - (Type=49)

LastRegBack: 2013-06-02 21:40

==================== End Of Log ============================

and

Farbar Recovery Scan Tool (x86) Version: 12-06-2013 04

Ran by SYSTEM at 2013-06-12 20:40:39

Running from F:\

Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

If you need anything else please let me know I will be checking back and e-mail. Thank you for any help in advance he is on SS and does not have a lot of money to spend if we can take care of this here.

[D-FRED-BROWN]

Hello BertArnett and welcome to Malwarebytes!

On the clean computer,

• </p><p>
• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  
• Right-click in the open notepad and select Paste).
  
• Save it on the flashdrive as fixlist.txt
  
  

  HKLM\...\Run: [] [x]HKU\user\...\Winlogon: [shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat <==== ATTENTION
  C:\Users\user\AppData\Roaming\skype.dat
  C:\Users\user\AppData\Roaming\skype.ini
  C:\Users\user\Application Data\skype.dat
  C:\Users\user\Application Data\skype.ini
  2013-06-12 16:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
  2013-06-12 16:42 - 2013-06-12 14:00 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
  2013-06-12 16:39 - 2013-04-29 15:49 - 00000306 ____A C:\Windows\Tasks\qoln.job
  2013-06-12 14:39 - 2012-05-08 06:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  Now please enter System Recovery Options on the infected computer.
  Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. Afterwards, are you able to boot into Normal Mode now?
  Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.
  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Note:
  Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
  
  

  -------> Your topic will be closed if you haven't replied within 3 days! <--------

  (If I don't respond within 24 hours, please send me a PM)
  
  -DFB

[BertArnett]

Worked great! My parents thank you After I got it back up ran Malewarebytes rootkit tool. Then I ran AVG again everything came up clean. For your request.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-06-2013 04

Ran by SYSTEM at 2013-06-12 22:08:44 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKU\user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\user\AppData\Roaming\skype.dat => Moved successfully.

C:\Users\user\AppData\Roaming\skype.ini => Moved successfully.

C:\Users\user\Application Data\skype.dat => File/Directory not found.

C:\Users\user\Application Data\skype.ini => File/Directory not found.

C:\Windows\Tasks\SA.DAT => Moved successfully.

C:\Users\user\AppData\Roaming\skype.ini => File/Directory not found.

C:\Windows\Tasks\qoln.job => Moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.

==== End of Fixlog ====

Once again thanks!

[D-FRED-BROWN]

Glad to hear you're able to boot. Let's start cleaning up the rest.

As a general precaution I would advise you to change any personal account passwords that you used while infected.

If you did any online transactions or banking while you were infected, I would definitely let your banking institutions know of the situation.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

[D-FRED-BROWN]

Are you still with me?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!