Jump to content

DHS ICE Ransomeware on old desktop!


Dbriem

Recommended Posts

I have an old desktop that runs WinXP that has the Department of Homeland Security ICE ransomeware. I can't boot into Safemode (Just restarts after hitting enter), It won't let me boot from USB and booting Last Known Good Config doesn't help either. I've tried to run OTLPENet.exe on a CD but it comes up an error with something like: "cda1000.sy_    (4096) at line 3540  d:\xpsrtm\base\boot\setup\setup.c "
Can this be removed or am I basically up the creek without a paddle.. fighting giant aliens without a giant robot.. Clinton without a Monica? Am I doomed to reformat?

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

I´ll handle you a paddle (because transformers are out of stock at the moment...)

 

 

 

Kaspersky Windows Unlocker

 

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus  Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

krd5.jpg

  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Wow.. Sorry about the late reply I just saw the response to the mail regarding reopening this thread right after I posted a new topic, lol. Things have been hectic, my apologies. 

I used the Kaspersky 10 Rescue Disk to remove the Ransomware and after being able to access the desktop I ran MBAM and DDS just to be safe but I want to know this system is good to go before all this happened as it's still being a bit sluggish. I've just attached the DDS logs but I can also post the MBAM if needed.
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:37:02 on 2013-11-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.608 [GMT -7:00]
.
AV: OMG Total Protection OMG Total Protection *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{D0F1D738-F426-4D3A-B448-799ECFCD6B5C} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gbcac4do.default\
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-27 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-27 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-27 22856]
.
=============== Created Last 30 ================
.
2013-11-27 09:51:15 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-11-27 09:51:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\MFAData
2013-11-27 09:51:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Avg2014
2013-11-27 09:51:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-11-27 09:48:11 -------- d-----w- c:\program files\MSECache
2013-11-27 09:32:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-11-27 08:38:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2013-11-27 08:08:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2013-11-27 07:56:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-11-27 07:51:50 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-27 07:43:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-27 07:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-25 23:29:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-11-25 23:18:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple
2013-11-18 19:23:49 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2013-11-18 11:49:02 -------- d-----w- c:\windows\tmp
2013-11-05 03:00:58 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-04 23:32:55 393 ----a-w- c:\documents and settings\all users\application data\w9qqfrbn.reg
2013-10-31 00:13:39 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2013-10-29 16:44:08 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2013-10-29 16:44:08 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2013-10-29 16:44:08 281104 ----a-w- c:\windows\system32\wpcap.dll
2013-10-29 16:44:08 100880 ----a-w- c:\windows\system32\Packet.dll
2013-10-29 16:43:48 -------- d-----w- c:\program files\NETGEAR
.
==================== Find3M  ====================
.
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec
2013-09-20 15:38:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 15:38:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-09 08:52:46 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-09-09 08:52:46 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-09-09 08:52:46 479232 ----a-w- c:\windows\system32\msvcm80.dll
.
============= FINISH: 11:37:59.82 ===============
 
 
_______________________________________________________________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/13/2012 12:52:26 PM
System Uptime: 11/27/2013 11:27:19 AM (0 hours ago)
.
Motherboard: Micro-Star Inc.                  |  | MS-6534                         
Processor:               Intel® Pentium® 4 CPU 1.60GHz | PGA478                           | 1600/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 0.558 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/18/2013 12:24:23 PM - System Checkpoint
RP2: 11/27/2013 1:38:09 AM - Installed Apple Application Support
RP3: 11/27/2013 2:09:54 AM - Software Distribution Service 3.0
RP4: 11/27/2013 2:19:22 AM - Software Distribution Service 3.0
RP5: 11/27/2013 2:29:37 AM - Installed Microsoft Office Professional Edition 2003
RP6: 11/27/2013 2:49:08 AM - Installed Compatibility Pack for the 2007 Office system
.
==== Installed Programs ======================
.
Apple Application Support
Compatibility Pack for the 2007 Office system
Hotfix for Windows Media Format 11 SDK (KB929399)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Professional Edition 2003
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2900986)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
WebFldrs XP
WinRAR 5.01 beta 1 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/27/2013 3:01:42 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
11/27/2013 12:50:30 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect.
11/27/2013 12:50:30 AM, error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/25/2013 4:47:58 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.28.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Owner :: CUSTOM [administrator]

 

Protection: Enabled

 

11/27/2013 1:12:30 AM

mbam-log-2013-11-27 (01-12-30).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 252081

Time elapsed: 25 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\WhiteSmoke_New_V4 (PUP.Optional.WhiteSmoke.A) -> No action taken.

 

Files Detected: 28

C:\Documents and Settings\User\Local Settings\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> No action taken.

C:\Documents and Settings\User\Local Settings\Temp\ins2717\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Program Files\WhiteSmoke_New_V4\tbWhit.dll (PUP.Optional.WhiteSmoke.A) -> No action taken.

C:\Program Files\WhiteSmoke_New_V4\toolbar.cfg (PUP.Optional.WhiteSmoke.A) -> No action taken.

C:\Program Files\WhiteSmoke_New_V4\WhiteSmoke_New_V4ToolbarHelper.exe (PUP.Optional.WhiteSmoke.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AMJ15OO2\SkywalkerSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QF4ST24S\WSSetup[2].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites

I posted a new topic and right after noticed this was reopened but I was told to run Roguekiller so here it is if you need it.

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 11/27/2013 15:42:47
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[user][sUSP PATH] w9qqfrbn.lnk : C:\Documents and Settings\User\Start Menu\Programs\Startup\w9qqfrbn.lnk @C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\nbrfqq9w.dss,XL200 [-][7][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) MAXTOR 6L040J2 +++++
--- User ---
[MBR] 4ea0112aa27b3c54844a7d0e603ec229
[bSP] 28fcf281fff284a9967a63da059c1629 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] dad67e4ea6a2a2714c741ed25da9c136
[bSP] d8f84a22f20915bddda5fc78877043df : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7396 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_11272013_154247.txt >>
Link to post
Share on other sites

Fix everything Roguekiller found.

Then run ESET:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AMJ15OO2\WSSetup[1].exe    multiple threats
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QF4ST24S\update[1]    multiple threats
C:\Documents and Settings\Owner\Local Settings\Temp\dlm1D.tmp\DownloadXPro.exe    Win32/OpenCandy application
C:\Documents and Settings\Owner\My Documents\cbsidlm-cbsi145-DownloadX_ActiveX_Download_Control-SEO-10911713.exe    a variant of Win32/CNETInstaller.B application
C:\Documents and Settings\User\Local Settings\Temp\Optimizer_Pro.exe    multiple threats
C:\Documents and Settings\User\Local Settings\Temp\551BF67B-BAB0-7891-9472-782349FD0755\Latest\ccp.exe    Win32/Toolbar.Babylon.M application
C:\Documents and Settings\User\Local Settings\Temp\551BF67B-BAB0-7891-9472-782349FD0755\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E application
C:\Documents and Settings\User\Local Settings\Temp\ins2717\OptimizerPro.exe    probably a variant of Win32/SpeedingUpMyPC.B application
C:\Documents and Settings\User\Local Settings\Temp\scoped_dir_5140_29369\CRX_INSTALL\background.html    Win32/Toolbar.Perion.D application
C:\Program Files\Driver Pro\DPSmartScan.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\WINDOWS\Temp\dpsetup.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\WINDOWS\Temp\INJ001\ExtensionUpdate.exe    multiple threats
 

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.