I received an email from Microsoft on Thursday, indicating unusual attempts on my account early that morning. In an attempt to verify that the email came from Microsoft I contacted their support center, but was never able to get a direct answer, since the tech seemed more interested in scaring me in order to sell their PC repair services, which I declined. He insisted that my laptop must have been hacked, but it was not in use that morning, not connected to the internet, and not powered up at all. I ran the scan logs for this forum, and shut down the PC, intending to post them yesterday when I had more time.

I booted the PC yesterday, and Avast wasn’t able to load properly (firewall wouldn’t engage). I downloaded Avast again, scanned with SuperAntiSypware (only found adware tracking cookies), did an Avast boot scan and full system scan (found nothing infected).

See attached for the updated system logs (run today after the Avast scans). Is there anything on my PC to be concerned about? I’m not terribly tech savvy, so don’t know the next steps to take.

Thanks in advance for the assistance!

I do not see active malware, We’ll run another test.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

See attached for the new log. Thank you!

Absolutely clean laptop. How’s your laptop behaving, any problems?

Wonderful! I haven’t been using the laptop, other than reloading Avast and running all of the scans. I will need to use it tonight, will report if there are any issues.

Thanks again for all of your help!

Glad we could help.

The following will implement some post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

I’ve been using the pc this evening, and have noticed some things not running quite right. Some display settings have been changed, and are greyed out so I can’t change them back. Organize favorites function won’t load (unfortunately I use this a lot). Email doesn’t know what to do with the .mailhost file. Msconfig will load, but runs forever after you click apply, never finishes (used to make sure only certain non-microsoft services are running in order to speed up pc, suggested by EssexBoy).

Any suggestions? I browsed around the Microsoft website this evening, but didn’t find anything of use. System restore not an option, as the earliest point is after Delfix was run.

I appreciate your help!

Run FRST again and post fresh Scan report.

New FRST logs attached. When downloading FRST, I noticed a failed download attempt of DelFix at the same time, although I didn’t try to download DelFix. Should this be happening? Also, forgot to mention earlier that the display settings changed after the DelFix reboot.

Thanks for your help!

https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

AdwCleaner created two logs, so I attached them both. Thank you!

You have a recovery partition

Drive d: (HP_RECOVERY) (Fixed) (Total:8.13 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Hp recovery to factory default
https://www.youtube.com/watch?v=_0nQE7Fm3NE

Should I do the restore? I had to replace the hard drive once, and it took several hundred updates due to the age of the of the the pc.

Did AdwCleaner find something that the other tool did not? If so, any way to prevent future occurrences? I scan frequently with Avast, Malwarebytes, and SuperAntiSpyware to try to keep the pc clean.

Many thanks for all of the help.

How’s your computer behaving now?

Logs doesn’t show active infection.

It’s running faster, have not yet done the system restore due to the time required to process all of the windows updates. Are there any security issues from running as is? I understand that Microsoft will only be supporting the OS until 2017, so will need to replace it by then.