Malware infection, help!

jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
I have a walware that slows computer to the point of non functioning. No system restore points are available. Attached requested reports. Thanks for any help.
 

Attachments

  • aswMBR.txt
    1.7 KB · Views: 128
  • AdwCleaner[R1].txt
    1.2 KB · Views: 78
  • Addition.txt
    29.7 KB · Views: 88
  • FRST.txt
    40.1 KB · Views: 99
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Please do not use any kind of USB until I tell you so. Unplug it and leave it, until we clean the system...


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • fixlist.txt
    3 KB · Views: 149
Last edited:
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
TwinHeadedEagle said:
Hi,


Please do not use any kind of USB until I tell you so. Unplug it and leave it, until we clean the system...


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
Click to expand...
 
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
Please be patient with me, I don't know what is meant by "
Please do not use any kind of USB until I tell you so. Unplug it and leave it"
 
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
I downloaded again to desktop, but don't see any file named fixlist. I am running in safe mode.
 
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
I saw on another site that I can make my own fixlist file. I tried putting the FRST64.exe in the trash, emptied the trash, restarted the computer, re downloaded it and still no fixlist. Ugh.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, let's try another way

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKCU - {087D5106-1535-4578-8BBA-EAC9AE4F691D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
SearchScopes: HKCU - {41A8DB0B-2F9D-49B0-B144-526B4553B60B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2C9E0839-5C82-4841-A06D-9754964ECD48&apn_sauid=F583E342-2D42-419E-84B2-DFB9F4D31858
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111023&iesrc={referrer:source}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\melnicks\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {7E4B3142-E3DA-45AB-B8C3-AC96F714CD4C} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {956C18DC-C5B8-438B-B978-34976B73C4C3} - System32\Tasks\5035 => Wscript.exe C:\Users\melnicks\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\melnicks\AppData\Local\Temp\launchie.vbs
cmd: ipconfig /flushdns
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
 
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
Since I didn't hear back from you last night, I used the How to remove trojans, spyware, rogues and other malware guide to try and further remove any problems. I ran Kaspersky TDSSKiller, it didn't find anything, and I ran HitmanPro, it deleted some stuff. Because of this, I am running the scans again and will post the resulting .txt docs soon. Thank you very much.
 
jenna mel

jenna mel

New Member
Thread author
Verified
Jan 5, 2014
34
Okay, I have the new scans attached. Will be looking out for your reply. Thank you again.
 

Attachments

  • AdwCleaner[R2].txt
    1.1 KB · Views: 71
  • Addition.txt
    29.8 KB · Views: 86
  • aswMBR.txt
    1.9 KB · Views: 77
  • FRST.txt
    41.7 KB · Views: 82

Similar threads

tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
325
Windows Malware Removal Help & Support
icotonev
icotonev
P
  • Locked
Microsoft Edge infected w/"yahoo search redirect virus"
Replies
7
Views
511
Windows Malware Removal Help & Support
nasdaq
nasdaq
gamblinglover23
  • Locked
Help with FRST
Replies
7
Views
509
Windows Malware Removal Help & Support
gamblinglover23
gamblinglover23

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top