Malware infection, help!

Hi,


Please do not use any kind of USB until I tell you so. Unplug it and leave it, until we clean the system...


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

Last edited:
TwinHeadedEagle said:
Hi,


Please do not use any kind of USB until I tell you so. Unplug it and leave it, until we clean the system...


Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
Click to expand...
 
Please be patient with me, I don't know what is meant by "
Please do not use any kind of USB until I tell you so. Unplug it and leave it"
 
I downloaded again to desktop, but don't see any file named fixlist. I am running in safe mode.
 
I saw on another site that I can make my own fixlist file. I tried putting the FRST64.exe in the trash, emptied the trash, restarted the computer, re downloaded it and still no fixlist. Ugh.
 
Ok, let's try another way

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyCtA0AtAyEzyyBtDyCzztN0D0Tzu0SyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1567245084&ir=
SearchScopes: HKCU - {087D5106-1535-4578-8BBA-EAC9AE4F691D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
SearchScopes: HKCU - {41A8DB0B-2F9D-49B0-B144-526B4553B60B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=2C9E0839-5C82-4841-A06D-9754964ECD48&apn_sauid=F583E342-2D42-419E-84B2-DFB9F4D31858
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111023&iesrc={referrer:source}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\melnicks\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {7E4B3142-E3DA-45AB-B8C3-AC96F714CD4C} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {956C18DC-C5B8-438B-B978-34976B73C4C3} - System32\Tasks\5035 => Wscript.exe C:\Users\melnicks\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\melnicks\AppData\Local\Temp\launchie.vbs
cmd: ipconfig /flushdns
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
 
Since I didn't hear back from you last night, I used the How to remove trojans, spyware, rogues and other malware guide to try and further remove any problems. I ran Kaspersky TDSSKiller, it didn't find anything, and I ran HitmanPro, it deleted some stuff. Because of this, I am running the scans again and will post the resulting .txt docs soon. Thank you very much.
 

You may also like...