Sign in to follow this  
Bridie

Help please

Recommended Posts

The malware currently on my pc keeps launching whatever browser i'm using - whether explorer or firefox. It launches so many windows that everything gets disabled. I ran a scan last eve and everything appeared to be OK for a few minutes, but the malware came back. I cannot use the pc. I tried sending a support claim a few moments ago, but the computer shut down. Can you help me? I'm ready to tear out my hair and/or throw this foolish machine out the window! Please and thank you

 

FRST.txtAddition.txt

Share this post


Link to post
Share on other sites

Hi Bridie,

1. The following script will empty the recycle bin and all folders for temporary files. Check that you don't have anything you want to keep in those locations.

Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{AF77B443-C614-4430-9F4B-58673BEE23DA}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{AF77B443-C614-4430-9F4B-58673BEE23DA}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{CF0CE3DD-3AEF-414A-829C-E4A2A9CC675B}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{E219CD39-C589-41E0-A306-9B1F7A8271C0}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{E219CD39-C589-41E0-A306-9B1F7A8271C0}: [DhcpNameServer] 82.163.143.171
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
2016-06-24 07:05 - 2016-06-24 07:05 - 00000000 ____D C:\ProgramData\9d1ecae7-4375-0
2016-06-24 07:01 - 2016-06-24 07:01 - 00022156 _____ C:\Windows\System32\Tasks\DNSWAXHAW
2016-06-24 07:00 - 2016-06-24 19:06 - 00000000 ____D C:\ProgramData\2ebe6e54
2016-06-24 07:00 - 2016-06-24 07:01 - 00000000 ____D C:\Program Files (x86)\DNSWAXHAW
2016-06-24 07:00 - 2016-06-24 07:00 - 00000000 ____D C:\ProgramData\9d1ecae7-5d97-0
2016-06-24 07:00 - 2016-06-24 07:00 - 00000000 ____D C:\ProgramData\{33151041-112c-0}
2016-06-24 07:00 - 2016-06-24 07:00 - 00000000 ____D C:\ProgramData\{027c622d-212c-1}
2016-06-24 07:01 - 2016-05-26 19:48 - 00000000 ____D C:\ProgramData\f634f4b5-7b25-1
2016-06-24 07:00 - 2016-05-26 19:48 - 00000000 ____D C:\ProgramData\f634f4b5-1507-0
Task: {2E0F0B6C-E99A-492E-8EF6-2B0324A3C5F7} - System32\Tasks\DNSWAXHAW => dnswaxhaw.exe <==== ATTENTION
Task: {E4F83E3C-2805-4B0A-A2F6-628B495FA611} - \{416F53F0-D003-987B-E6CA-1E9D54A58857} -> No File <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4077693427-1581472121-3924307612-1001\...\webcompanion.com -> hxxp://webcompanion.com
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
EmptyTemp:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.

Please, save FRST on the desktop, it can't be run from the webpage.

Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

2. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats (important since false positives might be detected).

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this