Hi. I’m new here and I could use any help I could get with this despicable malware that’s been redirecting everything. Thanks in advance. The OTS scan is attached
UPDATE: I ran Malwarebytes, AVG, and Spybot again. The first two found more malware, so I ran OTS again. The new OTS scan is attached, if it makes any difference.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1343024091-413027322-1801674531-1004\] > ->
YN -> HKEY_USERS\S-1-5-21-1343024091-413027322-1801674531-1004\: "ProxyEnable" -> 1
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Vera Evans\Application Data\Mozilla\FireFox\Profiles\t4y5yju2.default\prefs.js
YN -> network.proxy.http -> "127.0.0.1"
YN -> network.proxy.http_port -> 54889
YN -> network.proxy.type -> 0
< FireFox Extensions [User Folders] > ->
YY -> XUL Cache -> C:\Documents and Settings\Vera Evans\Application Data\Mozilla\Firefox\Profiles\t4y5yju2.default\extensions\{0ff8d653-d8b1-4823-929e-9a48beefbf54}
YY -> XUL Cache -> C:\Documents and Settings\Vera Evans\Application Data\Mozilla\Firefox\Profiles\t4y5yju2.default\extensions\{2e06b84b-b5bf-45a5-b595-80f9ece38bbb}
YY -> XUL Cache -> C:\Documents and Settings\Vera Evans\Application Data\Mozilla\Firefox\Profiles\t4y5yju2.default\extensions\{56e6ccd0-c6e7-4511-823e-53cfc9e58894}
YY -> XUL Cache -> C:\Documents and Settings\Vera Evans\Application Data\Mozilla\Firefox\Profiles\t4y5yju2.default\extensions\{75e2e9c9-c65f-4a59-b393-1040de69c7db}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {17D57093-2F87-4429-B080-9E7B30583086} [HKLM] -> [Reg Error: Value error.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\cryptdlg32.exe" -> [C:\WINDOWS\system32\cryptdlg32.exe:*:Enabled:Windows Update Service]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\cryptdlg32.exe" -> [C:\WINDOWS\system32\cryptdlg32.exe:*:Enabled:Windows Update Service]
[Files/Folders - Modified Within 30 Days]
NY -> 1591749462 -> C:\WINDOWS\System32\1591749462
[Files - No Company Name]
NY -> 623A.450 -> C:\Documents and Settings\Vera Evans\Application Data\623A.450
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.