Hello asif105a and welcome to avast!. I will be working on your Malware issues.
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.
Please stay with me until given the ‘all clear’ even if symptoms seemingly abate.
Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper
This thread is now just yours. I have take a look into posted logs. Please be noted, in future you should opet your own thread.
Original post from: https://forum.avast.com/index.php?topic=170976.msg1216855#msg1216855
Posted MBAM logs shows no malware found. So, I assume that this isn’t a log from first scan. Doesn’t matter …
First, from your Control Panel > Programs and Features try to uninstall the following malicius software:
- Internet Explorer Toolbar 4.9 by SweetPacks
- jZip
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: ipconfig /flushdns
CloseProcesses:
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4279435140-1705672755-3175951275-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=102&v=n11496-297&apn_uid=5581313414104801&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
Hosts:
C:\ProgramData\msnir.exe
C:\Program Files (x86)\Music Toolbar
RemoveProxy:
FirewallRules: [{6BA275C8-3EF7-4423-908C-2A3A6AA61D09}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{2A7D2302-61FD-42E4-8E89-B7A34C108955}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
EmptyTemp:
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.