flash drive infection

I have the same problem as this users post. please help. I’ve done step 2 GMER.

http://forum.avast.com/index.php?topic=138715.0

:slight_smile:

Then, follow instructions for other two tools and attach reports…

how do I attach? I tried copying and pasting, didnt work.

Click Attachments and other options below type field…

thanks.

Ok, do not use USB until we clean system. Unplug it, and do not use it!

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

() C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKLM\...\Run: [bsrcifwdwj] - C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs [73993 2013-08-09] () <===== ATTENTION
HKLM\...\Run: [83202a340eb5a597bdd6a5a7999d30e7] - C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe [120320 2013-11-24] () <===== ATTENTION
C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs
C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe
HKLM\...\Run: [uyhhjfselh] - C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs [128757 2013-12-13] () <===== ATTENTION
C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs
HKCU\...\Run: [bsrcifwdwj] - C:\Users\Administrator\AppData\Local\Temp\bsrcifwdwj..vbs [73993 2013-08-09] () <===== ATTENTION
HKCU\...\Run: [83202a340eb5a597bdd6a5a7999d30e7] - C:\Users\Administrator\AppData\Local\Temp\Livemocha.exe [120320 2013-11-24] () <===== ATTENTION
HKCU\...\Run: [uyhhjfselh] - C:\Users\Administrator\AppData\Local\Temp\uyhhjfselh.vbs [128757 2013-12-13] () <===== ATTENTION
MountPoints2: {37b685a8-2d35-11e3-9bd4-001fc65f6dab} - J:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\83202a340eb5a597bdd6a5a7999d30e7.exe ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bsrcifwdwj..vbs ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uyhhjfselh.vbs ()
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyCyD0FyC0D0A0B0EtC0DzytN0D0Tzu0CyCtBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1885743359&ir=
C:\Users\Administrator\AppData\Local\Temp
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Done.

shall I move on to step MCShield?

Re-run FRST, press Scan and attach fresh report.

ok. Rescanned.

Good, PC is clean, procede with MCShield step…

Great! Thanks. You are the man.

???

We’re not yet done, follow my instructions…