Hi,
My avast! is blocking harmful webpages. When they aren’t blocked my speakers are playing random commercials, music, and some tv shows. I’ve ran malwarebyes, mbar, tdsskiller, rkill, ad-aware, ccleaner, (avast!), and Combofix. I’ll attach the log files I have already completed, any help is appreciated.
one of the details from Web Shield are: Object: hxxp://dark-swx.net/task/2000/ Infection: URL:Mal Process: C:\Windows\System32\svchost.exe
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKLM\...\Run: [Bdagent] - "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
CMD: DEL %TEMP%\*.* /F /S /Q
End
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
Everything seems fine. Thanks for all the help. Sorry about the delayed response. We were blessed with 13.5 inches of snow Sunday and I was unable to get to my computer to verify. The music has stopped. I don’t see any other issues. I’m not completely computer illiterate, so I think I’d know if it was still infected.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt