magna86
10
@m_a_k
We shall remove all malware from your system and then I will ask FRST Quarantine folder for analysis. First things first …
MCShield has been detect malware source in the third USB mem device (the latest one that you have been attach to USB for MCShield scanning ) and malware is removed now.
Please do the following:
----- FIX -----
- Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
START
File: C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [usbAl] - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs [150772 2013-07-28] () <===== ATTENTION
HKCU\...\Run: [usbAl] - C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs [150772 2013-07-28] () <===== ATTENTION
Startup: C:\Documents and Settings\Windows XP Pro\Start Menu\Programs\Startup\usbAl.vbs ()
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=BCB3001E8C0CDCC4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=BCB3001E8C0CDCC4
FF SearchPlugin: C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\BrowserProtect.xml
C:\Documents and Settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\searchplugins\delta.xml
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
File: C:\WINDOWS\system32\ztvunrar36.dll
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
CMD: ipconfig /flushdns
Hosts:
END
-
Save notepad as fixlist.txt
NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
-
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
----- next -----
Re-check:
Re-run FRST, just hit Scan button and attach here fresh created FRST.txt logreport.
----- next -----
Please find C:\FRST[b]Quarantine[/b] folder, zip-it / rar-it with password and please upload file here:
http://www.wikisend.com
Please post me here download link.