Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infected HELP browser hijackers and no admin control

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 3:45 am

Shortcut.txt was too long to fit in , so I had to upload it.

Mostly no changes in computer behavior if I open chrome yourtv.link still opens up but malwarebytes blocks it and google customs search is still there.
I just had a question , does any of the stuff that I am giving you like all the logs and stuff have any personal matter that could be exploited by other people out there? I know I kind of took the risk when I used cracked software but I am still curious .
Thanks a ton capnkrunch. :)
You do not have the required permissions to view the files attached to this post.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am
Advertisement
Register to Remove

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 8:29 am

Uh, capnkrunch , I would like to save you from any more trouble and me from any more embarrassment , I just found out from my brother that the windows installed is not a legitimate one . I am gonna save most of my important files up in to an external hard disk and am going to format my computer and install a legitimate windows system . Sorry for the trouble I had to make you go through . Thanks for giving me your time and I feel really guilty about it .
Thanks anyways :)
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 3rd, 2016, 8:52 am

On second thoughts could you please just confirm and see if it is actually a non legitimate version or not before closing the topic . I don't actually own this laptop its a family laptop so basically I don't have a lot of idea about this machine , plus my brother isn't really that smart about computers . So please just tell me if it is a original windows software or not . I really have put you though a lot for a stranger . Thanks capnkrunch.
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » September 5th, 2016, 2:51 am

Hello TS1997 :)

Apologies for the delay in getting back to you.

From your logs, the Windows installed on your computer appears to be genuine. I talked with my colleagues and decided that since you have been upfront and honest with me then we can continue if you would like.

However, since you brought up reinstalling Windows I would like to point out that there are a few benefits to this. If there's any doubt that your Windows is not genuine reinstalling and activating a legitimate copy will dispel that. Also, formatting your hard drive and reinstalling Windows is a guaranteed way to clean your system of malware.

Please let me know how you'd like to proceed.

Regards,
capnkrunch
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » September 5th, 2016, 3:00 am

I just had a question , does any of the stuff that I am giving you like all the logs and stuff have any personal matter that could be exploited by other people out there?

So far there has not been. Please rest assured that if there was, for example an email address, we would remove it promptly.
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby TS1997 » September 5th, 2016, 9:04 am

Thanks capnkrunch for assuring me that my windows is a legitimate one . I would like to keep reinstalling the windows as a last option i was just hovering over that choice cause my brother told me the windows was not legitimate , lets proceed capnkrunch as we were before . Thanks for your help :)
TS1997
Regular Member
 
Posts: 15
Joined: August 30th, 2016, 12:03 am

Re: Malware infected HELP browser hijackers and no admin con

Unread postby capnkrunch » September 6th, 2016, 1:04 pm

Helllo TS1997 :)

OK, let's keep going then.

Step one...

FRST Fix
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKLM\...\Policies\Explorer: [HideSCAHealth] 0
    Shortcut: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user1.lnk -> C:\ProgramData\cu\cu.exe ()
    Shortcut: C:\Users\user1\Music\Singh Is Kinng - Shortcut.lnk -> 0x4C0000000114020000000000C0000000000000468100080000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000050614001F4225481E03947BC34DB131E946B44C8DD59E0000001A00EEBBFE23000010000AAB12216AC8FE4FA3680DE96E47012E00002A0000000000EFBE000000200000000000000000000000000000000000000000000000000100000020002A0000001900EFBEA7722A3FFA99DB4DA5A8C604EDF61D6BD12BA63F6DB8214B993102086472C3E620002A0000001300EFBE000000202E37A3569CCED2119F0E006097C686F60400000000000000011000002000510500004B0581191410210520000000002000000000000000000000000000000000000000000100000005010000C50200003153505340E83E1E2BBC6C4782372ACD1A839B221100000014000000000300000002000000110000001300000000130000002F000000ED0100000200000000420000001E000000700072006F007000340032003900340039003600370032003900350000000000B5010000B1010000AD0100003153505305D5CDD59C2E1B10939708002B2CF9AE2100000010000000004B00650079003A0050004900440000001300000004000000A5000000140000000043006F006E0064006900740069006F006E000000420000001E000000700072006F00700034003200390034003900360037003200390035000000000059000000895CF152175AE148BBCD46A3F89C7CC2000000002E37A3569CCED2119F0E006097C686F604000000010000001F000F000000530069006E006700680020004900730020004B0069006E006E00670000000000010000000000000000007500000014000000004B00650079003A0046004D005400490044000000080000004E0000007B00350036004100330033003700320045002D0043004500390043002D0031003100440032002D0039004600300045002D003000300036003000390037004300360038003600460036007D00000000003B0000000A000000004E0061006D0065000000080000001E000000530069006E006700680020004900730020004B0069006E006E006700000000001B0000000A0000000054007900700065000000130000000000000000000000000000000000006900000011000000001F0000002B0000007B00390045003100370035004200380042002D0046003500320041002D0031003100440038002D0042003900410035002D003500300035003000350034003500300033003000330030007D002E00570044005300000000003100000008000000001F0000000F000000530069006E006700680020004900730020004B0069006E006E006700000000000000000097000000315350532E37A3569CCED2119F0E006097C686F63900000002000000001F10000001000000120000007700770077002E00500061006B00480065006100760065006E002E0043006F006D0000003500000004000000001F100000010000000F000000530069006E006700680020004900730020004B0069006E006E006700000000000D000000070000000001000000000000004D000000315350531A4D918370C2BF48B00D1C4E451B01503100000064000000001F0000000F000000530069006E006700680020004900730020004B0069006E006E00670000000000000000002900000031535053E0859FF2F94F6810AB9108002B27B3D90D000000020000000001000000000000002900000031535053920444648B4CD1118B70080036B11A030D000000090000000001000000000000005B00000031535053A66A63283D95D211B5D600C04FD918D0110000000C00000000130000000100000011000000190000000013000000040000301D0000000B000000001F0000000600000053007400610063006B000000000000003100000031535053B1166D44AD8D7048A748402EA43D788C15000000640000000015000000067454F307BE4BF2000000001C000000315350538C209645FA32D2419695AF0CB9E8DCFE000000002D00000031535053901C6949177E1A10A91C08002B2ECDA9110000000F00000000130000002F000000000000004D0000003153505330F125B7EF471A10A5F102608C9EEBAC310000000A000000001F0000000F000000530069006E006700680020004900730020004B0069006E006E006700000000000000000000000000000000001A010000090000A04D0000003153505330F125B7EF471A10A5F102608C9EEBAC310000000A000000001F0000000F000000530069006E006700680020004900730020004B0069006E006E0067000000000000000000C100000031535053A66A63283D95D211B5D600C04FD918D0A50000001E000000001F000000490000003A003A007B00300033003100450034003800320035002D0037004200390034002D0034004400430033002D0042003100330031002D004500390034003600420034003400430038004400440035007D005C004D0075007300690063002E006C006900620072006100720079002D006D0073002600530069006E006700680020004900730020004B0069006E006E00670000000000000000000000000000000000
    Shortcut: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk -> 0x4C0000000114020000000000C0000000000000468100000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000160014001F7840F05F6481501B109F0800AA002F954E0000C3000000090000A0B70000003153505355284C9F799F394BA8D0E1D42DE1D5F3110000000900000000030000000100000011000000120000000003000000020000007900000005000000001F000000330000007B00350031004400370034003500310035002D0031003300340042002D0034003100360038002D0038003400430032002D003400380038003900360038003900430043003200460038007D005C00520065006300790063006C0065002000420069006E0000000000000000000000000000000000
    
    [-HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    [-HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\cu.exe]
    [-HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\cu.exe]
    
    REG: reg delete "HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP" /v "DoNotAskAgain" /f
    REG: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope" /f
    REG: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope" /f
    REG: reg delete "HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope" /f
    REG: reg delete "HKEY_USERS\S-1-5-21-3268202683-2675470380-2750706328-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\ProgramData\cu\cu.exe" /f
    
    C:\ProgramData\cu
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step two...

AdwCleaner - Scan and Clean
  • You should still have AdwCleaner.exe in your Downloads folder. If not please download it [url=http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner]HERE.
  • Close all open programs and windows.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Click on Cleaning.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot a log will open AdwCleaner[Cx].txt. Copy and paste the contents of that logfile in your reply.

Step two...

Reset Chrome
  • Open Chrome and click on the Chrome Menu in the top-right corner.
  • Click Settings and then click Show advanced settings... at the bottom.
  • Under the Reset Settings section click Reset Settings.
  • Click Reset.
  • Once finished restart Chrome.
Note: you will need to reapply any add-ons.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • AdwCleaner[Cx].txt
  • Are you still having issues with Chrome?
  • Do you have problems with Firefox and Internet Explorer?
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Malware infected HELP browser hijackers and no admin con

Unread postby Wingman » September 9th, 2016, 3:00 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware