Morning.
Let's try to remove the infections found by Eset first.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.start
CloseProcesses:
C:\Users\bob\Downloads\cbsidlm-cbsi213-Winmail_Opener-SEO-10469892.exe
uInternet Settings,ProxyServer = http=127.0.0.1:34484
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
Folder:
C:\Users\bob\AppData\Roaming\QY
C:\Users\bob\AppData\Roaming\XZQE
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~`
From here I want you to download and scan with Hitman Pro.
After you download and install please boot into safe mode to run the scan.
http://www.bleepingcomputer.com/tuto...-in-safe-mode/
HitmanPro
- Please download HitmanPro.
- Launch the program by double clicking on the
icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
- Click on the next button. You must agree with the terms of EULA.
- Check the box beside "No, I only want to perform a one-time scan to check this computer".
- Click on the next button.
- The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
- When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
- Click on the next button.
- Click on the "Export scan results to XML file".
- Save that file to your desktop and zip and attach it in your next reply.
Check proxy connections after running this fix.
IF the proxy has set itself back, also save these instructions in case the need to be reversed.
You feel comfortable in the registry?
Click Start > type regedit in the search field and press Enter.
Expand the HKEY_CURRENT_USER hive by clicking on the "+" sign next to it. Continue expanding "Software," "Microsoft," "Windows" and "CurrentVersion," then click on the "Internet Settings" subkey or folder.
View the contents of the Internet Settings folder on the right pane. Double-click on the "ProxyEnable" DWORD value to open the "Edit DWORD Value" window. Change "Value data" to "1" and press "OK" to confirm.
Double-click on the "ProxyServer" string value.
Reboot the machine.
Has it gone now?