Help in cleaning malware needed

[REDACTED]

I followed all the steps in "logs to assist in cleaning malware". I attached these logs with this post. What should i do next?
Edit: I kept getting the popup for JS:Agent-EDB [Trj] before i did all the steps.

[Asyn]

What should i do next?

Now you've to wait for one of the malware experts...

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

HKU\S-1-5-21-1089142947-2339947531-804550469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.domaincentar.com
FF Homepage: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com
FF NewTab: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com


• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

FRST is telling me that the fixlist.txt should be in the same folder/directory the tool is created. So should i move the fixlist.txt file to the Logs folder?

[Pondus]

FRST.exe and fixlist must be at the sampe place when run, if not FRST will not find it

if you have FRST.exe on your desktop (recomended) then you place fixlist on desktop
if FRST.exe is in your download folder then fixlist must be in your download folder

[REDACTED]

Thanks for clearing that up Pondus. The fixlog.txt is attached now.

[Pondus]

Sass Drake will check it when he is back online ...

[Sass Drake]

What is the system status now?

[REDACTED]

By that u mean is it working fine? It still keeps going to domaincentar.com or usa.bravo but it got blocked.

[Sass Drake]

Can you make screenshot of that? Does redirection to those sites happens everywhere or only on certain websites?

[REDACTED]

The redirections happen with firefox only, first when i open it and when i push the home button.The first screenshot is when firefox is first started. Home button redirects to the one shown in screenshot2. The chrome and edge open normally and their home button doesn't redirect somewhere.

[REDACTED]

And now the popup started appearing again. Screenshot attached.

[Sass Drake]

Please post, new FRST. txt and Addition.txt logs.

[REDACTED]

Here they are.

[Sass Drake]

Here we go again.

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Startup.lnk [2017-07-07]
ShortcutTarget: Windows Startup.lnk -> C:\Windows\Windows_startup.bat ()
Tcpip\..\Interfaces\{d10abc88-f10c-49ed-a057-175822b0e656}: [DhcpNameServer] 85.253.0.130 85.253.0.2
HKU\S-1-5-21-1089142947-2339947531-804550469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.domaincentar.com
FF Homepage: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com
FF NewTab: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.