Suspected malware. Need PC cure help with HijackThis log

[lukeairig]

Welcome !
Thank you for joining the section of VIRUSNET association support.

---

BEFORE ASKING HELP, READ CAREFULLY THIS INSTRUCTION:

---

Step 1: Are you in the right place?

• Do you need assistance in PC cure from viruses?
• Or would you like to report a bug or propose a feature for HiJackThis?

If yes, see the next step.

Step 2: Show us required logs (for PC cure):

• Read carefully: How to make a request for help in the PC cure section

• Attach 'Collection-[Date].zip' log created by AutoLogger

• Describe your problem in details:

1. What did you done before the problem occurs:
   On 20181031, had a spyware attack (see attached file spyware_attack_2018.10.31.pdf) and have since had intermittent problems accessing the internet with Chrome and Firefox, 'DNS server not found' for all websites I try to access. Other PC's on my home network are able to access the internet with no problems. On 2018.11.01 my DSL broadband provider spent 2 hours debugging my network connectivity and found no broadband issues on their end.

2. What programs (browsers) affected by the problem:
   Chrome and Firefox

CollectionLog-2018.11.02-17.28.zip
spyware_attack_20181031.pdf

3. Steps to reproduce:
   Try to access any website with Chrome or Firefox and occasionally, intermittently DNS server is not found.

[dragokas]

Hi,
thank you for the log.
We'll return to you as soon as possible.

---

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

[Sandor-Helper]

Hello,
Do you know something about this folder?

C:#JP3\Firefox_session_tab_bkups\

Please do not do anything with folder or files in it. Just answer the question.

[lukeairig]

C:#JP3 is my personal data directory. Anything within it is my personal data.

C:#JP3\Firefox_session_tab_bkups\ is a directory I created to back up my Firefox session settings.

It is used to recover file:
C:\Users\JP3\AppData\Roaming\Mozilla\Firefox\Profiles\6526ks24.default\sessionstore.jsonlz4

Scripts run_firefox_bkup_restore_session_tabs.bat and firefox_bkup_restore_session_tabs.bat are triggered to run:
'on workstation unlock' (every time I login), via Control Panel, Windows Task Scheduler.

The triggered scripts create back up files in C:#JP3\Firefox_session_tab_bkups\file_bkups
and run-time log files in C:#JP3\Firefox_session_tab_bkups\bkup_logs

Steps to recover Firefox session files are summarized in:
C:#JP3\Firefox_session_tab_bkups#how_to_restore_recover_firefox.txt

[Sandor-Helper]

Close all running programs, temporarily unload antivirus and other protecting software.

Run a script in AVZ (File - Run script):

begin
 DeleteSchedulerTask('{651A0F11-3248-41D7-91FF-09E27FB02443}');
 DeleteSchedulerTask('{BF9D8003-5530-4EBE-AB20-97D9D1415F5A}');
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RebootWindows(false);
end.

Computer will reboot.

For secondary diagnostics please run AutoLogger again.
Attach new CollectionLog to your post.

[lukeairig]

Script run and completed successfully.
CollectionLog-2018.11.05-06.27.zip

[Sandor-Helper]

1. accessing the internet with Chrome and Firefox

Please try Internet Explorer and clarify - is same problem appears in IE?

[lukeairig]

Problem is intermittent. I will try IE the next time the problem occurs.

[lukeairig]

Same problem occurred with IE at 3:00am, my local time this morning.

[Sandor-Helper]

Please describe your Internet connection. Do you connected through the router? If yes, how many devices connected?

[lukeairig]

No devices connected to router.
Problem PC connected wirelessly to router.
Router is connected to adsl modem.
adsl modem connected to landline phone/DSL jack

[Sandor-Helper]

Do a hard reset of the router, set it up by provider's instructions and set a strong password to enter the router's settings.
If this doesn't help, do the same with the modem.

[lukeairig]

Modem and router both turned off, then back on.
Router has strong password.
Still same connection problem...

[Sandor-Helper]

Modem and router both turned off, then back on

It's not enough. Both of them should be reset to a factory defaults and then set up by provider's rules.

[dragokas]

Closed.
Reason: no answer for 10 days.
If you still need our help, please, execute tha last steps, requested by helper.
Also, download again AutoLogger, prepare new CollectionLog and write what problems remained.