Hi. There’s an unknown adware ruining all my browsers. it is not in the extension tab, it’s not detected by Avast! or by any of the 4 other adware removers I tried. It is killing me…
I cannot download Malewarebytes Anti-Malware either because every time I click the link I get what you see in this image below and it won’t go away. I’ve had this before and I removed it easily with the conventional methods but now I’m out of ideas
follow instructions and attach requested logs. https://forum.avast.com/index.php?topic=53253.0
Try downloading Adwcleaner and using that. It should help. 
How does one attach logs?
Try downloading Adwcleaner and using that. It should help.
That was one of the adware removers I tried. Didn’t help
How does one attach logs?below the box you write in .... [b]Attachments and other options[/b]
Here.
and the rest? …from the link in my first post. Malwarebytes / Farbar / aswMBR
it seems you have changed default log name…as the one attached above is from Malwarebytes
did you not take any action on the detected items… the log does not say
Selecting all PUPs. http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
Here they are. I’m not sure if aswMBR represents a full scan but the quick scan seems to have gotten stuck at one file for around 10 minutes.
Let me know if this cures it. Are you only seeing this in the rainbow browser
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-07-15 19:44 - 2014-04-23 20:51 - 00000000 ____D () C:\Program Files (x86)\saovE! naet C:\ProgramData\.bf45c81f8dc8abfeecf09.dat C:\ProgramData\hash.dat Task: {6182F672-CFC8-466A-8935-011AC0B0E714} - \AmiUpdXp No Task File <==== ATTENTION CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
Here.
Is it in the rainbow browser only ?
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
My computer is still the same… also windows updates installing during restart are failing to be configured, they have been like that for approximately a week
EDIT: I fixed the windows update problem, it configured properly now. But I still have the adware problem
EDIT2: I think I might have found the adware. A friend of mine told me to check the taskmanager for suspicious-sounding processes and one of them was isis.exe, ending that task stopped the ads and a quick google search affirms that it is indeed an adware. I’m surprised all these anti-malware programs couldn’t detect it.
That is a new one … Lets kill the rest of it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
R1 isis; C:\Windows\System32\drivers\isis.sys [52016 2014-07-14] (Windows (R) Win 7 DDK provider) 2014-07-14 23:35 - 2014-07-14 23:35 - 00000000 ____D () C:\Program Files (x86)\Isis 2014-07-14 18:41 - 2014-07-14 18:41 - 00052016 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that