Another http://102f.net/al1000.html

Hi,

Hijacker - avast window keeps popping up blocking http://102f.net/al1000.html .
The problem persists across all of my browsers - Firefox, Google Chrome, IE8. I just downloaded Opera yesterday to see if this browser would be un-affacted by this malware - but it is too. The effects of it seem to be worse in Firefox and Chrome.
I need a step by step removal process I have no idea what FRST64 is, do I need to download this or does in come with the free version of Avast ? Not sure where to begin.
Thanks in advance.

Follow the instructions in “Logs to assist in cleaning malware”

Monitoring…

I need a step by step removal process I have no idea what FRST64 is, do I need to download this or does in come with the free version of Avast ?

FRST (Farbar Recovery Scan Tool) second picture from the top https://forum.avast.com/index.php?topic=53253.0

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2015
Scan Time: 3:00:33 AM
Logfile: MalwarebyteslScanHistIog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.24.03
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: WAT

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321560
Time Elapsed: 15 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\privoxy.exe, 2064, Delete-on-Reboot, [8d06c2238802251102731ce9c43f3ac6]

Modules: 1
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\mgwz.dll, Delete-on-Reboot, [8d06c2238802251102731ce9c43f3ac6],

Registry Keys: 7
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, Quarantined, [f69d1fc604868aac134d206b00043dc3],
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [355e3aab94f6072f145689864eb52ed2],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\Binkiland Browser, Quarantined, [f0a3d5107f0bbe788bdac6c538ccbb45],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\InstallCore, Quarantined, [0b88766f9eec0a2c3faf9bfee420748c],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\elggllhppljlljkgfeokjpehmdamkejk, Quarantined, [dfb4cc199eec44f21849b7d4b15359a7],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [fa999d48781253e32f3c1af5fc0736ca],
PUP.Optional.Privoxy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, Quarantined, [8d06c2238802251102731ce9c43f3ac6],

Registry Values: 9
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyE0C0EtDtA0C0Bzz0BtAtN0D0Tzu0StCtCyEyBtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyDzz0A0A0A0EtG0FyCyCtCtGtAtDyCtCtGtCtCyDyEtGtDyE0CtAtBzzyDyEtA0EyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyB0C0FzyzztAtGtC0AyB0AtGyEyEyCtAtG0AyE0C0AtGtD0FyEyB0DtC0AtD0A0ByB0C2Q&cr=1518548297&ir=, Quarantined, [355e3aab94f6072f145689864eb52ed2]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyE0C0EtDtA0C0Bzz0BtAtN0D0Tzu0StCtCyEyBtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyDzz0A0A0A0EtG0FyCyCtCtGtAtDyCtCtGtCtCyDyEtGtDyE0CtAtBzzyDyEtA0EyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyB0C0FzyzztAtGtC0AyB0AtGyEyEyCtAtG0AyE0C0AtGtD0FyEyB0DtC0AtD0A0ByB0C2Q&cr=1518548297&ir=, Quarantined, [850ebd282f5b86b081e9739c6d965ca4]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, Quarantined, [4d4622c3206aed49fc6e35dae91a27d9]
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, Quarantined, [99faae37355594a25119cb44d42fc040]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyE0C0EtDtA0C0Bzz0BtAtN0D0Tzu0StCtCyEyBtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyDzz0A0A0A0EtG0FyCyCtCtGtAtDyCtCtGtCtCyDyEtGtDyE0CtAtBzzyDyEtA0EyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyB0C0FzyzztAtGtC0AyB0AtGyEyEyCtAtG0AyE0C0AtGtD0FyEyB0DtC0AtD0A0ByB0C2Q&cr=1518548297&ir=, Quarantined, [fa999d48781253e32f3c1af5fc0736ca]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_soft_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyE0C0EtDtA0C0Bzz0BtAtN0D0Tzu0StCtCyEyBtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyDzz0A0A0A0EtG0FyCyCtCtGtAtDyCtCtGtCtCyDyEtGtDyE0CtAtBzzyDyEtA0EyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyB0C0FzyzztAtGtC0AyB0AtGyEyEyCtAtG0AyE0C0AtGtD0FyEyB0DtC0AtD0A0ByB0C2Q&cr=1518548297&ir=, Quarantined, [c7cce2033a50999d0467cc43ae5509f7]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Binkiland, Quarantined, [fa993fa6484225113734df30ef14639d]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Binkiland, Quarantined, [bad9588d11798fa7e388020d53b0f40c]
PUM.Bad.Proxy, HKU\S-1-5-21-1757981266-1500820517-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [5b38dc09e8a248eeb1b91b71ac58827e]

Registry Data: 0
(No malicious items detected)

Folders: 198
I have 955 rows related to Binkiland like this:
PUP.Optional.Binkiland.A, C:\Documents and Settings\WAT\Application Data\Binkiland, Quarantined, [514201e41476bb7b11f52fd110f3b44c],
Not going to post the rest of the 954 rows of similar Binkiland info as shown above.

The rest of it is here:

PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\config.txt, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\default.action, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\default.filter, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\gmint.dll, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\gmint64.dll, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\jpchromium.exe, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\jpchromium64.exe, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\mgwz.dll, Delete-on-Reboot, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\privoxy.exe, Delete-on-Reboot, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\privoxy.log, Delete-on-Reboot, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\swff.exe, Quarantined, [8d06c2238802251102731ce9c43f3ac6],
PUP.Optional.Privoxy.A, C:\Program Files\Alfasistem Memory\swie.dll, Quarantined, [8d06c2238802251102731ce9c43f3ac6],

Physical Sectors: 0
(No malicious items detected)

(end)

Thanks for your help in advance!

do not copy and paste logs attach Farbar Recovery Scan Tool logs … two logs
below the box you write in, see Attachments and other options

FRST (Farbar Recovery Scan Tool) second picture from the top https://forum.avast.com/index.php?topic=53253.0

if there is anything you dont understand … ask :wink:

I suppose I must’ve misunderstood step 5 below. It should probably read Attach log, not Post log here.
"
To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here"

Attached is the Addition.txt, will attached the other two shortly.

next up is FRST.txt

and finally … aswMBR.txt :slight_smile: Thanks guys.
vielen Dank im voraus.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.