Avast Clickered.com virus

Viruses and worms
1

Every couple of minutes I’ll get spammed with a “avast saved you from a attack” and the website url leads to clickered.com. I tried many things to fix it but I cant seem to fix my problem

edit: I believe I attached the ones you are talking about

2

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

Ok attached the files

4

A bit of a mess there I feel

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Safer-Surf] => C:\Program Files (x86)\ver3Safer-Surf\Safer-Surf.exe HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver5BlockAndSurf\BlockAndSurf.exe HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={2C83F0F3-AEFC-4407-BAAE-14BE09637543}&mid=91c84d060de147d0a2ea3120d31859f1-78d20a46b51668d7fab7fa36abe01facbaef447a&lang=en&ds=is015&pr=sa&d=2012-10-21 17:49:11&v=13.2.0.3&sap=dsp&q={searchTerms} BHO: No Name -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> No File BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File BHO-x32: No Name -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> No File BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - No File Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - No File CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10] S3 X6va011; \??\C:\WINDOWS\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\WINDOWS\SysWOW64\Drivers\X6va012 [X] S3 X6va016; \??\C:\WINDOWS\SysWOW64\Drivers\X6va016 [X] S3 X6va017; \??\C:\WINDOWS\SysWOW64\Drivers\X6va017 [X] 2014-08-02 01:03 - 2014-08-02 01:03 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-08-02 00:09 - 2014-08-02 01:05 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job 2014-08-02 00:09 - 2014-08-02 01:05 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job 2014-08-02 00:09 - 2014-08-02 00:29 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job 2014-08-02 00:09 - 2014-08-02 00:09 - 00575544 _____ (ClickMeIn Limited) C:\Users\Braden\AppData\Local\nsm51CD.tmp 2014-08-02 00:09 - 2014-08-02 00:09 - 00003250 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule 2014-08-02 00:09 - 2014-08-02 00:09 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1 2014-08-02 00:09 - 2014-08-02 00:09 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3 2014-08-02 00:09 - 2014-08-02 00:09 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2 2014-08-02 00:09 - 2014-08-02 00:09 - 00000322 _____ () C:\Users\Braden\AppData\Roaming\aps.uninstall.scan.results 2014-08-01 23:53 - 2014-08-01 23:54 - 00000000 ____D () C:\Users\Braden\AppData\Local\Hyper - Browser 2014-08-01 23:53 - 2014-08-01 23:53 - 00004574 _____ () C:\WINDOWS\System32\Tasks\Hyper - Browser Runner 2014-07-29 18:32 - 2014-07-29 18:32 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin 2014-08-02 13:25 - 2014-03-17 16:24 - 00000000 ____D () C:\ProgramData\RRooyAllSahopperApp 2014-08-02 13:25 - 2014-02-13 17:06 - 00000000 ____D () C:\ProgramData\Deal4me 2014-08-02 13:25 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\DocToaCoNvverter 2014-08-02 13:25 - 2014-01-16 08:04 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-08-02 08:20 - 2014-01-29 17:29 - 00000000 ____D () C:\ProgramData\jobnmhafmnjmfondpmjaibhlcjpipido 2014-08-02 08:15 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\akmlalcohnnfpepipppddncikjdnhang 2014-08-02 08:01 - 2014-01-02 21:30 - 00000000 ____D () C:\Program Files (x86)\pcreginst C:\ProgramData\uninstaller.exe C:\Users\Braden\AppData\Local\Hyper - Browser CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

5

Here is both the files you asked for

6

Since it is the weekend, Essexboy may come on the forum at a different time to review your logs and give you further instructions. Thank you for providing your logs. :slight_smile: Please do not make any changes to your machine now.

7

Looking better, how is the computer behaving