system
1
Every couple of minutes I’ll get spammed with a “avast saved you from a attack” and the website url leads to clickered.com. I tried many things to fix it but I cant seem to fix my problem
edit: I believe I attached the ones you are talking about
Asyn
2
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
A bit of a mess there I feel
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Safer-Surf] => C:\Program Files (x86)\ver3Safer-Surf\Safer-Surf.exe
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver5BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={2C83F0F3-AEFC-4407-BAAE-14BE09637543}&mid=91c84d060de147d0a2ea3120d31859f1-78d20a46b51668d7fab7fa36abe01facbaef447a&lang=en&ds=is015&pr=sa&d=2012-10-21 17:49:11&v=13.2.0.3&sap=dsp&q={searchTerms}
BHO: No Name -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> No File
BHO: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: No Name -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> No File
BHO-x32: No Name -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No File
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - No File
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
S3 X6va011; \??\C:\WINDOWS\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\WINDOWS\SysWOW64\Drivers\X6va012 [X]
S3 X6va016; \??\C:\WINDOWS\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\WINDOWS\SysWOW64\Drivers\X6va017 [X]
2014-08-02 01:03 - 2014-08-02 01:03 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-08-02 00:09 - 2014-08-02 01:05 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-08-02 00:09 - 2014-08-02 01:05 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-08-02 00:09 - 2014-08-02 00:29 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-08-02 00:09 - 2014-08-02 00:09 - 00575544 _____ (ClickMeIn Limited) C:\Users\Braden\AppData\Local\nsm51CD.tmp
2014-08-02 00:09 - 2014-08-02 00:09 - 00003250 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2014-08-02 00:09 - 2014-08-02 00:09 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-08-02 00:09 - 2014-08-02 00:09 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-08-02 00:09 - 2014-08-02 00:09 - 00002808 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-08-02 00:09 - 2014-08-02 00:09 - 00000322 _____ () C:\Users\Braden\AppData\Roaming\aps.uninstall.scan.results
2014-08-01 23:53 - 2014-08-01 23:54 - 00000000 ____D () C:\Users\Braden\AppData\Local\Hyper - Browser
2014-08-01 23:53 - 2014-08-01 23:53 - 00004574 _____ () C:\WINDOWS\System32\Tasks\Hyper - Browser Runner
2014-07-29 18:32 - 2014-07-29 18:32 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-08-02 13:25 - 2014-03-17 16:24 - 00000000 ____D () C:\ProgramData\RRooyAllSahopperApp
2014-08-02 13:25 - 2014-02-13 17:06 - 00000000 ____D () C:\ProgramData\Deal4me
2014-08-02 13:25 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\DocToaCoNvverter
2014-08-02 13:25 - 2014-01-16 08:04 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-08-02 08:20 - 2014-01-29 17:29 - 00000000 ____D () C:\ProgramData\jobnmhafmnjmfondpmjaibhlcjpipido
2014-08-02 08:15 - 2014-01-30 17:37 - 00000000 ____D () C:\ProgramData\akmlalcohnnfpepipppddncikjdnhang
2014-08-02 08:01 - 2014-01-02 21:30 - 00000000 ____D () C:\Program Files (x86)\pcreginst
C:\ProgramData\uninstaller.exe
C:\Users\Braden\AppData\Local\Hyper - Browser
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
system
5
Here is both the files you asked for
system
6
Since it is the weekend, Essexboy may come on the forum at a different time to review your logs and give you further instructions. Thank you for providing your logs.
Please do not make any changes to your machine now.
Looking better, how is the computer behaving