Avast threats detected and multiplying

Hi there
Can you please help me to clean these up? Avast keeps finding these and they seem to be multiplying!

hxxp://groupstyleusa.info/sync2/?rmbs=1&q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

‘hxxp://terminalukusaa.us/sync2’

hxxp://jobfirstnet.in/sync2/?q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

hxxp://installsunny.us/sync2/?q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

hxxp://onlinediir.com/sync2/?q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

hxxp://getitjpi.info/sync2/?q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

hxxp://fasten-tech.com/sync2/?q=hfZ9ofV9CShEAen0rHk7tMqLDe49CNU0eUwMCMlNhd9Fqda6rjwFrHa5rTkMBzqUojw9rdYFrHa8rHC8rih7hfs0pihPBMn0qTk5pdaGqjg9qHw4rHsHpjrHqGhHC7n0rjg5qjg9pdYFrTkErjYFqja9rjwMWy4ZBek0nemSBy0TA7lGtMZPhd96qTYHqdUGqTw6rjU5pdg6rdCEtM0HAen0qTaHtMVKC6n0rjUMgNr0rn%3D%3D

I have no idea what you need from me to sort this out. Please advise

Thank you
Elaine Alberts

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

So I go and follow the instructions on the link you sent me? Then send back to you? Right?

Yes, please do so.

Scans as requested.

Good job, now you’ve to wait a bit…

Thanks! Will do

Hi again
Thought I would open Google Chrome and see if I get the same Threats Detected by Avast! there as well, as I had Firefox open while doing the other scans I sent you. Yep! They are there and more of them than in Firefox. With the help from the tech dept, will it clean both sites?
I feel dumb asking these questions, but I really need to get my laptop clean. I took it to the pc repair shop and they loaded 360 free anti virus and removed Avast! which I had running for years. They said they removed the viruses, but, I did a scan with 360 when I got home and found a Generic Trojan virus on my laptop! I removed 360 and reloaded Avast! Laptop is slow now and still popping out URL:MAL like crazy. Needless to say I will not return to them!
Regards
Elaine

Elaine, please don’t change anything until told to do so.

Sorry! Should have mentioned that the changes I mentioned were done almost a month ago. I have had this ongoing problem since then. Have not altered or changed anything in anyway, since sending info to you.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Task: {1ED58E2C-1D4B-41EA-A8C8-0F32550F9332} - \{FC7F9404-2F62-427B-AB59-74CDC279A439} No Task File <==== ATTENTION
Task: {CC828C41-2CA1-48DE-BAB6-8FD34786556B} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (priacechop) - C:\Users\Elaine Alberts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnilgggdgbgeicmaoipjiplglfjgjonl\3.9 
C:\Users\Elaine Alberts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnilgggdgbgeicmaoipjiplglfjgjonl\3.9 
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe



2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version..
.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

.

Scan with Combofix:

[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.

[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.

[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )

What am I doing wrong!!?? Do I have to open a new folder and put FRST and the script you sent me in the same folder on the desktop? It does not want to work if they are just sitting on my desktop as notepads?

is FRST.exe saved on your desktop?
if so, you save fixlist.txt on your desktop also
when you run FRST and click fix … it should find the fix and execute the comands written in it

if FRST.exe is saved inside a folder, then fixlist.txt must be saved in same folder

Is this it? Doing the rest now

that seems to be correct :wink:

It tells me Combofix is not meant to run in compatibility mode and exists the program??

Well I tried repeatedly but it won’t run in ‘Compatibility Mode’!? At lest I can also send you the Adw Cleaner log

And I have switched off Avast! antivirus protection so I am not protected at the moment :frowning:

OK! Just checked Combo Fix site. I have Windows 8, 64-bit. What now?

Enable Avast.

How is the situation now?