system
April 26, 2015, 5:21pm
1
Keep getting the following warning about a blocked action from “C:\Windows\System32\svchost.exe” from accessing “http://blackfight.info/3333/LinkMaker_142264181225646.dll ”
I’ve also run the programs suggested on https://forum.avast.com/index.php?topic=53253.0 and will attach the logs.
Can’t seem to attach the MBR.dat
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-04-16 10:50 - 2015-04-16 10:50 - 00000000 ____D () C:\ProgramData\94cbdf1c000072b2
2015-04-16 10:37 - 2015-04-16 10:38 - 00000000 ____D () C:\Users\Cheyne\AppData\Roaming\{4F74BF37-10A1-4D75-8C85-B50B2618592C}
2015-04-14 16:21 - 2015-04-15 21:22 - 00000000 ____D () C:\ProgramData\{ed4e2f36-4f00-d3f1-ed4e-e2f364f0bcd9}
2015-04-14 16:19 - 2015-04-26 13:59 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-14 16:19 - 2015-04-16 13:29 - 00000000 ____D () C:\Program Files (x86)\Cookie Killer for Facebook
2015-04-14 16:18 - 2015-04-16 11:27 - 00000000 ____D () C:\Program Files (x86)\SaiLePluus
2015-04-14 16:18 - 2015-04-15 21:22 - 00000000 ____D () C:\ProgramData\{af5f5a98-72ef-d25b-af5f-f5a9872e6a61}
2015-04-14 16:18 - 2015-04-14 16:18 - 00000000 ____D () C:\ProgramData\10990512489216433785
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
system
April 26, 2015, 7:50pm
3
Thank you for all the help so far.
# AdwCleaner v4.202 - Logfile created 26/04/2015 at 21:46:55
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Cheyne - ATARI
# Running from : C:\Users\Cheyne\Downloads\adwcleaner_4.202.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\f97c3b9d-82a7-759b-9797-91c6f55662bc
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 sv-SE)
[xx4n8wkh.default\prefs.js] - Line Deleted : user_pref("extensions.eA8Dl78UjXESeSis.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdr6pjC5qHaGpjw7pjs9qHkFpn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[xx4n8wkh.default\prefs.js] - Line Deleted : user_pref("extensions.egSK5jwzJ1FYp4u6.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdr6pjC5qHaGpjw7pjs9qHkFpn\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
*************************
AdwCleaner[R0].txt - [1889 bytes] - [26/04/2015 21:46:02]
AdwCleaner[S0].txt - [1741 bytes] - [26/04/2015 21:46:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1800 bytes] ##########
As it stands at the moment the warning has not come back after these actions have been taken.
But, as always, can’t be sure until some time has passed.
Let me know when you are happy and I will tidy up