Blackfight/Reduled/Reddie etc 3232

Short and sweet: Laptop has been infected for between 2-7 days. Avast shows that every time I access a web browser, something attempts to redirect me to blackfight.info/3232 etc, or it begins with ‘reduled’ or ‘reddie’, all containing ‘3232’ and multiple containing ‘.dll’ at the end of the extension.

This virus attempts to work its way through svchost.exe

I have attempted to isolate the subgroup of svchost.exe to no avail (not competent enough to edit registry keys confidently), and have attempted using Avast, Sophos Virus Removal, Malwarebytes, Adware Cleaner, all to no avail.

I have attached the one successful log from Malwarebytes (didn’t remove the root of the virus, but has identified some infection). I have also attached the FRST log, which has also identified multiple infections.

Thank you in advance to anybody who is willing and able to help me (cough Essexboy), I have seen in multiple other threads that a fix is available for independent computers through the use of a unique code and FRST, but have not attempted to use code designed for other computers.

Just got a new one, instead of blackfight.info, it’s now blackled.info/3232…
http://blackled.info/3232/PragmaEdit_142247031848583.dll

As usual the 3232 is there, and .dll extension

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [] => [X] R2 cidugili; C:\Users\user\AppData\Roaming\B9BA7400-1426704223-81E2-2C2C-4C72B952935C\nsaB3A1.tmp [138240 2015-04-02] () [File not signed] 2015-03-19 02:43 - 2015-04-10 11:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\B9BA7400-1426704223-81E2-2C2C-4C72B952935C C:\Users\user\jagex_cl_oldschool_LIVE.dat C:\Users\user\jagex_cl_runescape_LIVE.dat C:\Users\user\jagex_cl_speccollect_LIVE.dat C:\Users\user\random.dat C:\Users\user\AppData\Roaming\B9BA7400-1426704223-81E2-2C2C-4C72B952935C C:\Users\user\AppData\Local\Temp\86FC8AE9-3BA4-04A9-1365-9CA82E22E88A.exe C:\Users\user\AppData\Local\Temp\89799258-5CCE-F450-309A-009FC7E5786D.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thank you very much, Essexboy. You are the Batman of antivirus.

Ran the fixlist.exe a few times, just because it Farbar went non-responsive a few times. Never the less, a success in removing the virus.

Attached logfiles.

Any further problems ?