blackled/info, reddie net and eluded/info warnings

Hello
I have been trying to clean my nephews laptop from spyware, trojans etc. After boot scans of avast, malwarebytes and spybot from desktop it found many problems… pc optimiser, shopper pro, fake chrome browsers…and on and on. Every cleaner now reports it is clean but when a network connection is established I get avast pop ups warning of blackled, blackfight, eluded and a couple of others.

Trawling this forum for possible solutions it seems this problem is more complicated than I had first thought and no regular scanning will fix it. I have followed the advice given to others with a similar problem and included the 3 scan logs that are usually needed for the gurus to have a look at. I hope this isn’t jumping the gun.

If anybody can help me I would be most grateful, I’m stumped.

ETA oh and reddie.net as well.

CD

Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\RunOnce: [Takelemis] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Connor\AppData\Local\6AFC54~1\Gabanof.dat" 2015-04-24 12:41 - 2015-04-24 19:55 - 00003174 _____ () C:\Windows\System32\Tasks\{709627D2-CA06-4002-BE77-8774AC68D587} 2015-04-23 09:06 - 2015-04-23 09:06 - 00000000 ____D () C:\ProgramData\5b756c3d0000547b 2015-04-23 09:06 - 2015-04-23 09:06 - 00000000 ____D () C:\ProgramData\2dcded2000000727 2015-04-23 07:47 - 2015-04-23 11:38 - 00000000 ____D () C:\ProgramData\{5a703664-10e6-e17a-5a70-0366410ed990} 2015-04-22 12:43 - 2015-04-22 12:43 - 00000000 ___HD () C:\Users\Connor\AppData\Local\6afc548716c3c6a8 2015-04-19 20:59 - 2015-04-23 16:09 - 00000000 ____D () C:\ProgramData\{a2ef717a-3f9f-b525-a2ef-f717a3f9c5e8} 2015-04-01 19:16 - 2015-04-01 19:16 - 00274045 _____ () C:\Users\Connor\AppData\Local\dsi1.dat 2015-04-01 19:16 - 2015-04-01 19:16 - 00161916 _____ () C:\Users\Connor\AppData\Local\dsi2.dat 2015-03-30 23:25 - 2015-03-30 23:25 - 00000000 ____D () C:\Users\Connor\AppData\Local\speed browser 2015-03-29 17:55 - 2015-03-29 17:55 - 00000000 ____D () C:\ProgramData\{4795AF56-1717-7ED0-A691-0E527613DDDC} 2015-03-29 17:44 - 2015-04-24 10:53 - 00003174 _____ () C:\Windows\System32\Tasks\Run_Browser 2015-03-29 17:40 - 2015-03-29 17:40 - 00000000 _____ () C:\Users\Connor\Downloads\microsoft publisher.exe.0gkxh2g.partial Task: {1E3D2874-C5C6-4449-8A70-D6E42CC66470} - \avast! Emergency Update No Task File <==== ATTENTION Task: {4333BA90-C9E8-4E55-9C7B-ADC55E742687} - System32\Tasks\Run_Browser => C:\Users\Connor\AppData\Local\UnicoBrowser\Application\unicobrowser.exe <==== ATTENTION Task: {457C2A1A-EC52-46BB-AD49-8AFAA8F6C7E8} - \NetEngine No Task File <==== ATTENTION Task: {576947E9-5D6D-4B3F-A275-A710D3051A60} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {6D890144-A0E1-414C-9C45-81A07F49DA32} - \gtaUpt No Task File <==== ATTENTION Task: {70266331-51E5-4A5D-8F25-3FBA64180C85} - \YMJULZV No Task File <==== ATTENTION Task: {8DEBAB08-858A-4007-99CD-725F89A2C94B} - \82b2b799-a02e-485b-bea1-9001eb5fd038-10_user No Task File <==== ATTENTION Task: {B0E21C5F-4549-4F63-8B1F-40DB56D6EF8B} - \WebBarUpdateTask No Task File <==== ATTENTION Task: {B43BACD2-BE0F-4402-83FF-E66341675FC7} - \WebBarLaunchTask No Task File <==== ATTENTION Task: {B55511AF-9749-4CF5-8DBF-D312DD9686F6} - \82b2b799-a02e-485b-bea1-9001eb5fd038-5 No Task File <==== ATTENTION Task: {D15F9BDA-F160-4924-99F1-59E3215661CD} - \Optimizer Pro Schedule No Task File <==== ATTENTION Task: {EC5407CA-DC46-4CC3-B5C0-6D05A75E3ADF} - \LaunchSignup No Task File <==== ATTENTION C:\Users\Connor\AppData\Local\6AFC54~1 C:\Users\Connor\AppData\Local\UnicoBrowser Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Thank you for your speedy reply and help. So far so good :slight_smile: no warnings :slight_smile:
I am running the Adwcleaner at the moment and will post the log for that but here is the log for FRST64.

You are a star!!

And here is the log for Adwcleaner.
Thank you :slight_smile: :slight_smile: :slight_smile:

So far so good.

i am having literally the same exact problem. it seems quite a few people are looking at the forum board. no fix for me yet :/a

kalanhenson could you start your own topic please

claydust any further problems ?

Everything’s great, thank you for your time and expertise. You have saved a young lads saved course work going down the digital drain.

:slight_smile: :slight_smile: :slight_smile: :slight_smile:

:slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: