I am getting bombarded with “threat has been detected” pop ups as soon as I boot up. about one every 3-5 seconds I’ve been on for just over 3 minutes and have 54 already.
Ive tried scanning with a few different malware programs but still happening. any ideas?

this indicate infection… you may attach a screenshot of a popup warning so that we can see what avast see

follow instructions here and attach Malwarebytes and OTL logs https://forum.avast.com/index.php?topic=53253.0

I am running dual monitors and don’t know how to do a screenshot - Print screen keeps printing the wrong monitor

This is one of the pop ups but the object is different on every one …

Infection blocked

URLhxxp://retraddorotrl.com/task/4001/InfectionURL:Mal
I will post the Malwarebyte log in a few.
thanks!

OTL and extras attached along with Malwarebyte scan

awsMBR attached

Hello,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt ) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt ). Please attach it to your reply.

.

Please download GMER, the AntiRootKit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click [ Scan ] button and wait until the full scan is complete;
[*]Click [ Save … ] button - save the report to the Desktop (named ARK );

Please attach here Gmer’s (ARK.txt) logreports.

Attached

Hi hollandstudios, where is the gmer’s ARK report?

I have identified the malware and his loading points.
Once again we shall use FRST for additional checks so I can write the fix for you. Re-run FRST/FRST64 by double-clicking:

[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

I apologize. I broke the rules and ran windows updates. This machine is used for recording and I had updates shut off. I thought it might help.
Do I need to start over from the beginning or proceed where we left off?

No, there is no need. Feel free to continue with above instruction for rpcss.dll.

FRST64 search attached…
The ark scan hung for about 45 minutes on one file and did not complete. I attached the log

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start VerifySignature: C:\Windows\system32\UAD2DriverClient.dll VerifySignature: C:\Users\Audio\AppData\Roaming\dalaorl.dll VerifySignature: C:\Users\Audio\AppData\Roaming\gnmvqhn.dll File: C:\Windows\system32\UAD2DriverClient.dll File: C:\Users\Audio\AppData\Roaming\dalaorl.dll File: C:\Users\Audio\AppData\Roaming\gnmvqhn.dll. HOSTS: Task: {BCA580CE-AB72-4E54-A948-EB8D6AA87948} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe Task: {FE5C10B7-0068-4E48-88A9-AF608D93C630} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurylink.net/ SearchScopes: HKLM-x32 - DefaultScope value is missing. Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File REBOOT: Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll C:\Program Files (x86)\Optimum PC Boost C:\Windows\System32\Tasks\Optimum_Daily C:\Windows\System32\Tasks\Optimum_LogOn C:\Users\Audio\AppData\Roaming\OptimumPcBoost C:\Windows\system32\fjvbz.tfm C:\Users\Audio\AppData\Local\Temp\*.dll C:\Users\Audio\AppData\Local\Temp\*.exe End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Wow! I think it worked, the computer rebooted and no pop ups
fixlog attached

Cool. Now please post me the fresh FRST.txt logfile by re-running the tool and pressing the Scan button.

Here ya go… Thank you VERY much for your help

Hi,

Posted log is clean. Has alert disappear now?

Alerts are all gone. Thank you!!!

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Keep safe