Differentia and disorder

here’s my scan result

thank you

addition

FSRT

MBR

malwarebytes

Psst, you can attach multiple files to one post :wink:

sorry just realized it :))
but thank you for the suggestion

and no need to start a new topic, you already had one >> https://forum.avast.com/index.php?topic=183715.0

my mistake
sorry again :frowning:

Let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-3613536561-359019452-1082273445-1000\...\Run: [{FD978504-E029-46F8-8687-970F5F3E159E}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\WbKjTRQBk').IQzDkwNBKClxBq))); HKU\S-1-5-21-3613536561-359019452-1082273445-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msuvckdb.exe <===== ATTENTION HKU\S-1-5-21-3613536561-359019452-1082273445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [{FD978504-E029-46F8-8687-970F5F3E159E}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\WbKjTRQBk').IQzDkwNBKClxBq))); HKU\S-1-5-21-3613536561-359019452-1082273445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msuvckdb.exe <===== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10059&barid={B1D8EBB1-F22F-11E2-9B40-E2357B99617C} SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10059&barid={B1D8EBB1-F22F-11E2-9B40-E2357B99617C} FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pkkfbkpk.default-1432923709612\searchplugins\Sweetpacks Search.xml [2015-05-30] FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-26] <==== ATTENTION 2009-07-14 06:31 - 2009-07-14 08:14 - 96400384 ___SH () C:\ProgramData\msuvckdb.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

sorry for the late reply
here they are

thank you

Could you possibly zip the C:\FRST folder for me please as I need more samples of this

i can not do that
it keep telling me this

Copy the folder to the desktop and then zip please

done but it sizes 100 mb

Ah it is bigger than normal

Could you upload it ftp://ftp.avast.com/incoming and mark the file as disorder I will let Avast know it is on its way

Sorry for the late reply
I’ll.upload it soon

No problem. Farbar has changed FRST slightly and I can now order it to zip files :slight_smile:

can you tell me how to upload it? since there is no upload button there

Click the link for FTP and a windows should open, then drag and drop the zip folder into the window