here’s my scan result
thank you
here’s my scan result
thank you
addition
FSRT
MBR
malwarebytes
Psst, you can attach multiple files to one post
sorry just realized it :))
but thank you for the suggestion
and no need to start a new topic, you already had one >> https://forum.avast.com/index.php?topic=183715.0
my mistake
sorry again
Let me know if this stops the alerts
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-3613536561-359019452-1082273445-1000\...\Run: [{FD978504-E029-46F8-8687-970F5F3E159E}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\WbKjTRQBk').IQzDkwNBKClxBq))); HKU\S-1-5-21-3613536561-359019452-1082273445-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msuvckdb.exe <===== ATTENTION HKU\S-1-5-21-3613536561-359019452-1082273445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [{FD978504-E029-46F8-8687-970F5F3E159E}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\WbKjTRQBk').IQzDkwNBKClxBq))); HKU\S-1-5-21-3613536561-359019452-1082273445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\ProgramData\msuvckdb.exe <===== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10059&barid={B1D8EBB1-F22F-11E2-9B40-E2357B99617C} SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10059&barid={B1D8EBB1-F22F-11E2-9B40-E2357B99617C} FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pkkfbkpk.default-1432923709612\searchplugins\Sweetpacks Search.xml [2015-05-30] FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-06-26] <==== ATTENTION 2009-07-14 06:31 - 2009-07-14 08:14 - 96400384 ___SH () C:\ProgramData\msuvckdb.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
sorry for the late reply
here they are
thank you
Could you possibly zip the C:\FRST folder for me please as I need more samples of this
i can not do that
it keep telling me this
Copy the folder to the desktop and then zip please
done but it sizes 100 mb
Ah it is bigger than normal
Could you upload it ftp://ftp.avast.com/incoming and mark the file as disorder I will let Avast know it is on its way
Sorry for the late reply
I’ll.upload it soon
No problem. Farbar has changed FRST slightly and I can now order it to zip files
can you tell me how to upload it? since there is no upload button there
Click the link for FTP and a windows should open, then drag and drop the zip folder into the window