Seems I’m having the same problem much of these other Avast users are having with this danged malware (or whatever it is) infection. With it sending info out to weird websites and Avast blocking them. I did run the MBAM and followed the sticky post, so I have that information ready to go.
It’s slowing down certain processes on my pc. Like when I open up the games file in the start menu it takes forever to load and it has also been crashing my explorer for windows, which is considerably annoying, usually during startup. Startup is also delayed and it seems on my task manager I have a few duplicate things running that I don’t recall seeing duplicated in the past. Explorer.exe is one of them.
I really have little care about the malware issue. Having a pc, things are going to happen, but the crashing of windows explorer is more than annoying. I’m not overly computer literate and having to work around a problem like that is frustrating.
I’m hoping somebody can help.
Logs are attached. Hopefully I got the right ones.
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - URL http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385332817117&tguid=75087-8679-1385332817117-93E8E0363B9EC68783D49ADB72240E54&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=75087&gid=75087-8679-1385332817117-93E8E0363B9EC68783D49ADB72240E54&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385332817117&tguid=75087-8679-1385332817117-93E8E0363B9EC68783D49ADB72240E54&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385332817117&tguid=75087-8679-1385332817117-93E8E0363B9EC68783D49ADB72240E54&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385332817117&tguid=75087-8679-1385332817117-93E8E0363B9EC68783D49ADB72240E54&q={searchTerms}
SearchScopes: HKCU - {098E5CC9-2A98-4E60-90D7-CE4EE5412196} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN37631644822112202&UM=2
SearchScopes: HKCU - {1663F793-043D-4B43-B286-E00EB34638D2} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130939,19669,0,6,7853
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9299646A-F4B3-4102-AA80-4B8A784DCE9A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3316075&CUI=UN34777010169650991&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={BCFDFEFF-5356-4EB5-A37E-DC33ADF9FD87}&mid=ac694e28199747d39841d168d185d58f-eb737c3b7461c6f39681260a1aac88ae0fb09488&lang=en&ds=ft013&pr=sa&d=&v=&pid=safeguard&sg=83&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AE11C5F8-2FF9-4351-BE19-38D0E630864E} URL = http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - No File
2014-10-24 21:23 - 2014-10-29 18:12 - 00000000 ___HD () C:\ProgramData\{06DAC48D-AE8B-486B-8BFC-B56B89D7A883}
2014-10-29 18:11 - 2013-12-24 12:32 - 00000000 ____D () C:\ProgramData\Conduit
2014-10-28 18:06 - 2014-09-10 20:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Task: {43D80CEC-9259-46DF-B2E2-808E7676BED3} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {84AB3F0B-FB93-4E59-A530-018D31B3E74C} - \Dealply No Task File <==== ATTENTION
Task: {DBF62539-6E66-4CDC-9B4B-A7BE9FD31608} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {F4336BF2-7C4D-45B0-85A6-2E7C7A8097E5} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Again, thank you. It’s working nice and quick like it used to. I suppose it’s been slowing down for awhile now and I just never realized it. I’ll be putting these extra cleaners into regular use to help prevent further issues.
At this point, it seems the block notices and slow loads are completely gone. Especially since I’d have a number of them popping up at this point. Windows explorer hasn’t crashed like it’s been prone to do every start and periodically during run and although I do still see a duplicate on one or two processes in the task manager, the other duplicates that were concerning me are gone.
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
I must say it was really neat with your clean-up tool! Everything seems to be running just fine.
This is only to shed some further light, IF it has any bearing on what’s happening to so many people, if not, then it doesn’t matter. Since you fixed my problem, after our last contact, I have noticed that I’m getting auto-redirect on some of my webpages (granted I’m only visiting just one website between yesterday and today, so I don’t know if it’s on all of them or just that particular website). I usually just close the tab or hit the back button. The redirect takes me to a webpage that specifes that my ‘internet explorer’ is out of date and to download the newest version (of course now that I dwell on it, I probably should have also jotted down the website for you too…). Fine I know that it’s an older version, but as far as I know, the internet doesn’t complain about an old version of IE. Anyway, it tried to download a file or program of some sort this time (the 4th or 5th time this auto-redirect happened), here’s what the download file said “dowloadfilesetup_951qv.exe (2.29 mb) from cdn-s5gdatafiles.net”. Of course I didn’t download it, but I hope it helps to shed more light on the virus or worm that seems to be going on. It’s a first for this auto-redirect and auto-attempt to download for me, but I expect to have small annoyances like that when surfing the net in today’s ‘technologically advanced’ world.
Otherwise, I’m still not showing any further problems.
Okay, that was seriously unfair… I just typed the info for the two cases I had, hit post and… maybe I took too much time? But it didn’t post. Well let me try again.
I had two other instances, one for java and one for flashplayer. I still have java, but I disconnected it from IE. I did use it for some site or other I visited, but I haven’t remembered yet which site that was. Java 8 is considerably easier to disconnect from Internet explorer use, which is nice. It’s the 64-bit version.
The second redirect (first was IE) said that java was out of date and suggested I upgrade to “java version 7”. Then before I touched anything, it tried to and asked to close the window. I didn’t save the website address, though I did have it, but the first post didn’t post… so now I don’t have it. I feel like an idiot now! Hah!
I’m still hoping that other one for IE being out of date comes back up. I will keep a log of what other redirects I have and if there are different ones, or different websites, I’ll let you know. Or not, if these are unimportant.
Are you still getting the flash popups ? If so first empty your temporary files
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
So far it was only those three. They weren’t pop-ups as they were redirects. Not even a new tab. Like when you click a link and it says ‘this page has been moved, you will be redirected to the new page in ‘#’ seconds, if you’re not redirected, click here’, except the websites (or website as it only seems to have happened on the one so far) I visit, it doesn’t have any of that. I suppose maybe the carrier of the website had a bug and they’ve since cleaned it out.