http://disorderstatus.ru/order.php

Hi Avast,

I need help …

aaa.txt is the malware history log…

Thanks.

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-3043237361-960592186-1168485760-1001\...\Run: [pnwqahtfhe] => wscript.exe //B "C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs" <===== ATTENTION CHR HKU\S-1-5-21-3043237361-960592186-1168485760-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: [S-1-5-21-3043237361-960592186-1168485760-1002] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing S2 UpdaterSvcHulaToo; "C:\Program Files (x86)\HulaToo\updater.exe" [X] AlternateDataStreams: C:\Users\Aris\Local Settings:ma7cCFEHHtZ1hMVecwwWk AlternateDataStreams: C:\Users\Aris\AppData\Local:ma7cCFEHHtZ1hMVecwwWk AlternateDataStreams: C:\Users\Aris\AppData\Local\Application Data:ma7cCFEHHtZ1hMVecwwWk AlternateDataStreams: C:\Users\Aris\AppData\Local\OqvGtG6xlaR6N:8zVxuS1x7Lq2kdfBVCBgow AlternateDataStreams: C:\Users\Aris\AppData\Local\Temp:cdgWvWfPtCcqjhP31ta5EjULPgZ C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs C:\ProgramData\msocgc.exe C:\Program Files (x86)\HulaToo RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

FINALLY

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run