For the last three days Avast has been blocking this pop-up and it’s driving me nuts. Can anyone do anything about this?
I’ve attached the Farbar and MBAM logs.
You appear to have an old TDL and Zero Access infection
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File C:\ProgramData\p6N6d7.dat Task: {2A144196-4FAE-4004-B8E9-E81365BBD501} - \996767648 No Task File <==== ATTENTION Task: {E141CE2A-221D-4AEA-BBBC-525615F39E65} - \1243830632 No Task File <==== ATTENTION DeleteJunctionsIndirectory: C:\Windows\system64 TDL4: custom:26000022 <===== ATTENTION! CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Here’s the fixlog attached. It’s saying I need to restart. Do I do that before running combofix?
Yes restart please
Okay, I’ve attached the combo-file. The start up was slower than normal and the browser had to be set to default again.
Edit: The warning came back while I was online.
Do I need to repeat the steps again?
Which sites do the popups appear on ?
It comes and goes, mostly on Tv Tropes and Wikia websites that I frequent the most.
OK I am now verging towards a false positive on an ad procurement site. I will forward to Avast for further analysis
Okay, but should I remove the scanning tools then and wait for results or an update?
Hold the tools for a moment, I will remove them safely when we are done. I am still researching at the moment