hxxp://api.aceadsys.net/lastCodesGeneric.js?

Hi All,

Everytime i start chrome, I get a pop up from avast warning me there is some sort of infection. Attached is my logs. Appreciate the help given in advance.

Thanks

Hi :slight_smile:

Can you please attach the screenshot of this pop-up?

there you go.


http://i1230.photobucket.com/albums/ee493/sellwatch/Capture_zps35c70376.png

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]The program will begin to update the database (if internet connection is operational). Please wait a little bit.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

scan logs attached.

Got this new thread detected screenshot.


http://i1230.photobucket.com/albums/ee493/sellwatch/Capture_zps7640174d.png

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
services-list;
startupall;

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don’t forget to re-enable your switched-off protection software!

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

done. Logs attached.

Tell me if this cease the alerts

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:


bitsadmin /reset /allusers>>%temp%\log.txt;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don’t forget to re-enable your switched-off protection software!

ok done. Here is the log file. Did a reboot and start chrome.

ok the popups still keep coming.

This must be something new. I’d like to take some deeper scans.

https://sites.google.com/site/cannedfixes/gmer/gmericon.png
Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that’s absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

[*]Right-click on randomly named
https://sites.google.com/site/cannedfixes/gmer/gmericon.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]It is very important that you do not use your computer while Gmer is running!
[*]Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
[*]If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

[*]Please check in the Quick scan box.
[*]Please uncheck the IAT/EAT and Show All.
[*]Click Scan.
[*]If you see a rootkit warning window click OK.
[*]When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don’t forget to re-enable previously switched-off protection software!

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you encounter any problems, try running GMER in Safe Mode.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

this app pops up a dialog once i open it.


http://i1230.photobucket.com/albums/ee493/sellwatch/Capture_zps396327b4.png

then it say the file has stopped working.

OK, let’s try something another.

https://sites.google.com/site/cannedfixes/roguekiller/RogueKiller.png
Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/roguekiller/RogueKiller.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Wait patiently until the pre-scan will be done. It shouldn’t take more than 2-3 minutes.
[*]Accept the Terms of use.
[*]When the Scan button becomes available, please click it. RogueKiller will start a full scan.
[*]Let this process run uninterrupted!.
[*]When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

managed to run GMER on safe mode. Attached log.

i will proceed to try roguekiller.

roguekiller log attached.

I am not able to see the culprit.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:


createsrpoint;
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk;f
autoclean;
emptyfolderscheck;delete
emptyclsid;
chrdefaults;
ffdefaults;

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don’t forget to re-enable your switched-off protection software!

thanks for the help so far.

logs attached.

Still nothing in particular. Are you still experiencing the pop-ups?

yes still popping up… this is weird.

seem like everything i click on chrome will show this at the bottom corner.


http://i1230.photobucket.com/albums/ee493/sellwatch/Capture_zps94c5452a.png

Hi and sorry for the delay, I had some family commitments.

This is very weird. Provide me fresh reports, I will consult this one with my colleagues.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

apologies for the late reply. Logs attached.