I need some help with Malware, also! Please help!

My Farbar log(s) attached. (Hope I did that right.) Any help greatly appreciated!

Let me analyze the logs first. In the meantime, please, delineate the issue(s) you are facing.

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: SPYWAREfighter (Enabled - Up to date) {11BFB622-B506-BBFD-BBD5-E74259B04899} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
Uninstall SPYWAREfighter. Enable either avast! or Windows Defender.

[*]Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[*]Open Notepad.exe. Do not use any other text editor software;
[*]Copy and Paste the contents inside the code-box to your Notepad

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {087ECDE0-2678-4713-83CE-C7CFDC1AC1E5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {087ECDE0-2678-4713-83CE-C7CFDC1AC1E5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> DefaultScope {D2F9C81E-95C9-4711-B2BC-A61C844E3817} URL = 
SearchScopes: HKU\S-1-5-21-3365975631-2316306639-3436556479-1001 -> {087ECDE0-2678-4713-83CE-C7CFDC1AC1E5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
C:\Program Files (x86)\AVG\
2015-05-25 19:49 - 2015-05-25 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
2015-05-25 19:48 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\RapidMediaConverter
2015-05-25 19:48 - 2015-05-25 19:48 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\RapidMediaConverter
2015-05-25 19:45 - 2015-05-25 19:45 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\BreakingNewsAlert
2015-05-25 19:44 - 2015-05-25 20:14 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 3.93
2015-05-25 19:44 - 2015-05-25 19:44 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Roaming\Optimizer Pro
2015-05-25 19:41 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV25.05
2015-05-25 19:40 - 2015-05-25 19:59 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\avabvcxvyx
2015-05-25 19:40 - 2015-05-25 19:41 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\SearchProtect
2015-05-25 19:40 - 2015-05-25 19:40 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-05-25 19:28 - 2015-05-25 20:00 - 00000000 ____D C:\ProgramData\kUDSPkiudU
2015-05-25 19:28 - 2015-05-25 19:59 - 00000000 ____D C:\ProgramData\BreakingNewsAlert
2015-05-25 19:30 - 2015-05-25 19:30 - 00000000 ____D C:\Program Files (x86)\predm
2015-05-25 19:28 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\PepperZip
2015-05-25 19:27 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-05-25 19:27 - 2015-05-25 19:27 - 00000000 __SHD C:\Users\Glen's 2010 PC\AppData\Roaming\AnyProtectEx
2015-05-25 19:26 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner
2015-05-25 19:26 - 2015-05-25 19:27 - 00000000 ____D C:\Users\Glen's 2010 PC\Documents\ProPCCleaner
2015-05-25 19:25 - 2015-05-25 19:25 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Roaming\Pro PC Cleaner
2015-05-25 19:22 - 2015-05-25 19:22 - 00000000 ____D C:\Users\Glen's 2010 PC\Documents\Optimizer Pro
2015-05-25 19:25 - 2015-05-25 20:14 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-05-25 19:25 - 2015-05-25 19:27 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\Ninja Loader
2015-05-25 19:22 - 2015-05-25 19:59 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\gmsd_us_619
2015-05-25 19:22 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files (x86)\gmsd_us_619
2015-05-25 19:22 - 2015-05-25 19:22 - 00000000 ____D C:\Users\Glen's 2010 PC\Documents\Optimizer Pro
2015-05-25 19:19 - 2015-05-25 19:19 - 00000000 ____D C:\Users\Glen's 2010 PC\AppData\Local\Crossbrowse
2015-05-25 19:18 - 2015-05-25 19:18 - 00000000 ____D C:\ProgramData\InstallSightSDK
2015-05-25 19:17 - 2015-05-25 19:59 - 00000000 ____D C:\Program Files\WebBar
2015-05-25 19:17 - 2015-05-25 19:17 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
C:\Users\Glen's 2010 PC\AppData\Local\Temp\00e2txxs.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\19a3kgcn.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\3pxuvmkb.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\5wayfxwj.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\aexa5x6o.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\bchgdflk.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\bhahrgc2.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\fiec5nhn.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\hkj1mfd3.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer15x32au_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_1.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_2.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer17x32au_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_flashplayer17x32au_gtbd_chrd_dn_aaa_aih_1.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe
C:\Users\Glen's 2010 PC\AppData\Local\Temp\iv7sxqe4.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\knvmb67c.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\rjb8vuul.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\xj5j2bqs.dll
C:\Users\Glen's 2010 PC\AppData\Local\Temp\yak5ktkd.dll
2015-05-25 19:07 - 2015-05-25 19:07 - 00000000 ____D C:\ProgramData\Kromtech
End

[*]Click on File > Save as…
[list][*]Inside the File Name box type fixlist.txt
[*]From the Save as type drop down list, choose All Files
[*]Save the file to your Desktop;
[*]Re-run FRST.exe and click Fix;
[*]Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.[]After the completion, a log will be produced;
[
]Attach the log in your next reply.[/list]


[*]Step #2 Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[
]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[]A log will be opened automatically after the restart;
[
]Attach the log in your reply.[/list]


[*]Required Log(s):
[]FRST Fix Log
[
]AdwCleaner Log

Regards,
Valinorum

“In the meantime, please, delineate the issue(s) you are facing.” I’ve been getting the Avast pop-ups with the audible “Threat Detected” warnings, with various sites listed. (opticguardzip.net, anythicago.com, alwaysisobar.com)

AdwCleaner Log attached.

I think I’m having trouble getting a “Fix” log. When I click on “Fix” , it tells me “No Fixlist.txt found.” Also, “the Fixlist.txt should be in the same folder/directory the tool is located.” Not sure what I’m doing wrong. Everything is saved to my desktop.

Oh yes, and I’ve Uninstalled SPYWAREfighter, Enabled avast! and disabled Windows Defender.

Your FRST.exe is located in C:\Users\Glen’s 2010 PC\Downloads. Copy it to your Desktop and the fixlist.txt too. Then click on ‘Fix’.

FRST.exe and fixlist.txt are both on my desktop, but I keep getting “No Fixlist.txt found.” “the Fixlist.txt should be in the same folder/directory the tool is located.”

Did I miss a step?

Make a new folder and put both of them inside that folder. Try to run the fix afterwards.

Okay, still same problem - still won’t “fix” , even though files are in their own folder. Attached are new scan results. Where to go from here? Sorry to be a pain…

If FRST.exe and fixlist.txt are in the same folder it will work.
Make sure you have not named it fixlist.txt.txt or something.

All files (“FRST64”, “fixlist” and “Addition”) are now in my Downloads folder. Double-clicked on FRST64, Clicked “Fix” and I get: “Warning: Looks you don’t know what to do. To prevent damage to the system the tool will exit.”

Saving me from myself! :slight_smile:

Try it with the attached fixlist.

Tried with attached fixlist and got same result. Tried with the file on Desktop and in Downloads folder.

Do I need to start over?

Pulling my hair out! (And my head is shaved.)

Hi,

Let’s try something different.

[*]Step #3 Run Zoek
Temporary disable your security software i.e. anti-virus, anti-malware. Peruse this if you are unsure. Download Zoek.exe by smeenk from one of the following locations listed below –
Download Link #1
Download Link #2
[*]Right-click and choose Run as administrator to run the program.
[list][*]Note: The program may not appear instantaneously. Await few minutes for the program to start if that happens
[*]Copy and Paste the following content inside the code box into Zoek’s box –
[/list]

autoclean;
standardsearch;
iedefaults;
CHRdefaults;
FFdefaults;
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare;fp
C:\Program Files (x86)\RapidMediaConverter;fp
C:\Users\Glen's 2010 PC\AppData\Local\RapidMediaConverter;fp
C:\Users\Glen's 2010 PC\AppData\Local\BreakingNewsAlert;fp
C:\Program Files (x86)\Optimizer Pro 3.93;fp
C:\Users\Glen's 2010 PC\AppData\Roaming\Optimizer Pro;fp
C:\Program Files (x86)\CinemaPlus-3.2cV25.05;fp
C:\Users\Glen's 2010 PC\AppData\Local\avabvcxvyx;fp
C:\Users\Glen's 2010 PC\AppData\Local\SearchProtect;fp
C:\Program Files (x86)\SearchProtect;fp
C:\Program Files (x86)\predm;fp
C:\ProgramData\kUDSPkiudU;fp
C:\ProgramData\BreakingNewsAlert;fp
C:\Program Files (x86)\PepperZip;fp
C:\Program Files (x86)\AnyProtectEx;fp
C:\Users\Glen's 2010 PC\AppData\Roaming\AnyProtectEx;fp
C:\Program Files (x86)\Pro PC Cleaner;fp
C:\Users\Glen's 2010 PC\Documents\ProPCCleaner;fp
C:\Program Files (x86)\Ninja Loader;fp
C:\Users\Glen's 2010 PC\AppData\Local\Ninja Loader;fp
C:\Users\Glen's 2010 PC\AppData\Roaming\Pro PC Cleaner;fp
C:\Users\Glen's 2010 PC\AppData\Local\gmsd_us_619;fp
C:\Program Files (x86)\gmsd_us_619;fp
C:\Users\Glen's 2010 PC\Documents\Optimizer Pro;fp
C:\Users\Glen's 2010 PC\AppData\Local\Crossbrowse;fp
C:\Program Files\WebBar;fp
C:\Program Files (x86)\Crossbrowse;fp
C:\ProgramData\Kromtech;fp
C:\Users\Glen's 2010 PC\AppData\Local\EmieBrowserModeList;fp
C:\Users\Glen's 2010 PC\AppData\Local\EmieUserList;fp
C:\Users\Glen's 2010 PC\AppData\Local\EmieSiteList;fp
ipconfig /flushdns;b
ipconfig /release;b
ipconfig /renew;b
netsh winsock reset catalog;b
bitsadmin /reset /allusers;b

[*]Close all open Windows including your web-browser.
[*]Click on Run Script.
[*]Your system may reboot and a log file will open which is also located in your systemdrive.
[*]Copy and Paste the contents of the log in your next reply.

You should not make shortcut of the file and the fixlist like you did here:

2015-06-18 00:34 - 2015-06-18 00:32 - 00060877 _____ C:\Users\Glen's 2010 PC\Desktop\fixlist - Copy.txt 2015-06-18 00:34 - 2015-06-18 00:26 - 00001563 _____ C:\Users\Glen's 2010 PC\Desktop\FRST64(5) - Shortcut - Copy.lnk 2015-06-18 00:23 - 2015-06-18 00:49 - 00001243 _____ C:\Users\Glen's 2010 PC\Desktop\FRST64(5) - Shortcut.lnk
You were to copy the FRST.exe and put it into your Desktop. You were to download/make the Fixlist.txt and saved it to your Desktop without renaming such as [b]fixlist - Copy.txt[/b].

An example would be the following scenario:
You have the following files in the Desktop like:

C:\Users\Glen's 2010 PC\Desktop\fixlist.txt C:\Users\Glen's 2010 PC\Desktop\FRST64.exe

You run FRST64.exe as an administrator and click on ‘Fix’. The fix should work then.

Regards,
Valinorum

deleted

deleted

deleted

deleted

deleted