I have used different registry cleaners but that problem still persists. I used Farbar recovery scan tool and i also add FRST and fixlist.txt file in the same folder, then i fix it with the Farbar recovery scan tool and restarted the laptop but that didn’t work either. I m really stuck now plz help me.
Follow the instructions in “Logs to assist in cleaning malware”.
Sorry , i didn’t get u?
Logs to assist in cleaning malware https://forum.avast.com/index.php?topic=53253.0
when requested logs are attached we can start help
below the box you write in see Attachments and other options
here are the attachments
have you run a fix found online?
logs to attach:
Malwarebytes scan log
Farbrar Recovery Scan Tool diagnostic logs frst.txt and additional.txt
Could you re-run FRST from an administrators account please
As u said from the administrater account FRST file attached. One more thing i don’t getting that pop up while using administrative account.
OK that narrows it down a bit… Are the alerts coming from Firefox ?
If they are then check for an extension called adbeaver or something similar
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: C:\ProgramData\MakeMarkerFile.exe C:\ProgramData\msfvjgrj.exe C:\Users\EasySurvey\EasySurvey.exe 2015-06-28 20:41 - 2015-06-28 20:41 - 00000000 _____ C:\Users\home\AppData\Local\{25B78B8B-6BD7-4133-B495-ECF9AE8A756F} CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - No Path Or update_url value Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-2700142147-97012374-720385256-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File ShellExecuteHooks: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] GroupPolicyUsers\S-1-5-21-2700142147-97012374-720385256-1002\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
yup done! now
Was that extension in firefox ?
I don’t know the name exactly something like raultaub and one more. Plz tell what should i do next.
Are you still getting the alerts ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-2700142147-97012374-720385256-1002\...\Run: [widrbqpzod] => wscript.exe //B "C:\Users\home\AppData\Local\Temp\widrbqpzod..vbs" <===== ATTENTION C:\Users\EasySurvey RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
No, I am not getting it now because i have told u i don’t get it when i logged in from administrator account. SO i have to run the adwcleaner on admininstrative account
Run both FRST fix and AdwCleaner from the affected account
Done but now i am getting an error Unknown Hard Drive Error explorer.exe attached logs here
Done but now i am getting the error unknown hard drive error explorer.exe
Could you screenshot the error please