These days I’ve been warned by ‘Malware blocked’ popup of Avast almost everytime I watch CNN videos.
No problem with youtube videos.
Many times I checked viruses on my computer with Avast, but Avast says there’s no viruses or other type malwares.
Now what can I do?
Please follow the directions for scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware
FRST.txt, Addition.txt, Malwarebytes Anti-Malware log and aswMBR.txt. Thanks.
Here are the texts from the tools. Thanks!
Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start
CreateRestorePoint:
CloseProcesses:
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {57CE3D53-D596-49F6-B36B-8F4039E8E02F}
DPF: HKLM-x32 {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: HKLM-x32 {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
Handler: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - No File
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [No File]
C:\Windows\system32\npKeyPro.dll
FF HKU\S-1-5-21-3728144285-1673678463-4239146881-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi => not found
C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\duke\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\duke\AppData\Local\Temp\FYDSetup.exe
Task: {0CAA55D2-27A7-4692-9900-FEE2D5B7DD21} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1925BCEE-CD08-4F15-A267-451927CC7742} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {34E3F34B-543B-4EB9-B30A-7150670DBC4E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3AB9EE97-F0DD-4CA8-B9C4-E73DB39926E1} - System32\Tasks\{85431136-8127-4802-8E64-EF5072192E04} => pcalua.exe -a "G:\Visual Studio\VS90sp1-KB945140-KOR.exe" -d "G:\Visual Studio"
Task: {63C7B1D1-9E4F-4F3D-A4AD-AFB66B2340EB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {63EFE5AB-00F0-40BB-927A-C0D582497B86} - System32\Tasks\{37D0169C-0286-4418-BDE0-D71910E06CEF} => pcalua.exe -a "C:\Users\duke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KOGGQWY\JavaSetup8u65.exe" -d C:\Users\duke\Desktop
Task: {8E0F4533-D06B-40FB-95DB-63FAFA0723DA} - System32\Tasks\{526200EC-D9F0-49A0-8B98-1E739EAB89F1} => pcalua.exe -a "C:\Users\duke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KOGGQWY\I3GManager.exe" -d C:\Users\duke\Desktop
Task: {940F9E51-BA80-4090-89B8-938B40E2F5F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9FCD2D17-38CE-4B65-8152-03C7D421C9C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B054367C-D7C4-4008-A823-2A8146BA33FB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DC6B5532-F000-4BB4-A379-00E24F012780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E72A0529-8B3F-499A-9054-34B9778CFD74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F2FFF373-9EEF-46AE-9E63-AB16EBB76C70} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3D50AD1-A0E7-496D-9F40-5FBCCB727FA9} - System32\Tasks\{F2A4BCCE-D260-427F-BA61-B0839901CE3E} => pcalua.exe -a "C:\Users\duke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KOGGQWY\I3GManager (1).exe" -d C:\Users\duke\Desktop
Task: {F6911824-5030-4C1B-BBBB-84D6F8A426E0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.
The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.
How is the system running now? Any problem with videos?
Fixlog.txt is attached.
I want to use my computer and check what would happen.
I will let you know the result of your help tomorrow.
Thanks!
You forgot to attach the log file 
Sorry!
I didn’t attach the fixlog.txt.
Here it is now.
The same warning appeared again just before while I’m watching CNN video.
FIRST >>>>
Junkware Removal Tool
Please download JRT from here to your desktop.
Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.
Double click the JRT.exe file to run the application.
The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).
When it is asked, press any key to allow the program to continue / run.
This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.
Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
SECOND >>>>
AdwCleaner by Xplode
Download AdwCleaner from here or from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
[LIST=1]
[*]Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
http://[/]
[*]Click the Scan button and wait for the scan to finish.[/]
[*]After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don’t want to remove.[/]
[*]Click the Clean button.[/]
[*]Everything checked will be deleted.[/]
[]When the program has finished cleaning a report appears.[/]
[]Once done it may ask to reboot (depending on what it found to remove): please allow this
[img=http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg][/]
[*]On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt[/]
Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.
[/img]
Here the log files are…
Thank you. Not much there; let us get a deeper look.
Please download Autologger.zip from here .
Double click the file and extract the file (Autologger.exe) to a folder of your choice (I would suggest you name it AutoLogger for ease of location later).
Double click on Autologger.exe to let it run and follow the prompts.
When finished, it will produce a file named CollectionLog-yyyy.mm.dd.zip [with the date of the logs] in the folder with AutoLogger.exe. Please attach that here.
This morning I execute the boot scan with Avast.
I didn’t find much from the report of the scan.
Anyway I don’t have any warning until now.
I’m going to see a little more and will decide to scan more.
What’s your opinion?
I’ll write again whatever happens.
If you do get a pop-up, please run the Autologger scan. Hopefully you won’t have to but if you do, thanks.
I didn’t have any warning pop-up until now.
I can not guess what was the problem, though.
Many Thanks for help.
This may have been something outside of your system; possibly a bad “hop” direction in the DNS routing. You’re not seeing it anymore because the network administrators corrected the issue.
If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way …
Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings
http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png
[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.
You can delete any log files left on your desktop as these are no longer needed.
==Some Tools to consider to help keep your system safe ==
Consider a program that will check for out-of-date programs on your system
Some programs don’t have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).
Unchecky is a small service that runs in the background to help keep those “extra toolbars” and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.
Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won’t have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.
Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.
You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
I’ll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!