system
1
hxxp://getusaaall.info/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyF
This is the info of the virus/malware
Please help me it pops up every 5-10 mins and it’s really annoying. I think it showed up first when i clicked on a download button in mp3juices.com
Pondus
2
follow instructions and attach requested logs https://forum.avast.com/index.php?topic=53253.0
Malwarebytes / Farbar / aswMBR
system
4
i am scanning atm. what u mean monitoring?
Monitoring means that hes following the topic and waiting for the logs to review.
system
8
Problem still exists even if i tried some anti-malware programs, every 10 mins there is a notification from avast!..
Please wait for a reply from Magna, this is nasty malware. 
system
10
Sure no problem, I’ll be watching the world cup final anyway 
Im from Germany, so i will watch it too i think.
Hi Andronik v2,
I will need addition.txt report as well.
Pondus
15
there is fotball on TV, or he may be in bed… be patient 
system
16
Is there any case that system restore will solve the problem?
Hi Andronik v2,
Since my work here is volunteer (I’m not paid) and I offer you my free help, you are impatient.
I guess are that it is not easier for you to carry off your computer to service and paid for man to clean your system if they know how or simply they tell that you need to install a fresh Windows …etc.
I have my private obligations too … 
Anyway …tell me will this fix your problem:
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
Folder: C:\WINDOWS\SysWOW64\X86
Reboot:
C:\temp
C:\Users\gawarrior\AppData\Local\Temp
C:\Program Files (x86)\TweakBit\PCSpeedUp
C:\Users\gawarrior\AppData\Local\DM
C:\Program Files (x86)\Expat Shield
C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\yii.r1@oyatq-.org
C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi
CMD: del c:\windows\prefetch\*.* /f /s /q
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset
CMD: netsh winsock reset catalog
Hosts:
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\Run: [Tiny download manager] => "C:\Users\gawarrior\AppData\Local\DM\TinyDM.exe" /M
HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: {a32ac181-e55e-11e1-9e19-2c27d7db2cfc} - G:\AutoRun.exe
HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: {d49fe9e7-a5d0-11e1-bae4-806e6f6e6963} - E:\autorun.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Extension: suaave nEt - C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\yii.r1@oyatq-.org [2014-05-07]
FF Extension: Gamers Unite! Snag Bar - C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-02-22]
Task: {BA53E58A-7C90-493D-9A0F-A6FF1874FD7C} - \Your File Updater No Task File <==== ATTENTION
Task: {BB032D46-5CBF-4EE8-BA31-4B3ACBF4FEF9} - System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp оn logon => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe
AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:5F91AB27
AlternateDataStreams: C:\ProgramData\Temp:9812B773
U3 a52ekdqf; No ImagePath
U3 aevsopf2; No ImagePath
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type Explorer.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
system
18
Sorry for not replying fast, but I think I fixed the problem. All I had to do is system restore and problem is fixed. I get no more notifications from avast! and I’m really happy ;D. Thanks for the help anyway. Have a nice day!
Thanks for reporting back. In that case all our fix and tools should be gone but the preformed fixes as well.