hxxp://getusaaall.info/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyF

This is the info of the virus/malware

Please help me it pops up every 5-10 mins and it’s really annoying. I think it showed up first when i clicked on a download button in mp3juices.com

follow instructions and attach requested logs https://forum.avast.com/index.php?topic=53253.0
Malwarebytes / Farbar / aswMBR

Monitoring …

i am scanning atm. what u mean monitoring?

Here!

Monitoring means that hes following the topic and waiting for the logs to review.

Ok. I posted them!

Problem still exists even if i tried some anti-malware programs, every 10 mins there is a notification from avast!..

Please wait for a reply from Magna, this is nasty malware. :frowning:

Sure no problem, I’ll be watching the world cup final anyway :stuck_out_tongue:

Im from Germany, so i will watch it too i think.

Hi Andronik v2,

I will need addition.txt report as well.

Here

Any updates magna?

there is fotball on TV, or he may be in bed… be patient :wink:

Is there any case that system restore will solve the problem?

Hi Andronik v2,

Since my work here is volunteer (I’m not paid) and I offer you my free help, you are impatient.

I guess are that it is not easier for you to carry off your computer to service and paid for man to clean your system if they know how or simply they tell that you need to install a fresh Windows …etc. :slight_smile: I have my private obligations too … :wink:

Anyway …tell me will this fix your problem:

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start Folder: C:\WINDOWS\SysWOW64\X86 Reboot: C:\temp C:\Users\gawarrior\AppData\Local\Temp C:\Program Files (x86)\TweakBit\PCSpeedUp C:\Users\gawarrior\AppData\Local\DM C:\Program Files (x86)\Expat Shield C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\yii.r1@oyatq-.org C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi CMD: del c:\windows\prefetch\*.* /f /s /q CMD: ipconfig /flushdns CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ip reset CMD: netsh winsock reset catalog Hosts: HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\Run: [Tiny download manager] => "C:\Users\gawarrior\AppData\Local\DM\TinyDM.exe" /M HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: F - F:\Autorun.exe HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: {a32ac181-e55e-11e1-9e19-2c27d7db2cfc} - G:\AutoRun.exe HKU\S-1-5-21-1755359369-1674648862-2772247521-1000\...\MountPoints2: {d49fe9e7-a5d0-11e1-bae4-806e6f6e6963} - E:\autorun.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF Extension: suaave nEt - C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\yii.r1@oyatq-.org [2014-05-07] FF Extension: Gamers Unite! Snag Bar - C:\Users\gawarrior\AppData\Roaming\Mozilla\Firefox\Profiles\dtd0rfea.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-02-22] Task: {BA53E58A-7C90-493D-9A0F-A6FF1874FD7C} - \Your File Updater No Task File <==== ATTENTION Task: {BB032D46-5CBF-4EE8-BA31-4B3ACBF4FEF9} - System32\Tasks\TweakBit\PCSpeedUp\Start PCSpeedUp оn logon => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5 AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:5F91AB27 AlternateDataStreams: C:\ProgramData\Temp:9812B773 U3 a52ekdqf; No ImagePath U3 aevsopf2; No ImagePath End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Type Explorer.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

Sorry for not replying fast, but I think I fixed the problem. All I had to do is system restore and problem is fixed. I get no more notifications from avast! and I’m really happy ;D. Thanks for the help anyway. Have a nice day!

Thanks for reporting back. In that case all our fix and tools should be gone but the preformed fixes as well.