I keep receiving malware/Virus alert on my laptop saying " avast shield has blocked a threat no action required ", i have followed all the instructions and use all the required tool. here are the screen shots
Thanks
Let me know if this stops the alerts
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-2331929575-4195832412-1728464189-1000\...\Run: [ConduitFloatingPlugin_bjninacglmmmbabmlkaegnanopeoiong] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3269511\plugins\TBVerifier.dll",RunConduitFloatingPlugin bjninacglmmmbabmlkaegnanopeoiong GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com/v/2/?guid={FF2B4B5F-222A-41BA-A3BB-CE7019617ED0}&serpv=5 SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q={searchTerms} SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3321897&octid=EB_ORIGINAL_CTID&ISID=M5D182B5E-3F66-4F16-8B57-9016B5A54FCC&SearchSource=58&CUI=&UM=5&UP=SP6FFE4FCD-FFAB-4A34-86A7-A870CF463BED&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q={searchTerms} SearchScopes: HKCU - {384E8513-39C7-47CD-88BA-0444244DE211} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10553 SearchScopes: HKCU - {7C47C845-2212-4E84-A6FA-1669FF2A5C9E} URL = http://search.us.com/serp?guid={FF2B4B5F-222A-41BA-A3BB-CE7019617ED0}&action=default_search&serpv=5&k={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms} SearchScopes: HKCU - {C20B986E-A199-4004-A9B1-D0EBA7A5C4BE} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10553 BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: No Name -> {301EB127-DE7A-9615-2292-3B15FD81D1A9} -> No File BHO-x32: No Name -> {472BC38C-7047-6087-AE10-620AB1B2082A} -> No File BHO-x32: No Name -> {63997FF8-4C18-4439-AFC0-BB611BB228EA} -> No File BHO-x32: No Name -> {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} -> No File BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Extension: General Crawler - C:\Users\Maestro\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-03-17] CHR Extension: (GioSAvue) - C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkfncepemdahanhojofefbfjlmhdaoki [2014-09-16] CHR HKLM-x32\...\Chrome\Extension: [mfjakkbapgpnfehokplepkmfhgjohdoi] - C:\ProgramData\Codec-V\mfjakkbapgpnfehokplepkmfhgjohdoi.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\Maestro\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2013-02-28] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Maestro\AppData\Local\Torch 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Maestro\AppData\Local\Comodo 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Maestro\AppData\Local\Chromatic Browser 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Experiment\AppData\Local\Torch 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Experiment\AppData\Local\Comodo 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Experiment\AppData\Local\Chromatic Browser 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-16 23:03 - 2014-09-16 23:03 - 00000000 ____D () C:\ProgramData\4d09ce8d5400296d Task: {0AD9F518-539E-4AB0-8D81-FD790A1756F9} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {DEE089FD-58E6-47A5-8859-B9FDC798DE91} - System32\Tasks\CodecUpdaterTask{755F3BC0-23EA-4A95-8BEE-6E2B30B8FC82} => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION Task: C:\windows\Tasks\CodecUpdaterTask{755F3BC0-23EA-4A95-8BEE-6E2B30B8FC82}.job => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION C:\Program Files (x86)\YourFileDownloader C:\ProgramData\Premium C:\Users\Maestro\AmazonMP3Downloader.exe C:\Users\Maestro\Uninstall.exe C:\Users\Maestro\AppData\Local\Google\Chrome\User Data\Default\File System\004 EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
thanks for the help
here is the fixlog
After you have run AdwCleaner could you let me know if the alerts have ceased
Here is the AdwCleaner log, the alert seem to have stopped so far
Thanks for everything
Looks to have cleared it, if all is well tomorrow then let me know and I will tidy up