offersbycontext...

ugh, I don’t know how I got it but how do I get rid of it??? >:( help please??? :cry:

https://forum.avast.com/index.php?topic=53253.0

Hello, post the requested logs and I will give you my help to remove this thing.

I’m Sorry but which logs? The ones mentioned in the prior post? If possible can you break it down so I do not post the wrong stuff? thanks

Read and follow the instructions in that post.

Okay, I downloaded malwarebytes and its the newer version and I cannot find where to set to quarantine as it just says remove, also when I look in the history all it has is protection logs…

Did you actually read the instructions ?
We need the log files of MBam, Farbar and aswmbr.
Run the tools and ATTACH the log files to your next post.

Yes I read the instructions;

Scan Logs record detections from manual scans, including threats detected and the actions taken against them… then told you how to save…

However, I hope I did this correctly…thanks for any help!

Hello,

You may uninstall Spybot - Search & Destroy as this is outdated security software it can’t stand in front of the new generetion of the malware.

You also have a lots of addons of your browsers. I think they all legit, still, consider to fix the browsing issue by removing unnecessary extensions from Firefox and Chrome browsers.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
CreateRestorePoint:
File: C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CloseProcesses:
FF DefaultSearchEngine: Search and Earn Points!
FF DefaultSearchEngine.US: Search and Earn Points!
FF Homepage: hxxp://www.mypoints.com/
FF SearchPlugin: C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\maq4fih3.default\searchplugins\search-and-earn-points.xml [2014-11-03]
FF SearchPlugin: C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\xqs5rfgu.Christine\searchplugins\search-and-earn-points.xml [2013-08-04]
U3 aswMBR; \??\C:\Users\CHRIST~1\AppData\Local\Temp\aswMBR.sys [X]

Hosts:
C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\maq4fih3.default\searchplugins\search-and-earn-points.xml
C:\Users\christine\AppData\Roaming\Mozilla\Firefox\Profiles\xqs5rfgu.Christine\searchplugins\search-and-earn-points.xml
C:\Program Files (x86)\GUT29B1.tmp
C:\ProgramData\DP45977C.lfl
C:\Users\christine\pluginreg.dat
C:\Users\christine\prefs.js
C:\Users\christine\user.js

RemoveProxy:
Task: {6FAF7F73-13F8-4EFD-9779-41A3D10CB006} - System32\Tasks\Security Defrag => C:\Users\christine\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D8999815

EmptyTemp:
End



2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Okay here is the fixlog…

Ok, let’s run some additional scan and check to make shure there is no malware or adware afoot.

Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*] Click on More Options and check box only for AutoClean
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Using cracked/illegal software isn’t a good idea too. (AutoKMS)

I ran it and here is the file… I have a question though, does the fact that I have two hard drives make a difference? I have windows on my c: drive and I have an e: drive for saving most things as I do a lot of research and such…

No it does not.

This looks fine now. Tell me the computer behavior?

It was still doing it but I took off a couple add-ons now and so far so good… Thanks for the help! If I see it happening again I will let you know! Thanks again

Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go …
As I told you, you have a lot of adds for both browsers. All these may be removed and left browsers clean. Reseting to defaults should help as well.

We’re gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I’ll give you a few tips for reading.

The following will implement some post-cleanup procedures:


To uninstall and remove AdwCleaner:

[*]Double click on adwcleaner.exe to run the tool;
[*]Click on Uninstall and Confirm with Yes


http://www.mcshield.net/pg/images/arrow.png
It is necessary to uninstall ComboFix :

[*]Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.

[*]In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*]then click OK (or press Enter ).

Wait for the uninstall process is complete. This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.


http://www.mcshield.net/pg/images/arrow.png
Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.


Learn how to protect yourself:

=> In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.

It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows

It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader

=> I recommend that you use one of the fantastic opportunities provided by
http://www.mcshield.net/pg/images/avast5.png
avast! AntiVirus.

For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes’ Anti-Malware and perform ‘Threat Scan’ from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.

Extra text for reading:

Please visit and review PC Safety and Security - What Do I Need? for some helpful information.

Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.

You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.

The specific type of infection:

Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.

More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ ;
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

Stay safe.

Best Regards,
magna86