I was online browsing, when suddenly my laptop restarted on it’s own and a blue screen with the message dumping physical memory popped up and my laptop restarted. I let avast perform a boot-time scan since I was expecting viruses in my laptop. My laptop was working really slow and stuck many times so I was suspicious that there are viruses in my laptop. While running it, many viruses were detected around 16 but avast could not fix it. I tried every way from moving to chest, repair to delete but nothing could affect the viruses. Please help how can I remove them. I have the scan logs. Screen Shots of the scan log has been attached. Please reply ASAP.
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
this is screenshot after scannig it with antimalware
We need your logs, screenshots won’t help.
the text files generated after scanning with farbar recovery scan tool… check the attachments please.
i scanned one time with the antimalware but forgot to take the text file… At that time there were 1120 viruses detected. Is there any way I could send you those text files because I am running a scan again with antimalware and it is not detecting viruses. Has it been removed by antimalware software at my first time of scan?
Ignore MBAM for now, did you get an aswMBR log…?
WILL be getting it… I am running it now.
OK, take your time.
TEXT file after scanning with aswMBR. Please check the attachment.
Can’t see the attachment, try again.
sent it… did u get it?
aswMBR text file in tha attchment
Yes, it’s up. Now you’ve to wait a bit…
Okay…
Let me know what problems remain on completion
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
AppInit_DLLs: protector.dll => protector.dll File Not Found AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File Not Found HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1385748412&from=slbnew&uid=WDCXWD3200BEVT-22ZCT0_WD-WXJ0A69R0396R0396&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1385748412&from=slbnew&uid=WDCXWD3200BEVT-22ZCT0_WD-WXJ0A69R0396R0396&q={searchTerms} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtByCtBtBtDyEyEtBzyyEyDyBtB0DtN0D0TzutBtDtCtBtDyCtByE&cr=359781729 SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} SearchScopes: HKLM-x32 - {6084DB67-05FC-9B00-39CE-64F73E6DB8F1} URL = http://www.searchqu.com/web?src=ieb&appid=155&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = Toolbar: HKLM - No Name - !{07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File Toolbar: HKLM - No Name - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - !{07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File Toolbar: HKLM-x32 - No Name - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File FF Extension: SaveFrom.net helper - C:\Users\golu\AppData\Roaming\Mozilla\Firefox\Profiles\l6zvccxb.default\Extensions\helper@savefrom.net.xpi [2014-10-10] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml CHR Extension: (No Name) - C:\Users\golu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-06] CHR Extension: (BonanzaDeals) - C:\Users\golu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-12-23] CHR Extension: (No Name) - C:\Users\golu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-12-01] 2014-11-04 10:38 - 2013-12-23 20:21 - 00000000 ____D () C:\Users\golu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2014-11-04 10:38 - 2013-12-23 20:21 - 00000000 ____D () C:\Program Files (x86)\BonanzaDeals 2014-11-04 10:38 - 2013-12-13 23:50 - 00000000 ____D () C:\Program Files (x86)\DefaultTab 2014-11-04 10:38 - 2013-12-03 22:44 - 00000000 ____D () C:\Users\PRIYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly 2014-11-04 10:38 - 2013-12-03 22:44 - 00000000 ____D () C:\Program Files (x86)\DealPly 2014-11-04 10:38 - 2013-12-01 18:26 - 00000000 ____D () C:\Users\golu\AppData\Roaming\DMCache 2014-11-04 09:44 - 2013-12-03 22:44 - 00000290 _____ () C:\Windows\Tasks\Dealply.job C:\ProgramData\win_mpwd_sys.dat Task: {1C6537E6-5779-43C0-A4C2-2F57959D4BB0} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {4216FC49-2E39-4676-8E68-ED1BBB440E84} - \Dealply No Task File <==== ATTENTION Task: {89FBBA5E-73AA-4935-BC47-22E7D7921D03} - System32\Tasks\DSite => C:\Users\PRIYA\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {A1215117-45B8-49D6-942E-E91F4AC8040E} - \EPUpdater No Task File <==== ATTENTION Task: {C3B79262-21DF-4EEE-B015-2BD18A460077} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-08-06] (Search Results, LLC) <==== ATTENTION Task: {C719AE97-21FC-470D-8051-4B15BAF89F17} - \BonanzaDealsUpdate No Task File <==== ATTENTION Task: C:\Windows\Tasks\Dealply.job => C:\Users\PRIYA\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\PRIYA\AppData\Roaming\DSite C:\Program Files (x86)\YourFileDownloader EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.