Possible hidden malware on my computer, please help.

Hi, I’v been having some problems posted here in this thread, please read:

https://forum.avast.com/index.php?topic=174718.0

and here are my logs:

from Malwarebytes: scan log, protection log.
FRST log and Addition log,
and I’ll post the aswmbr log in my next post, couldn’t do it here 4 attachments max.

aswMBR log below.

Nothing evident, could you let me know if this changes anything

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File Toolbar: HKU\S-1-5-21-3737380363-3276772875-767451433-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File CustomCLSID: HKU\S-1-5-21-3737380363-3276772875-767451433-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3737380363-3276772875-767451433-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Ok, before I do that…question. How do I know that this fix is ok with my computer, if you’re warning me it might break it…? :confused:

This is specifically for your computer and no other :slight_smile:

Ok, thank you.
/ here is the log. I just need to restart.

Is there anything else I can do…? / still no change with the websites.

Ooops missed your post sorry

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Here is the log, still no change. It was weird though because I was already logged in with the websites, so when I went on Chrome and typed the URL they worked!
but then the second I logged out of the websites and then went back in to log in again… Avast blocked it.
It seems only the front page is being blocked/the log in page.

OK could you confirm that it is just Chrome where this is happening

Oh, actually not, I tried it on Firefox too and same problem.

Do any other computers that use your router have the same problem ?

I don’t really have anything else on this wifi router except my ipod touch, I tried going on the websites from there and they work fine. I also have a desktop computer that connects to modem/router… tried going on the websites from my desktop and they work fine too.

OK lets now start using a process of elimination :slight_smile:

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: C:\Program Files\mozilla firefox\defaults\pref\itms.js Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Sorry, just have a question, when I open up FRST do I scan and then fix? or just click on fix without scanning?

you open FRST and click fix … FRST will then follow the instructions essexboy has made for you

Ok, here is the fixlog.

Is Avast still alerting ?

If so could you attach a screenshot of the popup

Yes, Avast is still blocking on both websites, this is the pop up I keep getting/ should I re-install Avast maybe…?/is it something in my Avast settings… not sure what’s going on… :-\

Do you get this in IE ?

Could you set Chrome to incognito and see if that stops it