system
August 9, 2015, 10:23pm
1
Hi, I’v been having some problems posted here in this thread, please read:
https://forum.avast.com/index.php?topic=174718.0
and here are my logs:
from Malwarebytes: scan log, protection log.
FRST log and Addition log,
and I’ll post the aswmbr log in my next post, couldn’t do it here 4 attachments max.
Nothing evident, could you let me know if this changes anything
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Toolbar: HKU\S-1-5-21-3737380363-3276772875-767451433-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
CustomCLSID: HKU\S-1-5-21-3737380363-3276772875-767451433-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3737380363-3276772875-767451433-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ania\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
August 10, 2015, 3:06pm
4
Ok, before I do that…question. How do I know that this fix is ok with my computer, if you’re warning me it might break it…?
This is specifically for your computer and no other
system
August 10, 2015, 3:29pm
6
Ok, thank you.
/ here is the log. I just need to restart.
system
August 12, 2015, 2:39pm
7
Is there anything else I can do…? / still no change with the websites.
Ooops missed your post sorry
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications , usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
system
August 12, 2015, 4:10pm
9
Here is the log, still no change. It was weird though because I was already logged in with the websites, so when I went on Chrome and typed the URL they worked!
but then the second I logged out of the websites and then went back in to log in again… Avast blocked it.
It seems only the front page is being blocked/the log in page.
OK could you confirm that it is just Chrome where this is happening
system
August 12, 2015, 4:38pm
11
Oh, actually not, I tried it on Firefox too and same problem.
Do any other computers that use your router have the same problem ?
system
August 12, 2015, 5:11pm
13
I don’t really have anything else on this wifi router except my ipod touch, I tried going on the websites from there and they work fine. I also have a desktop computer that connects to modem/router… tried going on the websites from my desktop and they work fine too.
OK lets now start using a process of elimination
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
C:\Program Files\mozilla firefox\defaults\pref\itms.js
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
August 12, 2015, 11:36pm
15
Sorry, just have a question, when I open up FRST do I scan and then fix? or just click on fix without scanning?
Pondus
August 13, 2015, 7:34am
16
you open FRST and click fix … FRST will then follow the instructions essexboy has made for you
Is Avast still alerting ?
If so could you attach a screenshot of the popup
system
August 13, 2015, 6:56pm
19
Yes, Avast is still blocking on both websites, this is the pop up I keep getting/ should I re-install Avast maybe…?/is it something in my Avast settings… not sure what’s going on… :-\
Do you get this in IE ?
Could you set Chrome to incognito and see if that stops it