Problem with "skegnessasc.org/accounts/restorefunction.css"

Hello,
Avast started to pop-up something like that:

http://i.imgur.com/5OonMU2.png

Can anyone help me to get rid of it? :stuck_out_tongue: Thanks!

(logs in attachments)

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-21-196175513-4100718735-836819992-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f HKU\S-1-5-21-196175513-4100718735-836819992-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f&ts=1443259581 SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f&ts=1443259581 SearchScopes: HKU\S-1-5-21-196175513-4100718735-836819992-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f&ts=1443259581 SearchScopes: HKU\S-1-5-21-196175513-4100718735-836819992-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st1000dm003-1er162_z4y8xe3fxxxxz4y8xe3f&ts=1443259581 2015-09-10 12:04 - 2015-09-10 15:28 - 00000000 __SHD C:\Users\Lukasz\AppData\Local\EmieUserList 2015-09-10 12:04 - 2015-09-10 15:28 - 00000000 __SHD C:\Users\Lukasz\AppData\Local\EmieSiteList 2015-09-10 12:04 - 2015-09-10 12:04 - 00000000 __SHD C:\Users\Lukasz\AppData\Local\EmieBrowserModeList Task: {8899CB10-2412-41D7-9660-556DD31FF6FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {89F78E67-7E43-426C-9933-0BA55F9962C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {C1CCCBE4-0034-4FE0-A201-D6230A3A1470} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {CB6CECE3-BC94-4CAC-BB7E-38FA56F4FD28} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {FCDC9F08-2989-45C0-8844-4933105A0ED1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

It seems that the problem with Avast pop-up is gone but now Malwarebytes Anti-Malware shows that:

http://i.imgur.com/kQlv7AS.png

(fixlog in attachments)

Addresses starting with “127.” are used when one program needs to talk to another program running on the same machine using the Internet
Comment: Protocol. 127.0.0.1 is the most commonly used address and is called the “loopback” address.

What the above means is that nothing is leaving your computer but it is talking to itself :slight_smile: I believe it may be related to the following extension… If you did not install it then run the fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Lukasz\AppData\Roaming\Mozilla\Firefox\Profiles\8dwq3fje.default-1443258975003\extensions\arthurj8283@gmail.com EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that