My computer has been showing Avast pop ups of threats detected. Per avast recommendation as boot time scan was ran where multiple corrupted files were listed as well as several malware threats which some I deleted some i trayed. After this, the Avast pop ups continued so per your site instructions I downloaded MBAM and ran the scan. After the reboot as I was trying to save the scan log, i realized MBAM started showing consistent pop ups of malicious websites being blocked, all different domains. I tried to do this post on that computer but was unable to get it to download. I am using a different computer to do this post. Here is the MBAM scan log.
I was hoping someone would get back to me with advice on how to proceed. After running all programs in the guide, my MBAM is still giving constant pop ups of malicious website blocked. Would you have any suggestions for me to fix this?
I’ll try to get you some attention.
It seems you have Windows Defender, avast and MalwareBytes running in real time.
Disable Windows Defender and disable MalwareBytes from running in real time.
I’m not one of the listed malware removal helpers here, but I do know a thing or two
To me it seems the following things should be fixed:
() C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\I_.C_.Runner.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r\Chrome-bin\chrome.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1686073291-3421323503-1193288299-1001\...\Run: [Power2GoExpress8] => NA
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2014-09-23 21:21 - 2014-09-23 21:23 - 00000000 ____D () C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r
2014-09-23 21:21 - 2014-09-23 21:21 - 00004628 _____ () C:\Windows\System32\Tasks\I_.C_.Runnner
2014-09-23 20:49 - 2014-09-23 20:49 - 00000000 ____D () C:\Users\ketch_000\Documents\Optimizer Pro
Hi amiwish,
We’re sorry to keep you waiting, we’re currently pretty busy …
Eddy has been find the source of the problem. This should take care of this plus to target & fix some other things. After execution of this FixList tell me how is the computer behavior. Also, afterwords, you should reset Google Chrome back to there defaults settings.
https://support.google.com/chrome/answer/3296214?hl=en
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
Folder: C:\ProgramData\BlueStacksSetup
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {28B7835B-245D-40C9-8BB3-01A61D57DA9F} - System32\Tasks\Microsoft\Windows\Maintenance\I_.C_.Updater => %LOCALAPPDATA%\I .d .l .e C .r .a .w .l .e .r\I_.C_.Runner.exe
Task: {77FF8F68-814C-4E87-9E11-BB073E816C02} - System32\Tasks\I_.C_.Runnner => %LOCALAPPDATA%\I .d .l .e C .r .a .w .l .e .r\I_.C_.Runner.exe
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Hosts:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
EmptyTemp:
C:\Users\ketch_000\AppData\Local\I .d .l .e C .r .a .w .l .e .r
C:\Program Files\Common Files\mcafee
C:\Users\Default\AppData\Local\Google
C:\Users\Default User\AppData\Local\Google
C:\Users\ketch_000\Documents\Optimizer Pro
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.