I am so infected.
Seriously though. My computer can barley function. Allerts (like 20 every 10 minutes) and need a walkthrough on what I need to do.
I have avast.
I have malwarebytes.
Thats all I know.
I am so infected.
Seriously though. My computer can barley function. Allerts (like 20 every 10 minutes) and need a walkthrough on what I need to do.
I have avast.
I have malwarebytes.
Thats all I know.
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Logs attached. Thanks for the help!
There should be a major improvement after the FRST fix
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2623904144-363310343-188733726-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-2623904144-363310343-188733726-1000] => http=127.0.0.1:53302;https=127.0.0.1:53302 SearchScopes: HKU\S-1-5-21-2623904144-363310343-188733726-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2014-11-25 22:10 - 2014-11-26 09:56 - 00000000 ____D () C:\Program Files\PC Optimizer Pro 2014-11-25 22:05 - 2014-11-25 22:05 - 00003494 _____ () C:\Windows\System32\Tasks\Open Install 2014-11-25 22:05 - 2014-11-25 22:05 - 00003488 _____ () C:\Windows\System32\Tasks\Open Install Udpater 2014-11-25 22:05 - 2014-11-25 22:05 - 00000000 ____D () C:\Users\User\AppData\Local\Open Install 2014-11-25 22:04 - 2014-12-03 08:52 - 00000000 ____D () C:\ProgramData\NIIMYYbEtF 2014-11-25 21:30 - 2014-11-25 21:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\1H1Q1V1N1N1S1R 2014-11-20 09:00 - 2014-11-20 09:00 - 00000000 _____ () C:\Windows\SysWOW64\sho858B.tmp 2014-11-06 21:31 - 2014-04-19 22:54 - 00000000 ____D () C:\Windows\9155DB04A032491A88B27C19B9E9F945.TMP 2014-11-06 21:29 - 2014-04-19 22:54 - 00000000 ____D () C:\Windows\9B4D16A7393F470C8B9F74AE1EA6C105.TMP 2014-11-06 20:58 - 2014-06-23 12:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 CustomCLSID: HKU\S-1-5-21-2623904144-363310343-188733726-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
In regards to the file being in the same location, would the desktop be a valid location? That’s where I have frst at as it was easier to get to quickly.
It can be anywhere so long as the fixlist and FRST are in the same location.
The thing is, I believe , if you have Multiple fixes, they should be separate. (So, if that is the case, make a folder and name it like FRST - Fixlist and stick Essex Fixlist for you in there with FRST)
Nope desktop is fine, actually the preferred option
Scans attached!
HUGE IMPROVEMENT!
You have IE 8 currently on your system I would recommend that you upgrade to IE 11
http://www.microsoft.com/en-gb/download/internet-explorer-11-for-windows-7-details.aspx
Do you have any further problems ?
Thanks. I will test things out in the next day or so and post back. No issues yet that I know of. I Uninstaller ie and don’t currently use it. I will upgrade it and should have done so by now.
Thanks a lot for everyone’s help. I really appreciate it.
When you are happy let me know and I will tidy up