totaladperformance?

Hi I have no idea how I was infected but for a few weeks like 10 times a day but randomly I open a website or click a link in Google Chrome and I get a 2nd tab called totaladperformance.com opening too and then a pop up in the bottom right of my screen and the voice saying a threat has been detected or identified.

Thing is a full system scan from Avast finds nothing. Malwarebytes Premium Threat scan finds nothing.

Avast obviously knows about it cause when the site opens Avast goes haywire but when the site isn’t opening on its own Avast has no idea its on my system and I can’t work out why.

Its not the websites. Same site nothing happens after reloading site and its happened on like 50 sites over the last few weeks.

https://www.radio-rentals.com.au/

Think this site may be what gave it to me but am not sure. They are a legit long running aussie business which makes me unsure if its even possible they are to blame.

I was using a free Dreamspark student copy of windows 8.1 pro and then I installed Windows 8.1 basic retail edition over it so that when I upgraded to windows 10 i’d have my retail copy as the one 10 was an upgrade too. I now have windows 10 and had to uninstall Avast and reinstall since after the upgrade to 10 the firewall wouldn’t turn on. Thing is this issue has persisted through from the pro install of 8.1 all the way to windows 10.

Right now I have a license for Avast Internet Security and it and Malwarebytes installed.

Thanks in advance for any help given.

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

FRST and aswMBR ok to use on windows 10? FRST only says up to 8 so just wanna make sure first.

Afaik FRST should work, you can skip aswMBR if needed.

Umm FRST.txt is too big to post :S

The following error or errors occurred while posting this message:
The message exceeds the maximum allowed length (20000 characters).

In fact omg I pasted it into a website that counts characters and it says FRST is 821151 characters

Please attach all logs, see screenshot…

https://dl.dropboxusercontent.com/u/73555776/attach.JPG

Oh haha ty

There we are.

OK, now you’ve to wait a bit…

You got a laugh out of me and my neighbour for that comment :stuck_out_tongue: hope you can make heads or tails of them. I’m a techy myself but complex stuff like these logs just do my head in.

Hi which browser do they appear in ? Is it FF, IE or Chrome… Or all ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieUserList 2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieSiteList 2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieBrowserModeList C:\Users\peter\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat Task: {0304B80C-EF70-42C5-A42A-2A7144B22244} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION Task: {0DB044E7-51C7-4B39-ACD1-2D3432492056} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd No Task File <==== ATTENTION Task: {629E8AFB-2DE9-47AE-B0AE-286CB7D2EFE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION Task: {7C3F9537-CC9C-46A3-B37F-BEB81F4CBE7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION Task: {CCE2736F-7CF7-4AEE-8659-DD9CD4F13F4D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION Task: {E2DA4350-D8D4-4974-8368-CCA318730E7B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

There we are :slight_smile: mind letting me know what the fixlist did?

I pretty much only use Chrome so not sure about FF or Microsoft Edge. As for IE I don’t think that exists anymore in Windows 10 does it? Edge was meant to replace it. Either way I only use FF or IE when Chrome fails to load a page due to bad website coding :slight_smile:

Yes IE is still in 10 as that is the only browser I use. Edge is still a bit immature :slight_smile:

The fixlist remove the tasks for updating windows 10 … Left behind when you updated, I removed mine as well as I like tidy :slight_smile:

I reset the emsie browser list as malware just loves hiding in there and windows will re-install it if it needs it

AdwCleaner hit the areas I cannot see…

Are the ads still present

No idea :stuck_out_tongue: will let you know once I get some more testing in :slight_smile: things that only happen one in like 20 or so times are hard to work out and fix I find.

Any idea why Avast couldn’t find it? Must admit to being stumped as to hhow antivirus works lol.

Also emsie browser list is what? Google has 0 pages with those 3 words together and no good results without quotes. It asks did I mean MeSH Browser List xD

It is an enterprise mode compatibility thing in IE but it has been hijacked by adware

https://social.technet.microsoft.com/Forums/ie/en-US/9b080135-dd7c-458a-93bb-e62b3fdbdd07/emiesitelist-and-emieuserlist-hidden-directories-and-datfiles?forum=ieitprocurrentver

Cool :slight_smile: well no new popup tabs yet :smiley: think i’m cured. Thanks for all the help.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Nuts :frowning: it was going so well but it started happening again.

OK what browsers is this appearing in ?

Had it pop up again twice before I went to bed on Chrome again.

OK set Chrome to incognito mode and see if they still appear

If they do not then go back to regular mode do they re-appear

1.In the top-right corner of the browser window, click or touch the Chrome menu
2.Select New Incognito Window (computer) or New incognito tab (mobile).
3.A new window will open with the incognito icon