I am using Windows 7 Home Premium and when I turned on my computer today, I was receiving malware error messages whenever I opened an email message (in Outlook) or attempted to access the Internet using Internet Explorer (version 11.0.9600.17239) or using Firefox. I disabled the Web shield in Avast! and am now able to access the Internet.
However, I’m not sure why I can’t use the Web shield and still access the Internet. [Note: I have removed Spybot S&D and Spyware Terminator, but the problem persists].
You have a proxy set to go to a blacklisted site, hence webshield will block the connection
After this run try the net again with webshield enabled
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
ProxyServer: http=xenon.afo.net:8080
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyD0FyEyB0FtDyCyByCyDtN0D0Tzu0SzztDtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0D0EyE0F0CtGtBtAyEzztGtAtDtCyDtG0FyDyE0CtGyBtA0CyD0BtAtAtB0DtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0AyEyE0EtD0AtGzyyDzz0DtGyCyC0C0BtGtC0F0CyDtGyDyEzztA0B0B0E0F0E0D0F0C2Q&cr=1895947718&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyD0FyEyB0FtDyCyByCyDtN0D0Tzu0SzztDtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0D0EyE0F0CtGtBtAyEzztGtAtDtCyDtG0FyDyE0CtGyBtA0CyD0BtAtAtB0DtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0AyEyE0EtD0AtGzyyDzz0DtGyCyC0C0BtGtC0F0CyDtGyDyEzztA0B0B0E0F0E0D0F0C2Q&cr=1895947718&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyD0FyEyB0FtDyCyByCyDtN0D0Tzu0SzztDtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0D0EyE0F0CtGtBtAyEzztGtAtDtCyDtG0FyDyE0CtGyBtA0CyD0BtAtAtB0DtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0AyEyE0EtD0AtGzyyDzz0DtGyCyC0C0BtGtC0F0CyDtGyDyEzztA0B0B0E0F0E0D0F0C2Q&cr=1895947718&ir=
SearchScopes: HKCU - {39859210-EEBD-4DB6-9B2D-64B1D1ABFDB0} URL =
SearchScopes: HKCU - {3DCD0FFD-B715-4C3A-8054-4FB480008D73} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_11_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDyD0FyEyB0FtDyCyByCyDtN0D0Tzu0SzztDtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0D0EyE0F0CtGtBtAyEzztGtAtDtCyDtG0FyDyE0CtGyBtA0CyD0BtAtAtB0DtC0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0F0AyEyE0EtD0AtGzyyDzz0DtGyCyC0C0BtGtC0F0CyDtGyDyEzztA0B0B0E0F0E0D0F0C2Q&cr=1895947718&ir=
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {0b4d6b1c-d1a6-4b21-9412-cc846ebfa818} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {7DCA8C02-B6EF-40D9-B9A4-7D92930B7F49} - No File
CHR DefaultSearchKeyword: mysearchdial.com
Task: {465E99A2-4E62-4E2C-A905-D041F476A1F9} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-12] (AnyProtect by CMI) <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Sherwood at 2014-08-16 13:51:19 Run:1
Running from C:\Users\Sherwood\Desktop
Boot Mode: Normal
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => Value was restored successfully.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key deleted successfully.
“HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}” => Key deleted successfully.
“HKCR\CLSID{6A1806CD-94D4-4689-BA73-E35EA1EA9990}” => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key deleted successfully.
“HKCR\Wow6432Node\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
“HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{39859210-EEBD-4DB6-9B2D-64B1D1ABFDB0}” => Key deleted successfully.
“HKCR\CLSID{39859210-EEBD-4DB6-9B2D-64B1D1ABFDB0}” => Key not found.
“HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{3DCD0FFD-B715-4C3A-8054-4FB480008D73}” => Key deleted successfully.
“HKCR\CLSID{3DCD0FFD-B715-4C3A-8054-4FB480008D73}” => Key not found.
“HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}” => Key deleted successfully.
“HKCR\CLSID{6A1806CD-94D4-4689-BA73-E35EA1EA9990}” => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}” => Key deleted successfully.
“HKCR\Wow6432Node\CLSID{02478D38-C3F9-4efb-9B51-7695ECA05670}” => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}” => Key deleted successfully.
“HKCR\Wow6432Node\CLSID{0b4d6b1c-d1a6-4b21-9412-cc846ebfa818}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
“HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}” => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{10834e9a-d475-4a24-ad01-f3f24f71b28e} => value deleted successfully.
“HKCR\Wow6432Node\CLSID{10834e9a-d475-4a24-ad01-f3f24f71b28e}” => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
“HKCR\CLSID{21FA44EF-376D-4D53-9B0F-8A89D3229068}” => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
“HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}” => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7DCA8C02-B6EF-40D9-B9A4-7D92930B7F49} => value deleted successfully.
“HKCR\CLSID{7DCA8C02-B6EF-40D9-B9A4-7D92930B7F49}” => Key not found.
Chrome DefaultSearchKeyword deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{465E99A2-4E62-4E2C-A905-D041F476A1F9}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{465E99A2-4E62-4E2C-A905-D041F476A1F9}” => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierCA => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierCA” => Key deleted successfully.
C:\Program Files (x86)\AnyProtectEx => Moved successfully.
C:\Windows\Tasks\APSnotifierCA.job => Moved successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
I’ve tried running it 5 times, but is hangs while Scanning. It states, “Pending. Please uncheck elements you don’t want to remove”, but proceeds not further.
I did try running adwcleaner.exe, but it still hung in Safe Mode (for over 3.5 hours).
However, I shut down the computer and restarted it the next day and everything seems to be working fine now. I’m not sure if it’s something we did or if the new version of Avast! (which automatically installed) solved the issue.
At any rate, Avast! seems to be causing no conflicts at the moment.
WARNING:Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disableJava in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware