URL:Mal Infecton

Good evening again,

i forgot the attachment the last time therefore this new post.

Problem:

Malware tries to connect to various listed sites.

System
Windows 8.1 64bit

Sincerely

Hi let me know if they cease after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2014-11-11] () 2014-11-11 14:15 - 2014-11-24 19:21 - 00000000 ____D () C:\ProgramData\WorldWideCoupon 2014-11-11 14:15 - 2014-11-11 14:15 - 00000000 ____D () C:\ProgramData\b26e1bd62ede5237 2014-11-11 13:34 - 2014-11-11 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2014-11-11 13:33 - 2014-11-24 19:17 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-11-11 13:29 - 2014-11-11 13:29 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat DisableService: pmgw C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default C:\Windows\System32\drivers\xqmuwwu.sys EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hello again,

the following files were generated.

In the adwcleaner directory was no file with [S1]. i hope the [S0] file is correct!
Otherwise i will repeat the scan and clean procedure.

Greets

S0 is fine.

Are you still getting the alerts ?

yes avast and also malwarebytes is sending these alerts.

Could I have a screenshot of the Avast popup please along with a fresh FRST scan

Here are the screenshots of the avast and the malwarebytes popup. I also added the addition.txt. i didn’t know if the file is necassary.

Please fully uninstall Chrome as it has changed to developer build, this means there are no security checks or blocks on it

After the uninstall and a reboot you may re-install it.

Let me know if that stops the alerts