Avast Pop Up alerts 8000064.@ 80000032.@ 00000004.@ 80000000.@ 000000cb.@

[hi4167]

I am getting avast alerts every 5 to 10 minutes Displaying Malware and Trojan Virus blocked

The name of the viruses are 8000064.@ 80000032.@ 00000004.@ 80000000.@ 000000cb.@

Please help!

[magna86]

Hi,

Please attach here OTL scan (and OTL only) following this instructions and attach here logs.
http://forum.avast.com/index.php?topic=53253.0

[hi4167]

When I click to download adwcleaner.exe a windows message pops up saying "adwcleaner.exe contained a virus and was deleted" and it wont let me download it. In fact the other links provided for Malware bytes' Anti-Malware and OTL the same message pops up, not allowing me to download the programs because a virus was detected.

What do I do??

[magna86]

I need to see only OTL logs with custom scans script. Ignore that warning or try to download & run OTL from diferent browsers. Or try to disable your AV.
What exactly telling you that all thouse tools are malware becose they all are legit malware removal tools?

[hi4167]

An internet explorer message. google chrome worked. here is OTL

[magna86]

1. Please download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

• Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  
• In the window that opens on the top right corner, click Settings.
  
• In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  
• => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
  

Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
 Attach log reports ( ComboFix.txt) back to topic.

[hi4167]

here is the combofix log

[hi4167]

...

[magna86]

Hi,
You have been attach the same log three times.


Create CFScript for Combofix:

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]

Folder::
c:\program files (x86)\Google\Desktop\Install
c:\users\Hunter\AppData\Local\Google\Desktop\Install
c:\program files (x86)\Ask.com
c:\program files (x86)\uTorrentBar

DirLook::
c:\program files (x86)\MyITLab

FileLook::
c:\windows\SysWow64\setup16.exe
c:\windows\SysWow64\instnm.exe
c:\windows\SysWow64\user.exe

ClearJavaCache::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

DDS::
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

[hi4167]

Here you go

[magna86]

Looks good. Re-check with FRST and FSS.



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

----- next -----


Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  
• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[hi4167]

The pop ups stopped!

 Although some of my files have copies with the titles changed to "~$" for the first letters of the title. What is that?

[magna86]

The pop ups stopped!

 Although some of my files have copies with the titles changed to "~$" for the first letters of the title. What is that?

We will come to that. I'm waiting FRST and FSS logs.

[hi4167]

...

[magna86]

Addition.txt created by FRST?