Avast virus Unseen.

[REDACTED]

Avast keeps saying protected from a virus and this is what its saying it is

hxxp://getusaaall.info/?e=smsn&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDy

URL:MAIL

I have run scans and my computer isn't picking up anything help please! "I will keep checking on the form for responses if i don't respond immediately i will get to it asap"

[Asyn]

Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[mchain]

Follow Asyn's advice as this is not about a poll but rather a malware infection you have on your system.

Once you have run the three programs and attached the resulting logs in your next reply, a certified malware removal expert will be contacted for you.

[REDACTED]

Working on the scans for logs now.

[REDACTED]

How do i attach the logs?

[Pondus]

Below The Box you Write in ...... Attachments and other options

[REDACTED]

This is what I have so far I will post the last one when it is complete and i get too it.

[REDACTED]

Hi,

Post me also aswMBR report and I will start assessing your logs. Should be back here later.

[REDACTED]

its the same attachment accidentally added twice/

[REDACTED]

HI. Please do this one for me.

Batch Script

Please download getusaaall script and save it to your desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

• Right-click on icon named getusaaall and select Run as Administrator to start the script.
  
• A black window will blink shortly.
• After that two files will be located on your desktop: scanning1 and scanning2.

Please include them both in your next reply.

[REDACTED]

.

[REDACTED]

Hi


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  

Code: [Select]

start
C:\Users\Owner\AppData\Local\iLivid
HKU\S-1-5-21-2572585780-1497095549-3986437272-1000\...\Run: [iLivid] => "C:\Users\Owner\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2572585780-1497095549-3986437272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iLivid] => "C:\Users\Owner\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs-x32: c:\progra~2\so_boo~1\assist~1.dll => "c:\progra~2\so_boo~1\assist~1.dll" File Not Found
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fas...&cc=US&unqvl=56
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fas...&cc=US&unqvl=56
BHO: MySearch -> {5E0952AB-C3E0-7963-4672-6CC024B4994F} -> C:\Program Files (x86)\MySearch\aE6nMTHuc.x64.dll No File
BHO: PriceChiop -> {7DE8C77D-4B3E-AC20-C522-B9BF1784F485} -> C:\Program Files (x86)\PriceChiop\hZOVZE9v.x64.dll No File
BHO: SaVEMasss -> {C950F28F-B018-B9AA-6C3B-6B243D4A2A77} -> C:\Program Files (x86)\SaVEMasss\0EViIJZO9j.x64.dll No File
BHO: Adblocker -> {DB4D8C91-018D-D89E-4A00-0C9467CD881E} -> C:\Program Files (x86)\Adblocker\Rfnvj6K8Hn.x64.dll No File
C:\Program Files (x86)\PriceChiop
C:\Program Files (x86)\MySearch
C:\Program Files (x86)\SaVEMasss
C:\Program Files (x86)\Adblocker
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://websearch.fastsearchings.info/?pid=2290&r=2014/07/10&hid=12690441653842002612&lg=EN&cc=US&unqvl=56
FF Keyword.URL: hxxp://websearch.fastsearchings.info/?pid=2290&r=2014/07/10&hid=12690441653842002612&lg=EN&cc=US&unqvl=56&l=1&q=
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: http://www.trovi.com...rchTerms}&SSPV=
CHR Extension: (SAAvEMass) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\anmdhmlhiebledcbfaaadbjgdmfpknoe [2014-07-10]
CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbdnmjecfojfccnjjfemlnhimbpfljj [2014-07-10]
CHR Extension: (PriceChiop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehniblchhmggdffcnmnmijdbngphbenc [2014-07-10]
CHR Extension: (NeXtCoupu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhilmmjnippdhojjcjdooemiconeie [2014-07-10]
CHR Extension: (CuupoDOco) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggoamgeodkbccknnbkfgimhjklbjbpbp [2014-06-29]
CHR Extension: (PrIceCuhop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeefgbgcgkmhgkdamnfknamnjcihepec [2014-07-10]
CHR Extension: (SaVEMasss) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaahgagebhagongmlnfclnipkmklgom [2014-07-10]
CHR Extension: (SAAvEMass) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\anmdhmlhiebledcbfaaadbjgdmfpknoe\1.0 [2014-07-10]
CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbdnmjecfojfccnjjfemlnhimbpfljj\1.0 [2014-07-10]
CHR Extension: (PriceChiop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehniblchhmggdffcnmnmijdbngphbenc\1.0 [2014-07-10]
CHR Extension: (NeXtCoupu) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhilmmjnippdhojjcjdooemiconeie\1.0 [2014-07-10]
CHR Extension: (CuupoDOco) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggoamgeodkbccknnbkfgimhjklbjbpbp\1.0 [2014-06-29]
CHR Extension: (PrIceCuhop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeefgbgcgkmhgkdamnfknamnjcihepec\1.0 [2014-07-10]
CHR Extension: (SaVEMasss) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaahgagebhagongmlnfclnipkmklgom\1.0 [2014-07-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-10 22:34 - 2014-07-11 00:08 - 00000000 ____D () C:\ProgramData\NeXtCoupu
2014-07-10 18:19 - 2014-07-10 18:19 - 00000000 ____D () C:\SUPERDelete
2014-07-10 18:16 - 2014-07-11 00:08 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 18:15 - 2014-07-10 22:35 - 00000000 ____D () C:\ProgramData\SAAvEMass
2014-07-10 18:15 - 2014-07-10 22:28 - 00000000 ____D () C:\ProgramData\PrIceCuhop
2014-07-10 18:14 - 2014-07-10 18:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\EZDownloader
2014-07-10 18:13 - 2014-07-11 00:08 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 18:12 - 2014-07-11 00:08 - 00000000 ____D () C:\ProgramData\PriceChiop
2014-06-29 18:46 - 2014-07-10 22:34 - 00000000 ____D () C:\ProgramData\c023927bd2ec3
2014-06-29 18:46 - 2014-07-01 00:53 - 00000000 ____D () C:\ProgramData\Adblocker
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Guest
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-29 18:46 - 2014-06-29 18:46 - 00000000 ____D () C:\Users\Administrator
2014-06-29 18:45 - 2014-06-29 18:48 - 00000000 ____D () C:\ProgramData\InstallMate
CMD: ipconfig /release
CMD: netsh int ip reset
CMD: ipconfig /renew
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: bitsadmin /reset /allusers
REBOOT:
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
C:\Users\Owner\random.dat
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
Task: {400F0FD4-1FAF-4447-BB54-F5DAD77FCF0D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
C:\Program Files (x86)\GoforFiles
Task: {58F522E5-34E4-443D-93C5-0DC707A441F8} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
%LOCALAPPDATA%\GCC\Controller.exe
Task: {AF625D46-046E-4F50-A1EC-628367669DBD} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {E4318DD4-BAB3-44B7-B2B3-F58EE1127F6D} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
end

• Click File, Save As and type fixlist.txt as the File Name.
  

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please include it in your reply.


Clean Temporary Files with TFC

Please download TFC by OldTimer and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Close any open programs and save your current work.
• Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.


Update me about alerts after these steps.

[REDACTED]

Here is the fixlog and i will try it out for a day and post if theirs still an issue

[REDACTED]

Report in both cases: with/without issues. I'd like to perform some general scans for vulnerabilites to send you more secured

[REDACTED]

I have been on all day so far no issues