hxxps://188.165.198.52 URL:Mal

[Michael (alan1998)]

Attach a screenshot.. (As it may help Magna find your issue)

100% usage of your CPU by explorer and 4GB of RAM isn't normal, and wouldn't be a memory leak.

[REDACTED]

Seriously? This will be difficult to do, because it doesn't happen that often. Maybe like once every several days.   Usually, explorer.exe
goes over 1GB and then resets itself. This may take awhile. I did catch it at 2GB. Does that count as normal?

[magna86]

Hi,

This does not necessarily mean that it is related malware. First reset Firefox and Chrome browsers back to there defaults settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems
https://support.google.com/chrome/answer/3296214?hl=en


Has alearts quieted now? Next, I would like to preform an ARK check with mighty GMER.


Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named



Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
  
• Click Scan button and wait until the full scan is complete;
  
• Click Save ... - save the report to the Desktop (named Gmer1 );
  
  
• Right-click wherever in the GMER's window and select Options > 3rd party - click the Scan button;
  
• Please wait until the full scan is complete;
• Click Save ... button and save report to Desktop (named Gmer2 );
  note: time scan for Gmer2 log may take some time
  
  
• Click the >>> and select Autostart card;
  
• After quick scan, click Copy button;
  
• Open notepad and Paste text. Save report to the Desktop (named Gmer3 )
  

> Attach here all Gmer logreports. (Gmer1; Gmer2 and Gmer3)

[REDACTED]

I don't have firefox and chrome anymore. I use IE as my browser.  I can't attach Gmer2.log, because of the size limit, it's 5MB.
Maybe, I did something wrong?

[magna86]

Se if you have this file and delete it.
C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net

GMER does show possible suspicious activity but again, this may not be malware itself. Post me the both fresh FRST logs (FRST and Addition logreprots).

Also, let's preform one more ARK scan. Download TDSSKiller  and save it to your desktop

  Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Under Additional options check the boxes next to:
  - Verify Driver Digital Signature;
  - Detect TDLFS file system
  - Use KSN to scan objects
  
•   Press Start Scan
  
•   If Suspicious object is detected, the default action will be Skip, click on Continue.
  
•   If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

[REDACTED]

There wasn't any files in the Mozilla\Firefox\extensions folder. Nothing was detected on tdsskiller.
Is it possible that my pc issue is caused by the deletion of important files that were false positives?

[magna86]

I'm still getting the occasional alert pop-ups with different kinds of names.

...and you are still getting the avast! alearts? I am not seeing any malware here. 

Let's use some alter diagnostic shall we. First we shall strike with AdwCleaner as developer has added some nice features that may help.
Then we will re-check the PC with ZHPDiag tool.





Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
  
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Post logfile will also be saved in the C:\AdwCleaner folder.

.







====ZHPDiag====
Download ZHPDiag to your desktop.

Take action to disable your antivirus and antispyware programs, as they may conflict with ZHPDiag
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Installing ZHPDiag

• Double-click zhpdiag.exe to start the installation.[/*]
  
• Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.[/*]
  
• Click multiple times "Suivant" in the installation process.[/*]
  
• Click "Installer" when asked and "Terminer" once the installation is complete.[/*]
  

Running ZHPDiag

• Double-click the shortcut ZHPDiag on your desktop.[/*]
  
• The user interface will appear, now select "Configureren".[/*]
  
• If the tools default language isn't set to English, click in the bottom right corner on the [img=http://www.imgdumper.nl/uploads7/52c0016c76e8d/52c0016c69f81-huisje.png]icon "Sélectionner une langue" and choose "Anglais".[/*]
  
• Next, click on the [img=http://www.imgdumper.nl/uploads7/52c001f7f0bd3/52c001f7eec91-vergrootglas.png] icon in the bottom left "Diagnostic Options".[/*]
  
• ZHPDiag is now scanning your computer. Please wait patiently until the scan is finished.[/*]
  

http://hijackthis.nl/smeenk/ZHPDiag.PNG

The ZHPDiag.txt logfile

• When finished, a logfile named "ZHPDiag.txt" will appear on your desktop.[/*]
  
• Please post the logfile for further review in your next comment.[/*]
  

[REDACTED]

Sometimes I get pop-ups, but I'm not sure if it has anything do with the infection.
It could be blocking something when I enter a website.  I tried to download the ZHPDiag from the
website, but the link was broken.

[magna86]

It could be blocking something when I enter a website.

Now I read this.  Which website you enter? Post me the URL

There is no need for ZHPDiag as we just discovered the source.

[REDACTED]

I'm sorry it was just an assumption. I really don't know if that is the case.   Do you believe I still
have a malware infection?  It seems like there is nothing left to do. My issue may not have anything
to do with malware, but something else that I can't figure out. Is there anything else we can try?
Should we go ahead with the ZHPDiag?

[magna86]

No, post me the URL of that website.

[REDACTED]

I do not know the specific site. I browse many websites and do not keep track of them.
I give up already. I don't believe there is anything more that can be done.  My pc
for the most part is working well. Thanks for all your help.

[magna86]

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.