totaladperformance?

[REDACTED]

Hi I have no idea how I was infected but for a few weeks like 10 times a day but randomly I open a website or click a link in Google Chrome and I get a 2nd tab called totaladperformance.com opening too and then a pop up in the bottom right of my screen and the voice saying a threat has been detected or identified.

Thing is a full system scan from Avast finds nothing. Malwarebytes Premium Threat scan finds nothing.

Avast obviously knows about it cause when the site opens Avast goes haywire but when the site isn't opening on its own Avast has no idea its on my system and I can't work out why.

Its not the websites. Same site nothing happens after reloading site and its happened on like 50 sites over the last few weeks.

https://www.radio-rentals.com.au/

Think this site may be what gave it to me but am not sure. They are a legit long running aussie business which makes me unsure if its even possible they are to blame.


I was using a free Dreamspark student copy of windows 8.1 pro and then I installed Windows 8.1 basic retail edition over it so that when I upgraded to windows 10 i'd have my retail copy as the one 10 was an upgrade too. I now have windows 10 and had to uninstall Avast and reinstall since after the upgrade to 10 the firewall wouldn't turn on. Thing is this issue has persisted through from the pro install of 8.1 all the way to windows 10.

Right now I have a license for Avast Internet Security and it and Malwarebytes installed.

Thanks in advance for any help given.

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

FRST and aswMBR ok to use on windows 10? FRST only says up to 8 so just wanna make sure first.

[Asyn]

FRST and aswMBR ok to use on windows 10? FRST only says up to 8 so just wanna make sure first.

Afaik FRST should work, you can skip aswMBR if needed.

[REDACTED]

Umm FRST.txt is too big to post :S

The following error or errors occurred while posting this message:
The message exceeds the maximum allowed length (20000 characters).

In fact omg I pasted it into a website that counts characters and it says FRST is 821151 characters

[Asyn]

Please attach all logs, see screenshot...

[REDACTED]

Please attach all logs, see screenshot...

Oh haha ty

There we are.

[Asyn]

OK, now you've to wait a bit...

[REDACTED]

OK, now you've to wait a bit...

You got a laugh out of me and my neighbour for that comment hope you can make heads or tails of them. I'm a techy myself but complex stuff like these logs just do my head in.

[essexboy]

Hi which browser do they appear in ?  Is it FF, IE or Chrome... Or all ?

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieUserList
2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieSiteList
2015-07-24 06:51 - 2015-07-24 06:51 - 00000000 __SHD C:\Users\peter\AppData\Local\EmieBrowserModeList
C:\Users\peter\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
Task: {0304B80C-EF70-42C5-A42A-2A7144B22244} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {0DB044E7-51C7-4B39-ACD1-2D3432492056} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd No Task File <==== ATTENTION
Task: {629E8AFB-2DE9-47AE-B0AE-286CB7D2EFE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {7C3F9537-CC9C-46A3-B37F-BEB81F4CBE7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {CCE2736F-7CF7-4AEE-8659-DD9CD4F13F4D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {E2DA4350-D8D4-4974-8368-CCA318730E7B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

There we are mind letting me know what the fixlist did?

I pretty much only use Chrome so not sure about FF or Microsoft Edge. As for IE I don't think that exists anymore in Windows 10 does it? Edge was meant to replace it. Either way I only use FF or IE when Chrome fails to load a page due to bad website coding

[essexboy]

Yes IE is still in 10 as that is the only browser I use.  Edge is still a bit immature

The fixlist remove the tasks for updating windows 10 ... Left behind when you updated, I removed mine as well as I like tidy

I reset the emsie browser list as malware just loves hiding in there and windows will re-install it if it needs it

AdwCleaner hit the areas I cannot see..

Are the ads still present

[REDACTED]

Yes IE is still in 10 as that is the only browser I use.  Edge is still a bit immature

The fixlist remove the tasks for updating windows 10 ... Left behind when you updated, I removed mine as well as I like tidy

I reset the emsie browser list as malware just loves hiding in there and windows will re-install it if it needs it

AdwCleaner hit the areas I cannot see..

Are the ads still present

No idea will let you know once I get some more testing in things that only happen one in like 20 or so times are hard to work out and fix I find.

Any idea why Avast couldn't find it? Must admit to being stumped as to hhow antivirus works lol.

Also emsie browser list is what? Google has 0 pages with those 3 words together and no good results without quotes. It asks did I mean MeSH Browser List xD

[essexboy]

It is an enterprise mode compatibility thing in IE but it has been hijacked by adware

https://social.technet.microsoft.com/Forums/ie/en-US/9b080135-dd7c-458a-93bb-e62b3fdbdd07/emiesitelist-and-emieuserlist-hidden-directories-and-datfiles?forum=ieitprocurrentver

[REDACTED]

Cool well no new popup tabs yet think i'm cured. Thanks for all the help.