hi there, my name in Ajay and since this morning i'm being alerted by avast.
infection: URL:Mal
process: C:\Windows\System32\svchost.exe
can anyone help me please?
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
hi there, my name in Ajay and since this morning i'm being alerted by avast.
infection: URL:Mal
process: C:\Windows\System32\svchost.exe
can anyone help me please?
Yep I can are the urls Blackflight and reduled ?
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
As soon as the logs have been produced run this very quick FRST fix to silence Avast
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
here they are.
CreateRestorePoint:
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [VoipDiscount] => C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe [23057512 2015-01-15] (VoipDiscount)
HKU\S-1-5-21-3916064375-1812797599-2144750406-1001\...\Run: [Rynga] => "C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59923;https=127.0.0.1:59923
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3916064375-1812797599-2144750406-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com...q={searchTerms}
2015-04-19 12:51 - 2015-04-19 12:51 - 00000000 ____D () C:\ProgramData\90b31f1800005538
2015-04-19 12:48 - 2015-05-09 13:51 - 00000000 ____D () C:\Users\Sembhi\AppData\Local\20FB79F6-1429447683-4D8B-6087-4E45435F4349
2015-04-19 12:42 - 2015-05-09 13:51 - 00000000 ____D () C:\ProgramData\{b3973c4d-ccbf-93bb-b397-73c4dccbf137}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
th log at complation
"Fix completed. The "Fixlog.txt" is saved in the same directory FRST is located"
do i have to post the fixlog?
yes
thanks a lot sir
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.