Websites Were Being Hijacked

Still need ADWCleaner and Hitman.

 

Please remove these items in ADW:

Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
Adware.pokki, C:\Users\fbmag\AppData\Local\Host App Service

And these reg. entries:
Adware.pokki, [Key] - HKU\S-1-5-21-2493785166-1293178697-3009174516-1001\Software\Host App Service
Adware.pokki, [Key] - HKU\S-1-5-21-2493785166-1293178697-3009174516-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki, [Key] - HKCU\Software\Host App Service
Adware.pokki, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

These items in RogueKiller:
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] igfxEM.exe(7944) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a834c52195a141e8\igfxEM.exe[7] -> Found

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5a493af-d60e-4caf-8b4d-96968ad1f3ab} | DhcpNameServer : 10.10.0.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fc784e19-91f0-4bee-af5e-f75bd202b41d} | DhcpNameServer : 150.206.1.3 ([New Zealand]) -> Found

Reboot and rescan with both ADW and RogueKiller and attach the new logs.

 

Those logs are clean. What malware issues are you still having?

 

Not about to click on those. So what is the current status?

 

Ok...

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

What browser?

 

Reset Chrome to Defaults

 

https://www.veracode.com/blog/2013/...ings-for-chrome-firefox-and-internet-explorer

 

That's a matter for the software forum.

 

Download ZHPCleanerto your desktop.
Close all applications (including your web browsers and antivirus)
Double-click on ZHPCleaner to run the tool.
If you are using Windows Vista, 7/8/10; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
Please click the "J'accepte/I agree" button.
First press the "Scanner" button. Be patient, the scan may take some time.
Do NOT fix/repair anything yet! Please upload that logfile also with your next reply.

 

You are clicking on links that are infected.

 

I just tried your link and no problems. Try that link in a different browser.

 

Download this for Chrome:
http://www.majorgeeks.com/files/details/wot_for_chrome.html

Rerun ADWCleaner and also
download Zemana Malware Removal to your desktop and run it please.
It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please.

 

How about ADW?

 

It's fine. Next time it happens, be sure to remember what link you clicked on and report it. Use Firefox for a while. See if it happens with that browser.

 

Just leave it.

 

I suggest you post that inquiry in the software forum.

 

Need a link.

In the meantime:
Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.

Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Those are not the links I asked for. I want a link to the website that produces the malware alert.