Auction Description Disappearing on Allegro: Ads, Malware Scans, DNS Change, TP-Link Router

Welcome!

The problem is that the auction description on the Allegro appears for a second, the page reloads and ads appear, and the description disappears. I have already seen such a problem here in the forum, I did everything in turn (scan malwarebytes anti-malware, adwcleaner, cc cleaner, eset) - generally found something there and removed it, but it did not change anything. Then I changed the DNS on windows and router to 8.8.8.8 and 8.8.4.4 - still nothing.

Unfortunately, due to another router "It is particularly important to block access to the panel: http://www.tp-link.com.pl/article/?faqid=568" I do not have the options there as in the article in the access control tab I checked "Enable Internet Access Control". I also did ipconfig / flushdns in cmd.

I also attach logs from FRST.

What else can I do..?

In FF, change AdBlock to uBlock Origin.

Uninstall: Adobe Reader 9.5.0 - Polish, change to the latest AR version or Foxit: http://ninite.com/foxit/

Next to frst.exe, create the Fixlist.txt file with the contents:
Task: {63F20271-CA2A-4790-A968-8C24591ED33C} - System32 \ Tasks \ DawidMolineSightlinessV2 => Rundll32.exe VenezuelansUntruths.dll, main 7 1 hxxp: //www.windowssearch.com: 80 / suggestions? Qry = utu & cc = PL & setlang = en & inlang = en- PL & adlt = moderate & scale = 100 & contrast = none & hw = 1200% 2C1920 & CVID = 6EE9D0441D7F483D98E71B8F63A23EC
AlternateDataStreams: C: \ ProgramData \ TEMP: 430C6D84 [127]
AlternateDataStreams: C: \ ProgramData \ TEMP FC5A2B2 [146]
AlternateDataStreams: C: \ Users \ Dawid \ AppData \ Local \ AR6u2ANN2o: Kxz3CGkWmvOQSwf2efE [2060]
AlternateDataStreams: C: \ Users \ Dawid \ AppData \ Local \ tCSCfoqM: NbxZm3upSELV7ugwZlsGGn [2438]
AlternateDataStreams: C: \ Users \ Dawid \ AppData \ Local \ Temp: HlHarBiyZ6VxNyEhGvZWUA9RlS [2292]
AlternateDataStreams: C: \ Users \ Dawid \ AppData \ Local \ Temp: pOQfZv05rWJ1yDXQXNX06tsdF10 [2508]
hosts:
HKLM-x32 \ ... \ Run: [] => [X]
HKU \ S-1-5-21-2272929598-1003954470-4142707412-1001 \ ... \ Run: [AdobeBridge] => [X]
HKU \ S-1-5-21-2272929598-1003954470-4142707412-1001 \ ... \ Policies \ Explorer: []
HKU \ S-1-5-21-2272929598-1003954470-4142707412-1001 \ ... \ MountPoints2: {64fdfddb-38ad-11e6-825f-ac220b501f79} - "K: \ setup.exe"
FF Extension: (SHA-1 deprecation staged rollout) - C: \ Users \ Dawid \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ x4qnazby.default-1487415751062 \ features \ {6821ade5-a412-4f22-9807-40157dcd7a7e} \ disableSHA1rollout @ mozilla.org.xpi [2017-02-18]
C: \ Users \ David \ AppData \ Local \ Tempz *
2017-02-18 14:16 - 2015-09-03 16:44 - 00000000 ____D C: \ AdwCleaner
EmptyTemp:

In FRST, select Repair.

This is not the tab in the router settings, the options you have in Security -> Remote Management.
Have you set malicious dnsy in your router settings? Did you think so and all this?

They work, thanks a lot!

Ie. I had one of the dns 82.118.16.11 and I found somewhere that it could be a problem. In Remote Management I have port 80, IP 0.0.0.0 - that's all there is available.

Can you write to me what caused this, what did the script you do and what to do to avoid it in the future and not to bother people on the forum?

Yes, 82.118.16.11 is harmful dns from Ukraine.

Upload the latest firmware to your router, if newer.

> In Remote Management I have port 80, IP 0.0.0.0

In that case, access should be blocked.

> You can write to me what caused this

Router infection may have been remote or local (after the computer has been infected).

> what the script you provided did

He deleted what you have given.

> what to do to avoid this in the future

Do not infect the system, do not use equipment that has a vulnerable firmware.

Thank you and best regards!