araby online (again) :-(

Viruses and worms
1

Hi

I have another user in Dubai who has been infected with the arabyonline. Hopefully this is the last one as you have been an excellent help so far.

I have attached the logs.

Once again thank you in advance.

2

The addition log file from Farbar is missing.

3

Well spotted Eddy, Ive uploaded the missing log now.

4

Hi, you may need to reset your proxy if you use one

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: ProxyServer: [S-1-5-21-4145280203-2505765041-2347934092-11719] => 192.6.0.246:8080 ProxyServer: [S-1-5-21-4145280203-2505765041-2347934092-11719-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 192.6.0.246:8080 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=1000 HKU\S-1-5-21-4145280203-2505765041-2347934092-11719\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=1000 BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKU\S-1-5-21-175426946-3547651437-4086432366-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-175426946-3547651437-4086432366-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-4145280203-2505765041-2347934092-11719 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-4145280203-2505765041-2347934092-11719-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] Task: {53EF94CC-3262-4A86-8F6C-574164A690AB} - \Adsfree No Task File <==== ATTENTION Task: {6B59A388-508E-4465-A998-5DA646CF8D4A} - \4CEFD9B73D6C-1CRMOI2 No Task File <==== ATTENTION Task: {A73F4968-C003-4994-8BF4-0D3BE5D9D1F9} - \Yahoo! Search Udpater No Task File <==== ATTENTION Task: {B6B88C34-4670-4008-8E45-EE1545AA991C} - \Popper No Task File <==== ATTENTION Task: {E0B43C17-483F-45C7-B499-2FCC546FEF9E} - \Yahoo! Search No Task File <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.