Firefox opens up on http://orbevod.ru/ at start up

Hiya,
I once clicked a wrong file, what I believed to be an exctratable compressed file was some malware (yes I know, how stupid I am) and since then Firefox always opens up at start up to this page h t t p : / / orbevod.ru/?utm_source=uoua03&utm_content=59db0b5799d93f7a1a4f75277e36b2ef, I tried to reset Firefox, but with no success.

Your help much apreciated!

AL

I’m on windows 7 pro.

1]
Make the link not clickable

2]
Provide the log files the the malware remover(s) need.
Follow the instructions in “Logs to assist in cleaning malware”.

Monitoring.

Thank you for your help, Malwarebytes Anti-Malware simply fixed it,

all the best.

al-nab plaese follow this guide and let valinorum have a second check and see if mabam could have missed something.

https://forum.avast.com/index.php?topic=53253.0 from the link plaese post the logs from frst+adition and also the scan from mbam.

Thank you for your help.

Sorry, my MABAM is in french…

Al

Are you running a pirated copy of Adobe product i.e. Photoshop?

[*]Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[*]Open Notepad.exe. Do not use any other text editor software;
[*]Copy and Paste the contents inside the code-box to your Notepad

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-609480991-3100118430-1191770200-1015\...\Run: [gdjbrwhcea] => explorer "http://orbevod.ru/?utm_source=uoua03&utm_content=59db0b5799d93f7a1a4f75277e36b2ef" <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-609480991-3100118430-1191770200-1015\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-609480991-3100118430-1191770200-1015\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mfmjpfoggikolkfilofbpgcnhdcgahib] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfjgibhmcgncmjhdodpaolfbjpjjajal] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pgaidlfgjkmeendhknafahppllbniejm] - https://clients2.google.com/service/update2/crx
CMD: bitsadmin /reset /allusers
End

[*]Click on File > Save as…
[list][*]Inside the File Name box type fixlist.txt
[*]From the Save as type drop down list, choose All Files
[*]Save the file to your Desktop;
[*]Re-run FRST.exe and click Fix;
[*]Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.[]After the completion, a log will be produced;
[
]Attach the log in your next reply.[/list]


Yes, I’m afraid so, ‘cos I can’ afford buying those softwares at the moment.

There is no need to use illegal software at all.

No money ?
So if you can’t afford a car and you want one, you just gonna steal one ?
How about someone who can’t afford a pc and steal yours ?

LibreOffice is free and has image editing included.
The Gimp is a free image editing tool.

To add what Eddy said, piracy is not condoned here and we ask you to remove the pirated software.

Ok, done,
Amen.

Proceed to Step 1.