Helpe me please

Hi , for some time now , avast web shield keeps giving me warnings.Here’s a pic of the error.Please tell me what i can do to fix it.
P.S I forgot to tell you that the object is changing sometimes with other sites.
Thanks in advance

hey and welcome to the forum.

please follow this guide and attach your logs. we need the logs from mbam. otl, and aswmbr.

http://forum.avast.com/index.php?topic=53253.0

good luck

Hi,

It appears you have an infected seed. Follow what Mikael asked. I strongly recommend you discontinue the use of uTorrent.

General P2P Warnings:

InfoWorld: http://www.infoworld.com/d/security-central/update-seattle-man-arrested-p-p-id-theft-103
USA Today: http://usatoday30.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
FBI: http://www.fbi.gov/scams-safety/peertopeer/oeertopeer

Just one more personal warning. I have a friend, completely ignored what I said about uTOrrent. When I scan her computer on a monthly basis, just through MBAM scans I can see results of 750+ Objects. Not only are you putting yourself at risk it’s illegal.

Hi , i did as you said and here is the MBAM log , if it helps you.

Holy crap.

Uhh. Re-Run MBAM and when it’s finished, right click and select “select All”. Then delete. Make sure it’s updated as well (Definitions).

After that, run OTL from mikael’s link and attach OTL & Extra’s.

Just some friendly advice. Looking at that MBAM file. You have an “Adware City”. Be careful what you allow to install. If you have the chance to. Untick everything when installing new programs.

A program that will automatically do so.

http://www.unchecky.com

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup or folder and choose to Run as Administrator
Once open click the Install button.
Then click on Finish.
Unchecky is now installed and will help you keep unwanted check boxes unchecked :wink:

You can find a tutorial here: http://www.youtube.com/watch?v=O11jmV8yCXc

I agree, holy crap. Always amazes me how people end up with all this crap on their computer.

Here is the OTL and Extras.I really don’t know what is in these files =))

And

you dont have to know… Malware experts know :wink:

Hi,


OTL Fix


Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:FILES
C:\Users\Remus\AppData\Local\Torch
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
C:\Users\Remus\AppData\Roaming\Mozilla\Firefox\Profiles\owze3c77.default\searchplugins\search-here.xml
C:\Program Files (x86)\iWebar
C:\Program Files (x86)\Sense
C:\Program Files (x86)\Mobogenie 

:OTL
SRV - [2013/12/21 01:02:35 | 001,205,760 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Remus\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
IE - HKU\S-1-5-21-1933885909-1202024360-2826252561-1000\..\SearchScopes\{47415E29-BD90-4F69-A41D-170187A3EEB7}: "URL" = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=8004&t=11"
O2:[b]64bit:[/b] - BHO: (iWebar) - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll File not found
O2:[b]64bit:[/b] - BHO: (Sense) - {11111111-1111-1111-1111-110411821192} - C:\Program Files (x86)\Sense\Sense-bho64.dll File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-1933885909-1202024360-2826252561-1000..\Run: [iLivid] C:\Users\Remus\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O32 - AutoRun File - [2009/07/13 14:55:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

:COMMANDS
[EMPTYTEMP]
[resethosts]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log


AdwCleaner Scan


Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Here is the log.Btw , it deleted all my bookmarks from torch , can i get them back ? :))

I see unchecky in your OTL logs. Removed my original post.

http://unchecky.com/

Thats the unchecky website. :slight_smile:

I wouldn’t use Torch at all! It’s a torrent browser. You’re looking to be reinfected. I count at least 4 Trojans in you MBAM log file. And 200+ PUP files. I recommend you stop using it now and switch to CHrome, Opera, IE, FireFox or something.

I would recommend Internet Explorer cause it has the highest malware detection rate on downloads and websites, and it has just 40 vulnerabilities.

http://secunia.com/vulnerability-review/vulnerability_update_top50.html

Hi, torch was target of OTL (script) that’s why it is removed.
I can back you the torch but I really do not see the point of use. Why you don’t use browsers from known vendors as Firefox, Opera or Chrome. IE 10/11 is good as well.
What would you use torch anyway?

Anyway, tell me how do you want to proceed? Torch? …or continue on (run adwcleaner)?

I use torch because it is much faster than firefox and i don’t really use the torrent on the browser , does it make a diference ?? And yes , i want to go on with the adwcleaner.And 1 more question , what is your choice and what would you suggest for me ? ( as i already said , in my opinion firefox runs pretty slow and i always had problems with it )

I would sugges not to use torch as browser as you can use Firefox, Chrome or Opera. IE10/11 is preaty fast & good as well.
Firefox is to slow for you? Use Google’s Chrome then. Chrome is fast and safe browser. Torch has adwaresing history, therefore …

If you wish to continue (not to restore Torch) run AdwCleaner, post here resulting log and post fresh OTL.txt logreprot by running OTL and QuickScan.

HI , here is the adw logand the recent OTL log

Aye! You still have a lot of crapware… I see you have Hamachi. Private Minecraft Server is on the Desktop…

[2014/02/22 15:26:22 | 000,000,000 | —D | C] – C:\Users\Remus\Desktop\minecraft server

O4 - HKLM…\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
[2014/02/27 14:45:05 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/02/22 15:22:52 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) – C:\Windows\SysNative\hamachi.sys
[2014/02/22 15:22:37 | 000,000,000 | —D | C] – C:\Users\Remus\AppData\Local\LogMeIn Hamachi
[2014/02/22 15:22:37 | 000,000,000 | —D | C] – C:\Users\Remus\AppData\Local\LogMeIn

With 4GB’s of Physical Memory (RAM). I do not recommend you run a MC server. No matter how small.

MySearchDial is still in FireFox


FF - prefs.js..browser.startup.homepage: "http://www.mysearchresults.com/?c=9998&t=01"

Something in the host file appears to be corrupt?


O1 - Hosts: ਍਍‣湵档捥祫扟来湩਍‣桔獥⁥畲敬⁳敷敲愠摤摥戠⁹桴⁥湕档捥祫瀠潲牧浡椠牯敤⁲潴戠潬正愠癤牥楴楳杮猠景睴牡⁥潭畤敬൳《〮〮〮琠慲正湩⹧灯湥慣摮⹹潣⹭㍳愮慭潺慮獷挮浯਍⸰⸰⸰‰敭楤⹡灯湥慣摮⹹潣൭《〮〮〮挠湤漮数据湡祤挮浯਍⸰⸰⸰‰牴捡楫杮漮数据湡祤挮浯਍⸰⸰⸰‰灡⹩灯湥慣摮⹹潣൭《〮〮〮椠獮慴汬牥戮瑥整楲獮慴汬牥挮浯਍⸰⸰⸰‰湩瑳污敬⹲楦敬畢汬潤⹧潣൭《〮〮〮搠漳瑸ㅮ㍸㡢㝤⹩汣畯晤潲瑮渮瑥਍⸰⸰⸰‰湩潮戮獩癲挮浯਍⸰⸰⸰‰獮獩戮獩癲挮浯਍⸰⸰⸰‰摣⹮楦敬搲獥瑫灯挮浯਍⸰⸰⸰‰摣⹮潧瑡慥瑳慣档甮൳《〮〮〮挠湤朮瑵慴瑳瑡此甮൳《〮〮〮挠湤椮獮楫浮摥慩挮浯਍⸰⸰⸰‰摣⹮湩瑳⹡楯畢摮敬㉳挮浯਍⸰⸰⸰‰摣⹮湩瑳⹡汰祡牢瑹⹥潣൭《〮〮〮挠湤氮潬敧晴獡捴捡⹨獵਍⸰⸰⸰‰摣⹮潭瑮敩慲挮浯਍⸰⸰⸰‰摣⹮獭睤汮⹤潣൭《〮〮〮挠湤洮灹扣捡畫⹰潣൭《〮〮〮挠湤瀮摰睯汮慯⹤潣൭《〮〮〮挠湤爮捩慥整獡捴捡⹨獵਍⸰⸰⸰‰摣⹮桳慹潰慴潴甮൳《〮〮〮挠湤献汯浩慢挮浯਍⸰⸰⸰‰摣⹮畴潴瀴⹣潣൭《〮〮〮挠湤愮灰潲湵⹤楢ൺ《〮〮〮挠湤戮杩灳敥灤潲挮浯਍⸰⸰⸰‰摣⹮楢灳⹤潣൭《〮〮〮挠湤戮獩癲挮浯਍⸰⸰⸰‰摣⹮摣摮⹰潣൭《〮〮〮挠湤搮睯汮慯⹤睳敥灴捡獫挮浯਍⸰⸰⸰‰摣⹮灤潤湷潬摡挮浯਍⸰⸰⸰‰摣⹮楶畳污敢⹥敮൴⌊甠据敨正役湥൤

compared to original logs.


O1 HOSTS File: ([2014/02/25 13:05:41 | 000,001,927 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 9 more lines...

Sorry, I’m done now Magna.