I already uninstall it but it keeps appearing every time I’m going to open Google Chrome. Instead of the google page to show up is the vgrabber page the one that u can see!!! I used the OTL run scan and quick scan but dont know what I’m supposed to do with the OTL txt and the Extras txt that gave me? How can I get rid of vgrabber???

run AdwCleaner…click the delete button…post the log here
run a quick scan with Malwarebytes…if anything is found. click remove selected button and post log here

you find them here http://forum.avast.com/index.php?topic=53253.0

did that fix it ?

If that doesn’t clear it up you might try JunkwareRemovalTool as well. They actually will pick up different entries.

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.

Didn’t mean to intrude…back to you Pondus.

After runinnig the AdwCleaner when I open the homepage the vgrabber was gone but like after 10 sec it appear again and it was asking to accepted as homepage!!!

did you also run Malwarebytes?
did you try the tool suggested by Jeffce?

I’m sorry now I did the Malwarebytes here is the report:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
milca :: MILCAMICHAEL [administrator]

Protection: Enabled

1/1/2013 4:01:30 PM
mbam-log-2013-01-01 (16-01-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203601
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\milca\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) → Quarantined and deleted successfully.

(end)

2013/01/01 15:58:49 -0500 MILCAMICHAEL milca MESSAGE Starting protection
2013/01/01 15:58:49 -0500 MILCAMICHAEL milca MESSAGE Protection started successfully
2013/01/01 15:58:49 -0500 MILCAMICHAEL milca MESSAGE Starting IP protection
2013/01/01 15:58:54 -0500 MILCAMICHAEL milca MESSAGE IP Protection started successfully
2013/01/01 15:59:47 -0500 MILCAMICHAEL milca MESSAGE Starting database refresh
2013/01/01 15:59:47 -0500 MILCAMICHAEL milca MESSAGE Stopping IP protection
2013/01/01 15:59:48 -0500 MILCAMICHAEL milca MESSAGE IP Protection stopped successfully
2013/01/01 15:59:51 -0500 MILCAMICHAEL milca MESSAGE Database refreshed successfully
2013/01/01 15:59:51 -0500 MILCAMICHAEL milca MESSAGE Starting IP protection
2013/01/01 15:59:57 -0500 MILCAMICHAEL milca MESSAGE IP Protection started successfully
2013/01/01 16:00:30 -0500 MILCAMICHAEL milca MESSAGE Starting database refresh
2013/01/01 16:00:30 -0500 MILCAMICHAEL milca MESSAGE Stopping IP protection
2013/01/01 16:00:31 -0500 MILCAMICHAEL milca MESSAGE IP Protection stopped successfully
2013/01/01 16:00:34 -0500 MILCAMICHAEL milca MESSAGE Database refreshed successfully
2013/01/01 16:00:34 -0500 MILCAMICHAEL milca MESSAGE Starting IP protection
2013/01/01 16:00:40 -0500 MILCAMICHAEL milca MESSAGE IP Protection started successfully
2013/01/01 16:09:05 -0500 MILCAMICHAEL (null) MESSAGE Starting protection
2013/01/01 16:09:05 -0500 MILCAMICHAEL (null) MESSAGE Protection started successfully
2013/01/01 16:09:05 -0500 MILCAMICHAEL (null) MESSAGE Starting IP protection
2013/01/01 16:09:12 -0500 MILCAMICHAEL (null) MESSAGE IP Protection started successfully
2013/01/01 16:41:20 -0500 MILCAMICHAEL milca MESSAGE Executing scheduled update: Daily
2013/01/01 16:41:21 -0500 MILCAMICHAEL milca MESSAGE Database already up-to-date

Thank you!!! One last thing, I’m supposed to uninstall the Malwarebytes now or it doesnt affect the antivirus and firewall??? And now the computer is showing this message: Windows has detected an IP address conflict. Another computer on this network has the same IP address as this compuet. Contact your network administrator for help resolving this issue. What this mean?

Malwarebytes is safe to keep, update it periodically before running scans.

Your other question will require one of the more knowledgeable in that area to answer.

And where can I find help???

you still have the problem?.. wait for Essexboy or Jeffce to arrive…they are notified

Hi,

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

[*]Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
[*] Double click dds to run the tool.
[*]When done, two DDS.txt’s will open.
[*]Save both reports to your desktop.

Please attach the contents of the following in your next reply:

DDS.txt

Attach.txt

http://i1224.photobucket.com/albums/ee380/jeffce74/aswmbr-1.jpg
Please download aswMBR to your desktop.

[*]Double click the aswMBR icon to run it.
[*]Click the Scan button to start scan.
[]If you are asked to update the Avast Virus database please allow it to do so.
[]When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

http://i1224.photobucket.com/albums/ee380/jeffce74/aswmbrscan.jpg

Click the image to enlarge it

Here is everything!!!

Hi,

ComboFix

Download Combofix from the link below, and save it to your desktop.
Link

Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please attach the C:\ComboFix.txt for further review.

Report of the ComboFix!!!

How is your system running now?

But what do you think the IP message meant? It haven’t said anything so I guess everything is ok! Thanks for all the help!

Hi,

It’s hard to say what exactly was causing the message you were getting…

Let’s get some updates and also make sure nothing is hiding in there still.

http://i1224.photobucket.com/albums/ee380/jeffce74/java.jpg
I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

http://i1224.photobucket.com/albums/ee380/jeffce74/java.jpg
Clear Java Cache

See this page for instructions on how to clear java’s cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.

http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Please download Malwarebytes Anti-Malware to your desktop.

[*]Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
[*]At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings<USERNAME>\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\Logs

Windows Vista & Win7:
C:\Users<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes’ Anti-Malware\Logs

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Attach the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.

Sorry that it took me so long!!!I hope you can still help! There’s a threat found!!! Here are the reports:

Let’s remove that…

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del C:\Users\milca\Downloads\movie_player_d998173.exe

Press Enter
Close the Command Prompt window.

In your next reply please let me know how your system is running.

I don’t know if I did the process correctly :-\ When I Paste the Code to the box, it was supposed to show a message or something? I don’t know much about computers. Because I paste it, press enter and closed it and it didn’t do anything else! I just want to know if I did something wrong!?