Hello. On almost every other site that I visited since Monday, Avast always notified me that it blocked the malware. Some of the sites were Facebook, Gmail, Youtube, Google (anything google actually), Goodreads, and Wanikani. The notification only showed when I was surfing the net. I scanned my laptop with Avast, Malwarebytes, and SuperAntiSpyware but they found nothing other than the adware cookies SAS found.
It looks like this the one attached. Although, I noticed that the Object will change depending on the site like wxw.youtube.com for Youtube.
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1571551566-2142266946-1412682456-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
[2013/07/29 13:02:01 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\EU\AppData\Roaming\Mozilla\Firefox\Profiles\mu52aczu.default\extensions\plugin@getwebcake.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
[2013/08/17 00:28:00 | 000,000,000 | ---D | M] -- C:\Users\EU\AppData\Roaming\Web Cake
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
I’m not using Firefox much so I forgot to mention that. But now that I did, Avast is showing me another blocked malware. I’ve attached the screenshot below.
Good thing is that, there’s no more notifications when I use Chrome and even the crossed-out https seems okay now.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.