I keep getting a red malicious URL message popping up. It tells me that avast Network shield has blocked a harmful site.
Object http://includeit.info/include.|s?id=|S25
Infection: URL:MAL
Process: C:\ProgramFiles\Google\Chrome\Application\chrome.exe
Ran malwarebytes quick scan and nothing showed up. Running a complete scan now. So far nothing found
Please attach your logs.
http://forum.avast.com/index.php?topic=53253.0
MBAM log
Other logs
I am going to refer you to our Certified Malware specialist, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time, but on weekends earlier usually. He will respond to you in this thread, so remember to check this thread daily.
Please do not make any further changes to your machine after you have provided the logs.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy or another malware removal specialist instructs you do to malware removal instructions; use a different machine to check email, sync your phone or other devices.
Let us know if you have any questions. Thank you.
Let me know if this stops it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) IE - HKU\S-1-5-21-3729517373-780162555-934271568-1005\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} FF - prefs.js..extensions.enabledItems: {35933438-E8AE-4A56-A78B-3582E28C97E5}:1.9.1 FF - prefs.js..extensions.enabledItems: {40FD30BB-5C5B-4444-9885-97F1FB18A3E7}:1.9.1 FF - prefs.js..extensions.enabledItems: {8258C202-FFB3-4DB3-8316-0E55FB593352}:1.9.1 FF - prefs.js..extensions.enabledItems: {28D0CC5B-8A76-4256-BA49-5CA20E1529CB}:1.9.1 FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0 FF - prefs.js..extensions.enabledItems: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17}:1.0.27 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 5555 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{35933438-E8AE-4A56-A78B-3582E28C97E5}: C:\Documents and Settings\Tammy Smith\Local Settings\Application Data\{35933438-E8AE-4A56-A78B-3582E28C97E5} [2010/06/19 16:45:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{40FD30BB-5C5B-4444-9885-97F1FB18A3E7}: C:\Documents and Settings\Mel Mel\Local Settings\Application Data\{40FD30BB-5C5B-4444-9885-97F1FB18A3E7} [2010/06/19 23:35:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8258C202-FFB3-4DB3-8316-0E55FB593352}: C:\Documents and Settings\Keith\Local Settings\Application Data\{8258C202-FFB3-4DB3-8316-0E55FB593352}\ [2010/06/20 17:43:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{28D0CC5B-8A76-4256-BA49-5CA20E1529CB}: C:\Documents and Settings\Shelby\Local Settings\Application Data\{28D0CC5B-8A76-4256-BA49-5CA20E1529CB}\ [2010/06/20 17:43:42 | 000,000,000 | ---D | M] [2011/10/16 18:17:32 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2011/10/16 18:17:19 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [2011/09/24 22:23:11 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17} [2011/07/30 21:06:18 | 000,001,467 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1349366828.xml O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Tammy Smith\Application Data\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O3 - HKU\S-1-5-21-3729517373-780162555-934271568-1005\..\Toolbar\WebBrowser: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL File not found:Files
C:\Program Files\StartNow Toolbar
C:\Documents and Settings\Tammy Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
C:\Documents and Settings\Tammy Smith\Application Data\Complitly:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Here’s the other logs. The malicious warning did not come up this time when I logged onto the internet.
Could you surf around for a bit , then when you are happy run OTL and hit the cleanup button ;D
Okay thanks. 