I am posting logs from OTL.exe first.
you should run them in the order listed in the guide…
AdwCleaner / Malwarebytes / OTL / aswMBR
it seems you have avast and Trend Micro AV installed
never install multiple AV as this will give you a slow machine, windows error and false detections
I ran the others but did not post the logs. I will start over. Thanks. I will also remove the Trend Micro AV.
Here are the first two logs. I ran these prior to OTL in the order of operation in recommended.
Here is the last log.
Actually, the last log is incomplete. Please ignore
Here is the corrected log. Thank you for your help.
Hi,
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKU\S-1-5-21-1439906664-2393434873-375824302-1001\..\SearchScopes\{191F022A-C323-4286-9846-36C2A7517493}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300033&SearchSource=45&q={searchTerms}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:files
C:\$Recycle.Bin\S-1-5-18\$63b37c6e264464ecee5d2284b988ad59
ipconfig /flushdns /c
:Commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[emptytemp]
[resethosts]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
.
*********** Next ************
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
I completed the tasks, and here are the new logs. I also do not see the popup for URL:Mal at this time.
You have two antivirus Trend Micro and Avast, to system can be only one.
I see no present or active malware.
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
Everything completed. Thank you very much for your help!
It seems the popups have returned today for URL:Mal. Should I restart the process of gather logs?
Thanks.
Please download Farbar Recovery Scan Tool and save it to your desktop.
[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Here are the attachments.
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Here is the log. It cured one malicious object.
Do you still popup message?
I don’t!
Run TDSSKiller again.
Attach here log.