Like other users I experience searchya will reset my startpage as searchya everytime I open a new browser window in FF. It has also taken my google search toolbar and changed it to searchya!

I have downloaded malwarebytes anti-malware and did a full scan without it finding anything.

Please help me.

Thanks in advance.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

• :: --PC [administrator]

25-06-2012 18:06:38
mbam-log-2012-06-25 (18-06-38).txt

Skanningstype: Fuldstændig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 305047
Tid gået: 27 minut(ter), 43 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)

Logs

aswMBR.exe

I hope I have posted all that is needed because I just got this new laptop and is frustrated not being able to get rid of this virus!

Hi there this will probably not work unless you put back the user name in the right place with exactly the right spelling

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKU\S-1-5-21-4224816275-1176023701-1590025655-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchya.com/?chnl=dcom-100&s=0&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE IE - HKU\S-1-5-21-4224816275-1176023701-1590025655-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-4224816275-1176023701-1590025655-1001\..\SearchScopes,DefaultScope = {46DFFC93-8FA2-4954-B043-FB5E77260DB9} IE - HKU\S-1-5-21-4224816275-1176023701-1590025655-1001\..\SearchScopes\{46DFFC93-8FA2-4954-B043-FB5E77260DB9}: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q={searchTerms} FF - prefs.js..browser.search.selectedEngine: "SearchYa!" FF - prefs.js..browser.startup.homepage: "http://searchya.com" [2012/06/24 13:30:26 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\zn35yta7.default\extensions\ffxtlbr@searchya.com [2012/06/04 22:08:37 | 000,001,465 | ---- | M] () -- C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\zn35yta7.default\searchplugins\searchya.xml [2012/06/04 18:39:57 | 000,021,093 | ---- | M] () (No name found) -- C:\USERS\-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZN35YTA7.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI [2012/06/04 18:39:58 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZN35YTA7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Before your reply I tried simply to:

1. Open Mozilla Firefox Internet Browser.
2. On Google’s Search box, click the “arrow down” beside the logo.
3. Select “Manage Search Engine” from the drop-down list.
4. Choose your desired search default (like Google) and click the button “Move up.” It should be on the top of the list to set it as default.
5. You can now remove other installed search engine.

and now it doesn’t affect my browser anymore (I had already “uninstalled” Searchya.com toolbar in control panel and remove programs). Do you think this is enough or will it still have influence on my systems in some way?

hey i suggest you fallow the instruction you got from essexbox he knows what he is doing do.

There are till some files and reg keys that will need removing after disabling in FF - The OTL fix will do that

OK - it sounds like it’s a good idea to do the final part of the job.
But before I do I probably need to know what you mean with the first phrase “Hi there this will probably not work unless you put back the user name in the right place with exactly the right spelling”?

C:\Users[b]-[/b]\AppData the red bolded - is where the user name usually goes unless that is your user name ?

I think that it is my username because I haven’t changed or deleted anything it the posts or log-files. My new laptop was already set up to windows when I got it so they have probably just add’ed a “-” as username.

Thank you so much for your kind help and time.

Ah OK it is just that some people get a bit touchy when they see there name in the log and delete it… Which means the fix fails

OK as far as I can see it has all gone…

If you are happy run OTL and hit the cleanup button to remove the programme

Done. Thank you very much, mate!