Hi, I did as you instructed. please see the file.
Thanks so much.
Hi, I did as you instructed. please see the file.
Thanks so much.
[list]Hi,
Malwarebytes
ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
[]Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.
[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[*]Click the Start button.
[]Accept any security warnings from your browser.
[]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish
In your next reply please attach the logs made by Malwarebytes and ESET.
Hi Jeff, here it is…
Good…how is your system running?
HI, It is running fine but I am still getting the Avast pop up malicious URL blocked message when I open the webpage from firefox.
This is the latest avast pop up essage
Infection Details
URL: ://d r a k x g e n e r a t o r s.n a me/404notfound
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: URL:Mal
But I can go online, no issues…
Hi,
Try to run a scan with OTL now and if the log is made attach both the OTL.txt and Extras.txt
Hi, I am really sorry for the trouble…here is the Extras. text. OTL seems to be too big to be sent as an attachment. Let me try one more time…
Thanks a ton for helping me out with this…
Hi OTL is 264 kb. Unable to attach. Should I paste it here? Pls let me know
Hi,
You can break the OTL.txt into two parts and attach them both…just be sure not to miss anything.
Here it is
Hi,
Thanks for getting me those. Let me look over them and I will return as quick as I can.
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {3A1405E9-6900-4da2-A6FF-859098571985}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKLM\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 94A2AE90-7B04-4CE9-92A8-E74303397600
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=c0228bb300000000000000241dd957a4
IE - HKCU\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA
IE - HKCU\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\..\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q={searchTerms}
[2012/02/22 18:33:38 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/21 06:48:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A88F543-1A53-49E1-A8AE-A43C688A6D46}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCCDEC20-53BE-46E9-BAF4-8955AEAB80F5}: NameServer = 202.88.130.67 202.88.130.15
[2012/06/04 02:14:43 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[9 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Hi, OTL scan first and OTL scan 2nd
Hi,
It looks like your new OTL scan didn’t run quite right. Could you run a Quick Scan and attach the new log.
How is the system running?
You mean the first run with the code pasted? or the second one with Lop check?
System is fine, just want to let you know that the AntiVir Desktop is still there
The second…
here it is OTL quick scan
Thank you…
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKCU\..\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q={searchTerms}
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
both the files
Thanks…any new Avast popups?