For the past couple of day I have been getting a URL: MAL message. The weird part is that I only get it when clicking on links from google. I can manually enter any url and be taken to the site, but if I try and search something on google and click on it, I receive the message. I have already looked at some of the posts on here and followed several of y’alls advice, but it still is coming up. I did do one scan and it found I had 2 Trojans and one other thing so I did the fix option and it said they were quarantined and removed successfully, but I am still getting the message. HELP!!
Hi there lets have a quick look at your system if I may
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: Main\\"XMLHTTP_UUID_Default" -> BA AF B9 03 8E B1 F0 43 91 8B EA CD AE 56 39 15 [binary data]
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:23012
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: Main\\"XMLHTTP_UUID_Default" -> BA AF B9 03 8E B1 F0 43 91 8B EA CD AE 56 39 15 [binary data]
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:23012
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > ->
YN -> HKEY_USERS\S-1-5-19\: Main\\"XMLHTTP_UUID_Default" -> BA AF B9 03 8E B1 F0 43 91 8B EA CD AE 56 39 15 [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > ->
YN -> HKEY_USERS\S-1-5-20\: Main\\"XMLHTTP_UUID_Default" -> BA AF B9 03 8E B1 F0 43 91 8B EA CD AE 56 39 15 [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3060979761-3190564407-1779587827-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-3060979761-3190564407-1779587827-1000\: Main\\"XMLHTTP_UUID_Default" -> BA AF B9 03 8E B1 F0 43 91 8B EA CD AE 56 39 15 [binary data]
< FireFox Extensions [User Folders] > ->
YY -> XUL Cache -> C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ra860ngf.default\extensions\{483d41bc-6bf0-4bdc-9fc1-1f5ae550a753}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {03B9AFBA-B18E-43F0-918B-EACDAE563915} [HKLM] -> C:\Windows\SysWOW64\AuthFWGP32.dll [Reg Error: Value error.]
[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Users^Sam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Advanced Registry Optimizer.lnk ->
[Files/Folders - Modified Within 30 Days]
NY -> 579753263 -> C:\Windows\SysWow64\579753263
NY -> AuthFWGP32.dll -> C:\Windows\SysWow64\AuthFWGP32.dll
[Files - No Company Name]
NY -> AuthFWGP32.dll -> C:\Windows\SysWow64\AuthFWGP32.dll
[File - Lop Check]
NY -> .# -> C:\Users\Sam\AppData\Roaming\.#
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
I have not done the final thing that you just posted but the aswMBR scan keeps making my computer restart in the middle of it after it has two things come up in red as “infected.” I’m not sure if that step is vital or you have any other suggestion. I really appreciate all the help!