URL: Mal

Object: http://i.trkjmp.com/crossdomain.xml
Infection: URL: Mal
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

It says it on every website and I did a quick scan and full scan. Avast found nothing.

follow the guide and attach the logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

aswMBR freezes my computer when it runs. Not sure if it’s supposed to do that?

3rd attachment here - cudnt fit in on the previous post.

Hi you will need to manually remove Privatize from Chrome, then it will be completely gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - No CLSID value found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32 File not found
IE - HKU\S-1-5-21-2414491415-3392443910-2700952820-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
[2012/09/19 20:54:20 | 000,002,089 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\hrtkhle5.default\searchplugins\Startpins.xml
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks for the quick reply. First time getting malicious software downloaded -__-

I’m having the same problem with Google. The problem is I can’t post the logs because the verification is through Google. So I am posting on my phone

@Pwadyal how is the computer behaving now ?

Once you have completed three post the verification should disappear, could you start your own thread please so that there is no confusion