I’ve had the unfortunate pleasure of being one of the victims of the URL:Mal. Avast keeps saying it’s ‘blocking’ a dangerous website, and all I get is the URL:Mal business
So I did find the ‘Logs to assist in cleaning’ topic and did everything it asked and now I want to know if everything is okay or if I need any further assistance~
I should also add that it keeps doing it despite apparently removing whatever it was on my computer that was a malware. Not only that but now despite having an adblock which never failed before, I’m getting random ads showing.
:Commands
[CREATERESTOREPOINT]
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aq42s3g5)
IE - HKLM\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com?searchso [Binary data over 200 bytes]
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\InprocServer32 File not found
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\SearchScopes,DefaultScope = {5F970FDE-702B-4ef9-920C-5F2848A5AF26}
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
O3 - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
O3 - HKU\S-1-5-21-715964436-205994579-1868140740-1000\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
[2011/12/22 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\OpenCandy
@Alternate Data Stream - 1393 bytes -> C:\Users\Nikola\AppData\Local\Rd8eTj1kBkrdXo:ggaagJ4SBOtoZHo5jZj2xJOyG
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.