Hello Everyone!
For days now I have been getting an FLV update pop that looks just like a flash update. Wow it just happened again as I was typing this. I’m going to try to save it. Anyway at one point I tried to install it and am pretty sure it messed me up pretty good. First my home page changed with some conduit toolbar. First I did a full scan w/MBam and there were 125 files and folders that I deleted. Then I downloaded and followed the recommended fixes here. IE would not let me install Adw Cleaner at first. I had to manually run that because IE said it was dangerous. Here are the results. Do you see anything else, and what about that FLV pop? How do I get rid of that?
Sorry it only let’s you attach 4 files. I thought these might help as well. The MBam one was after deleting the 125 infections and the other is a pic of that FLV pop that I believe is NOT a good thing!
Please download ComboFixfrom here and save it to your Desktop. If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
----- next -----
Please re-run OTL, just hit QuickScan button and attach here fresh created OTL.txt logreport.
Tell me how is your computer running after this OTLFix?
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:COMMANDS
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-614467982-2395519412-2298608913-1000\..\SearchScopes\{3EC9B51A-C428-419F-965E-EBFB76589B21}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN28722612333239116&UM=2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9F5DDD64
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:1CE11B51
:FILES
dir C:\Windows\temp /c
dir C:\Windows\TempFile /c
ipconfig /flushdns /c
C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\iw6vwugv.default\extensions\firefox@weblayers.co.xpi
C:\Users\Beau\AppData\Roaming\skype.ini
:COMMANDS
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
This script will tell FRST just to collect some additional file info + it will restart your explorer.exe + it will start the command for restarting your computer.
Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Save notepad as fixlist.txt NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
[color=#008000]Note: If the tool warned you about the outdated version please download and run the updated version.
I’m a customer service rep from home using this computer and have to login for work. I’ll follow up tonight in between jobs!
Hey beau , I understand. But now I must ask you now, to understand me to.
Since I’m not associated with avast, and I’m doing this on a voluntary basis I must force myself to stop provide you assistance.
Why would I someone for free allowed to earn on me and on my free work?
To make it easy for you, the part I’ve done, the machine should be malware free.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
----- and -----
Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
Magna, we are working on my personal machine not my work computer! I’ve been using my work computer to communicate with you on, not the other way around. I was just letting you know that I had to go to work and couldn’t follow up right away. Trust me, it there was something wrong with my work computer I would make them fix it! But I understand completely and thanks for all your help!
Hey there,
I did not run the desktop hijack fixes yet. My desktop only changed after running the OTL fix and I have not had a problem since changing it back and here is the FRST log.
