URL:Mal?

[CCCPKi]

So, pretty much just twenty minutes ago or so, I began to get an error message once I get on to Chrome.
The URL that the attack is apparently coming from is:

http://i.trkjmp.com:6999/crossdomain.xml
As said, it's a URL:Mal error, which I don't really know what that means.

I have only Avast!, and need help.

Any help would be much appreciated, thanks!

[jjj2576]

I was getting the same one--I did a system restore but now a different object is appearing.

[Pondus]

to those who need help, first start your own topic  since helping multiple users in same topic will just be chaos
then follow the guide and attach logs not copy and paste


http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

[CCCPKi]

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 16:40:09
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Xavier1 - XAVIER1-PC
# Boot Mode : Normal
# Running from : C:\Users\Xavier1\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Sidekick Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Sidekick Manager
File Deleted : C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Users\Xavier1\AppData\Local\APN
Folder Deleted : C:\Users\Xavier1\AppData\Local\Conduit
Folder Deleted : C:\Users\Xavier1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Xavier1\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Xavier1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Xavier1\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Xavier1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidekick Manager
Folder Deleted : C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\extensions\staged
Folder Deleted : C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9519166F-D584-4D90-A904-DACDECA87376}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22723C1-67ED-45F2-A273-8B858A1FA06D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-3852174534-2507184533-1418211712-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=102868&gct=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\prefs.js

Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13")[...]
Deleted : user_pref("avg.install.userSPSettings", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "appbario8 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Deleted : user_pref("extensions.enabledAddons", "{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22,{b64982b1-d112-[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_installed_extensions[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_installer", "//* VER[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_log", "NaNxfollowers[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xkit_preferences", "//* V[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xquickinbox", "//* VERSIO[...]
Deleted : user_pref("greasemonkey.scriptvals.hxxp://userscripts.org/users/atesh/XKit.xquickinbox_icon", "data:[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Xavier1\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9423 octets] - [17/09/2012 16:40:09]

########## EOF - C:\AdwCleaner[S1].txt - [9483 octets] ##########

Here is the ADW log, but the report is still coming.
Will post the MBAM log once it's done.

[CCCPKi]

Nothing at all came up for Malware Bytes, but interestingly enough, the URL in which the Object is from has changed to something longer, only keeping up the beginning of it.
The OTL scan will hopefully be done soon, it's on the Manual Scan now.

[CCCPKi]

And here is the log for the OTL.
About to start the final scan, hopefully someone can help with this.

[CCCPKi]

And here it is, the final piece of info.
Please, please, PLEASE offer assistance, thanks.

[CCCPKi]

Okay, well, since no one has been helping on the other thing, I tried finding files that could've possibly done all this.
I indeed came up with results.

Saving Sidekick seems to be the root of the problems, and following a guide, I deleted all but one file.
That one file is an exe in my c:/Username folder.

Anyway I can find it, or such?

[essexboy]

Hi you posted after I went offline

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
[2012/09/14 16:13:50 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\extensions\crossriderapp5060@crossrider.com
O3 - HKU\S-1-5-21-3852174534-2507184533-1418211712-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Files
C:\Users\Xavier1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[CCCPKi]

Hi you posted after I went offline

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
[2012/09/14 16:13:50 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Xavier1\AppData\Roaming\Mozilla\Firefox\Profiles\j1gs1e4m.default\extensions\crossriderapp5060@crossrider.com
O3 - HKU\S-1-5-21-3852174534-2507184533-1418211712-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Files
C:\Users\Xavier1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thank you for the response, but I'd like to know when I know it's safe to reboot.
My computer rebooted a few moments after it went to a pure black screen, and booted back up with no desktop icons.
Was that supposed to happen?

[essexboy]

After OTL has cleared your temporary files the desktop should re-appear, if it does not then just reboot