Malicious URL Blocked Message - With Logs

[joker2040]

Mainly this happens when clicking on links from Google. Almost all of them the first time then I can click them again and they work fine. I have updated/ran Malwarebytes but it comes back clean. Also when running avast it comes back clean also.

I have attached OTL and aswMBR logs.

Any advice?

[Pondus]

if you have malwarebytes log then attach that also

you also have avast and McAfee installed
installing multiple Av will give you a slow machine / windows errors / false positive detections

malwareremovers are notified. it may take many hours before one arrive so be patient

[essexboy]

I would hazard a guess that this is in Firefox only, let me know if this clears it 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{80A71888-7766-11E1-826D-B8AC6F996F26}: C:\Users\johnso6\AppData\Local\{80A71888-7766-11E1-826D-B8AC6F996F26}\ [2012/03/26 13:09:58 | 000,000,000 | ---D | M]
  [2012/03/26 13:09:58 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\JOHNSO6\APPDATA\LOCAL\{80A71888-7766-11E1-826D-B8AC6F996F26}
  O3 - HKU\S-1-5-21-839522115-1383384898-515967899-1715225\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  
  :Files
  ipconfig /flushdns /c
  C:\Users\johnso6\AppData\Local\{80A71888-7766-11E1-826D-B8AC6F996F26}
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[joker2040]

Thank you for your help. Yes it was only in FF and now it appears to be resolved. I attached the OTL log from the the Quick Scan.

[essexboy]

Let me know tomorrow if it is still OK and I will tidy up

[joker2040]

I'm back with the same issue. 

The previous fix suggested corrected the issue. Since then I have gotten another laptop and used a data migration tool to transfer all of my files. After doing so the previous issue has popped up again. Now it is happening in both IE and FF. When clicking on links from Google I get rediected to another site. I have attached new log files. Virus scans come up clean.

[joker2040]

Anyone?

[Pondus]

Anyone?

yes......when they are home from work.      european time zone

[essexboy]

Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
FF - prefs.js..extensions.enabledAddons: %7Be7d23aa2-c18e-453d-811e-4999fd1b2cfe%7D:3.0.1
[2013/01/28 18:03:37 | 000,004,019 | ---- | M] () (No name found) -- C:\Users\johnso6\AppData\Roaming\mozilla\firefox\profiles\jql15uod.default\extensions\{e7d23aa2-c18e-453d-811e-4999fd1b2cfe}.xpi
O4:64bit: - HKLM..\Run: [mrtpcf] C:\Users\johnso6\AppData\Roaming\mrtpcf.dll ()
O4:64bit: - HKLM..\Run: [msnel] C:\Users\johnso6\AppData\Roaming\msnel.dll (Ray Hinchliffe)
O4:64bit: - HKLM..\Run: [wmprf] rundll32.exe "C:\Users\johnso6\AppData\Roaming\wmprf.dll",Init File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
[2013/01/11 11:00:31 | 000,627,712 | ---- | C] (Ray Hinchliffe) -- C:\Users\johnso6\AppData\Roaming\msnel.dll
[2013/01/28 21:55:30 | 000,006,524 | ---- | M] () -- C:\Users\johnso6\AppData\Local\e7d23aa2-c18e-453d-811e-4999fd1b2cfe.crx
[2013/01/28 21:26:42 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2013/01/28 21:26:34 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
[2013/01/28 21:26:34 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2013/01/28 21:26:34 | 000,000,346 | -H-- | M] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2013/01/28 21:26:34 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2013/01/11 11:00:55 | 000,334,336 | ---- | M] () -- C:\Users\johnso6\AppData\Roaming\mrtpcf.dll
[2013/01/11 11:00:33 | 000,627,712 | ---- | M] (Ray Hinchliffe) -- C:\Users\johnso6\AppData\Roaming\msnel.dll

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[joker2040]

I think the issue is fixed now. I ran the scan again as suggested after applying the fix. Attached is the result.

[essexboy]

If all is well tomorrow let me know and I will tidy up