Author Topic: URL:MAL 67.159.200.132 (Read 7724 times)

REDACTED · « **Reply #15 on:** December 24, 2014, 09:29:15 PM »

I uninstalled Spybot, Trojan Remover, Kasperky, SuperAntiSpyware, Web Companion, and Wise Registry Clean.

Here are the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/24/2014
Scan Time: 8:02:37 AM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.24.10
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nakamoto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367602
Time Elapsed: 16 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

FRST, Addition, aswMRB logs at attached.

I did not do FixMBR.

REDACTED · « **Reply #16 on:** December 25, 2014, 04:28:16 AM »

Are you using router to connect to the internet?

Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
- Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad --

Code: [Select]

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
Ad-Aware Web Companion (x32 Version: 1.0.788.1475 - Lavasoft) Hidden
AlternateDataStreams: C:\Users\Nakamoto\Desktop\Hanahouoli Magazine.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Nakamoto\Desktop\QEP Preschool Yearbook.jpeg:3or4kl4x13tuuug3Byamue2s4b
HKU\S-1-5-21-3728143812-4245075021-3154152335-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3728143812-4245075021-3154152335-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Extension: Bitdefender QuickScan - C:\Users\Nakamoto\AppData\Roaming\Mozilla\Firefox\Profiles\5g2iigem.default-1416507301759\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-20]
S2 SearchProtectionService; "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" [X]
CMD: type "C:\QooBox\ComboFix-quarantined-files.txt"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Attach the log in your next reply.

Required Log(s):
- FRST Fix Log

Regards,
Valinorum

REDACTED · « **Reply #17 on:** December 25, 2014, 06:34:32 PM »

Yes, I'm using a router to connect to the internet.

FRST fixlog attached.

I got a warning right after doing the fix (after the reboot):

URL: http://8941180.secure-services92329.com/c.php?aid=254&lid=10419

Infection: URL:MAL

Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

REDACTED · « **Reply #18 on:** December 26, 2014, 07:32:35 AM »

Can you reset your router to factory setting?

REDACTED · « **Reply #19 on:** December 26, 2014, 10:35:47 AM »

Okay, hit the reset button on the router and unplugged/plugged it back in.

REDACTED · « **Reply #20 on:** December 27, 2014, 06:34:30 AM »

Still getting threat warnings.

REDACTED · « **Reply #21 on:** January 13, 2015, 06:15:33 PM »

I opened a support ticket with Avast, but after a few tries, they concluded that my computer needs deeper analysis and that I take it to a computer store. Is it really that bad? How expensive will that be?

Anyone have any more ideas of how to fix this?

Thanks!

Author Topic: URL:MAL 67.159.200.132 (Read 7724 times)

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132

REDACTED

Re: URL:MAL 67.159.200.132