MALICIOUS URL BLOCKED! dances.us??? What is going on???

[DavidR]

I remember doing this scan, falling asleep for a bit, and waking up to my computers death! Not to sound ungrateful or anything but....IDK about this...

Well this scan, is analytical to obtain a log file, it doesn't take any action, unless you give it directions (which you shouldn't without guidance).

So I don't know what happened but it certainly wasn't initiated by this scan. Your choice to run it or not, if you don't there will be no way to check this without using yet another tool to analyse the MBR and who is to say that would be any different.

[essexboy]

Not really as aswMBR was just scanning - it will fix nothing until told to

Does the computer boot at all

[MumtazG38]

If by boot you mean can I access f12 etc, or does it startup normally then yes. Nothing about startup has changed after the reinstall. I have the option to boot from usb/cd if its plugged in/inserted...

btw...log attached.

[essexboy]

The MBR looks good - so lets see if anything was transfered over during the re-install

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[MumtazG38]

both of em....

[essexboy]

Found it - were you on Facebook recently ?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 45 90 2A 06 B0 8F CD 40 9D C6 C5 4D 65 68 BE 84 [binary data]
  IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 45 90 2A 06 B0 8F CD 40 9D C6 C5 4D 65 68 BE 84 [binary data]
  IE - HKU\S-1-5-21-3562891666-3718405954-1392146742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 45 90 2A 06 B0 8F CD 40 9D C6 C5 4D 65 68 BE 84 [binary data]
  [2011/07/26 21:16:59 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Amna\AppData\Roaming\Mozilla\Firefox\Profiles\288d30p0.default\extensions\{00fc45be-c90e-43d7-8a1d-82b3fdbf6c41}
  O2 - BHO: (no name) - {062A9045-8FB0-40CD-9DC6-C54D6568BE84} - File not found
  O2 - BHO: (Facetheme) - {3fdba1ba-ae28-4045-9048-4ed2f3865629} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)
  
  :Reg
  [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-21-3562891666-3718405954-1392146742-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[MumtazG38]

Well, yeah...I mean, I'm not much of a facebook-er but I do use it a bit. Mainly just to upload pics of my son so our family back home can see them. Should I stop using facebook then???

....log attached.

[essexboy]

No but be very cautious on what links you click

One more to kill have the alerts ceased ?

 Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2011/07/17 00:57:34 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
  
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[MumtazG38]

YAY!!! I think that one done it!   I'm so happy to finally rid my computer of that horrible thing, whatever it was.

Ok, gonna try that last fix you mentioned, just for good measure!

THANK YOU ESSEXBOY!!!!!

[MumtazG38]

Here's that log I promised! Hope everything looks dandy.

[essexboy]

You might actually consider binning Firefox and updating to IE9 - now there is a heretical statement

Any further problems ?

[MumtazG38]

BIN FIREFOX??? Over my cold, limp and very dead body!!! Firefox is my love, sorry. Can't do it. IE scares me! Sorry, but if that is the choice I must make....then the answer remains the same. WE LOVE YOU FIREFOX!!!

 

[Asyn]

BIN FIREFOX??? Over my cold, limp and very dead body!!! Firefox is my love, sorry. Can't do it. IE scares me! Sorry, but if that is the choice I must make....then the answer remains the same. WE LOVE YOU FIREFOX!!!

I agree with you.
But, you should add NoScript to FF, if you don't already have it.

[MumtazG38]

I did have that before the reinstall. Hadn't remembered to get it again...will do that now. Thanks.

[essexboy]

We are actually discussing this elsewhere, purely from the malware point of view - so I just thought I would toss the hand grenade in and run  

Edit : The initial post that started our discussion  http://www.geekstogo.com/forum/topic/304629-internet-explorer-9-security-best-once-again/