Author Topic: Malicious URL Blocked msg every 30 sec  (Read 32285 times)

0 Members and 1 Guest are viewing this topic.

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #15 on: May 31, 2012, 08:30:55 PM »
Yes...please attach the logs from now on.  I wrote that wrong earlier.  :)

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #16 on: June 02, 2012, 04:04:50 PM »
So, should I keep trying to run the OTL even though it makes my PC crash ?

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #17 on: June 02, 2012, 09:43:17 PM »
Hi,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #18 on: June 03, 2012, 09:09:06 AM »
Here we go...

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #19 on: June 03, 2012, 02:06:52 PM »
Hi,

I notice that you have both Avast, AVG and PC Cleaner Pro as well as it looks like you had CA Antivirus as well running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. We will need to later uninstall either Avast or AVG or PC Cleaner Pro (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel).  As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

Let me know which one you would like to keep and we will remove the others.
----------

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code: [Select]
ClearJavaCache::

DDS::
mStart Page = hxxp://search.searchonme.com/

File::
c:\windows\system32\drivers\kdwijva.sys

Driver::
eltytq
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #20 on: June 04, 2012, 07:50:49 PM »
Avast is the only program I was trying to run, I uninstalled AVG long ago and PC pro I uninstalled right after it ran. I even ran an uninstall tool to get rid of AVG, perhaps the system restores I have tried have left shadows of the programs on my PC. This latest program has sent me into safe mode again. Hope it worked, thanks for your help !


jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #21 on: June 04, 2012, 09:26:38 PM »
Hi,

Ok let's try and get those antivirus programs knocked out of there...

Please do the following:

Hold down the Windows key and press R to open a run box
type the following text into the run box

appwiz.cpl

This will open your Programs And Features. A list of installed programs will populate

Remove the following programs if they are there:

AVG, PC Cleaner Pro, CA Yahoo! Anti-Spy (remove only)
----------

If AVG is not there (or after you remove it) download and run the tool found here >> http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Run a new scan with ComboFix and attach the new log that is created. 

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #22 on: June 05, 2012, 05:50:54 PM »
One question, do I run the new scan by dragging those instructions to it again?

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #23 on: June 05, 2012, 05:59:53 PM »
No not this time....just run a normal scan.  :)

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #24 on: June 05, 2012, 08:24:49 PM »
The AVG cleaner didn't do the job as CF was still detecting it but I ran it anyways...

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #25 on: June 05, 2012, 09:26:19 PM »
Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code: [Select]
ClearJavaCache::

File::
c:\windows\system32\drivers\kdwijva.sys

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

Driver::
eltytq
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #26 on: June 06, 2012, 05:26:21 PM »
Hi, here it is...

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #27 on: June 06, 2012, 08:10:55 PM »
      Hi,


Malwarebytes

I see that you have Malwarebytes already on your computer.  Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



[list=1]
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please attach the logs made by Malwarebytes and ESET. 

buckeyerob39

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #28 on: June 06, 2012, 10:44:18 PM »
9 objects found !

jeffce

  • Guest
Re: Malicious URL Blocked msg every 30 sec
« Reply #29 on: June 06, 2012, 10:48:03 PM »
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code: [Select]
ClearJavaCache::

File::
C:\Documents and Settings\Buckeye Rob\Application Data\Mozilla\Firefox\Profiles\cxcq3xmg.default\extensions\{c74d2683-d76b-40a2-a534-98330284414e}\chrome.manifest
C:\Documents and Settings\Buckeye Rob\My Documents\Driver Genius Professional Edition V9.0.0.180 (Retail) (Fully Updatable) [h33t] [blaze69]\Driver_Genius_9_Professional_US_Full.EXE
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R3ZNQPQY\imp[4]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RHGNSJPZ\imp[2]
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RHGNSJPZ\imp[3]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply attach the new ComboFix log and let me know how your system is running.  :)