Hello. Well problems started today when a malware blocked and url blocked messages started appearing on Avast like every 3-5 minutes like URL:Mal on C:\Windows\SysWOW64\rundll32.exe and Win32:Sirefef-PL [Rtk] on C:\Windows\assembly\GAC_64( the 32 one also) with Win32:DNSChanger-VJ [Trj] on C:\Windows\System32\services.exe i think. I read trough forums and i see a lot of people having the same issues so i folowed a sticky http://forum.avast.com/index.php?topic=53253.0 instructions and scanned with OTL and MalwareBytes Antimalware- so logs are atached to the post. Hope to get this fixed tx for any assistance.

since you have a siref infection, we also need the aswMBR log

Oooooh i thought i included it, must have missed it here you go attached bellow.

Essexboy is notified…he may be in bed now, but will be back tomorrow.

Nope still awake ;D

Let me know if this stops the alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found. @Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Daki\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Daki\Desktop\desktop.ini:gs5sys @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys

:Files
ipconfig /flushdns /c
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer{8d53be4b-74ea-e2b7-4dd6-2edd9eb9eea6}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Okay finished with all that and i scanned with OTL-the log is once again attached. I stopped getting malware blocked messages but i still get malicious url blocked with this details by avast:

Infection Details
URL: http://megaupload.com/file/id
Process: C:\Windows\SysWOW64\rundll32.exe
Infection: URL:Mal

Let me know if this stops the alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from “Start with Windows”
Reboot and then run OTL

http://i1224.photobucket.com/albums/ee362/Essexboy3/mbamstop.jpg

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O4:64bit: - HKLM..\Run: [iapns] C:\Users\Daki\AppData\Roaming\iapns.dll (Duplex Secure Ltd.)

:Files
ipconfig /flushdns /c
netsh int ip reset all /c
netsh winsock reset /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Well here is the QuickScan log. I hope everything is alright now

Still one area I am not totally happy about

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Okay i did that and combofix popuped this window http://i46.tinypic.com/nl3pxv.jpg Funny thing is i have Avast installed and i used Avira before him but i uninstalled it. What should i do?

Essexbox is in bed right now so you have to wait for further instruction from him, when he waks up and comes online agian

Okay but what should i do with combofix, should i exit the popup window?

Accept the warnings and allow Combofix to run please

It is running now, while im typing this on my laptop its on stage 50.

Aaaaand it finished, log is posted.So far so good no malware blocked or url blocked messages.

OK now I am happy… Any further problems before I tidy up ?

No not really, everything seems to run fine and no malware blocked messages. 8)

okay its not fine i just got blue screen of death. it said something about drivers and i got it after i tried to open forum page on firefox and chrome it just didnt load and i got blue screen.

and i got it again after computer restarts, it seem to load windows fine then pop blue screen again

What does the blue screen say ?

Are you still getting it ?