Malicious URL Blocked

Viruses and worms
1

Having multiple Avast popup warnings and computer is running very slowly. Also being redirected on the web.

I started here: http://forum.avast.com/index.php?topic=53253.0

I ran AdwCleaner, Malwarebytes, and OTL. I attached the logs but I kind of got lost at this point. I attempted to run aswMBR.exe a few times but nothing happened as far as I can tell.

Could really use some help, thanks!

2
I attempted to run aswMBR.exe a few times but nothing happened as far as I can tell.
did you try to run it from safe mode?

removal specialist are notified. it may take hours before one arrive so be patient

3

Thanks for the quick reply! Still not running; in safe mode now. Nice comeback by Man U. today!

4

Could you let me know what problems remain on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-3161721279-3318598087-3104544655-1000\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=CFA198C573E744D281F817A2938B5F12&machine_id=373d5d1dbaa51189400856b02dee5982&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
[1832/11/28 23:37:17 | 000,004,813 | ---- | M] () (No name found) -- C:\Users\Nelluc\AppData\Roaming\Mozilla\Firefox\Profiles\gyk7sh45.default\extensions\auggrppujv@auggrppujv.org.xpi
[2012/11/20 12:41:51 | 000,555,823 | ---- | M] () (No name found) -- C:\Users\Nelluc\AppData\Roaming\Mozilla\Firefox\Profiles\gyk7sh45.default\extensions\{449f3fc3-b1a6-2044-298a-b7f7025b8068}.xpi
[2012/09/18 19:11:09 | 000,002,356 | ---- | M] () -- C:\Users\Nelluc\AppData\Roaming\Mozilla\Firefox\Profiles\gyk7sh45.default\searchplugins\startnow.xml
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3161721279-3318598087-3104544655-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3161721279-3318598087-3104544655-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found

:Files
C:\Users\Nelluc\AppData\Local\{5b345dcb-7e93-876c-3ca2-98f39c716bea}
C:\Program Files (x86)\StartNow Toolbar
C:\Program Files (x86)\Yontoo Layers Runtime
C:\ProgramData\WeCareReminder

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

5

Thanks for replying Essexboy! When I try to run tdsskiller nothing happens after I allow it to run! I have attached the OTL file though…

6

I had a feeling that would happen

Download the following three programmes to your desktop :

  1. WiNTBootIc
  2. Windows RC
  3. ListParts

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy Listparts to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\Listparts64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.

https://dl.dropbox.com/u/73555776/listparts.GIF

Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.

7

The file didn’t download zipped so I cn’t extract it. Can’t seem to find that FRST64 icon to put on flash drive…

8

My apologies it was changed from a Zip file to an executable

Run Wintobootic
Follow the remaining instructions
FRST will not be on the USB but you should have listparts64 on there

9

Thanks for your help Essexboy, when I follow your instructions no operating system shows up to select from.

10

think i got it…

11

Download the attached fix.txt to the same USB as Listparts

Run Listparts via the recovery console as before
This time press fix instead of scan
Once listparts has completed reboot to normal windows and run TDSSKiller