Same problem as re: URL blocked, can not open a browser now?

Hello there,
I have the exact same problem as that other post (http://forum.avast.com/index.php?action=printpage;topic=78525.0) , and I ran both of the suggested programs. MBR couldn’t finish the scan though : it kept crashing. OTS worked just fine and I saved the log. What should I do next?

And, as I’m new to this, I have no idea how to post a log without exceeding the character limit.
I linked the file.
Thanks!

Use the Additional Options link in the Reply window to attach the file to your next post.

You could try running aswMBR.exe from safe mode with networking.

Yes could you run aswMBR from safe mode please …

But first

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[File - Lop Check]
NY ->  .# -> C:\Users\Jean-Philippe\AppData\Roaming\.#
[Alternate Data Streams]
NY -> @Alternate Data Stream - 1051 bytes -> C:\ProgramData\Microsoft:OS0MR8YAGihQnESWywtrAV94jP
NY -> @Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:XC86Xniw1PNDKROAXNp3hndusdBfp
NY -> @Alternate Data Stream - 1174 bytes -> C:\Program Files\Common Files\System:2u2W9DDmypYZYjCEBVsyB6Z
NY -> @Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:poSLacsUZ4TkLbNYb4ufT
NY -> @Alternate Data Stream - 1251 bytes -> C:\ProgramData\Microsoft:7uOmNltUHSwdajm0EKVZB
NY -> @Alternate Data Stream - 1258 bytes -> C:\ProgramData\Microsoft:cXOm8MHT2epBczG5nQnE8KkxH
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

I ran the fix, and here are the results.

And I’d like to thank you for giving me a hand!

I also ran the scan with aswMBR again, this time, it worked just fine.
Here is the log.

OK it is Mr TDL3 - killing time

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

THEN

Lets try to kill the ADS again

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Alternate Data Streams]
NY -> @Alternate Data Stream - 1051 bytes -> C:\ProgramData\Microsoft:OS0MR8YAGihQnESWywtrAV94jP
NY -> @Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:XC86Xniw1PNDKROAXNp3hndusdBfp
NY -> @Alternate Data Stream - 1174 bytes -> C:\Program Files\Common Files\System:2u2W9DDmypYZYjCEBVsyB6Z
NY -> @Alternate Data Stream - 1177 bytes -> C:\ProgramData\Microsoft:poSLacsUZ4TkLbNYb4ufT
NY -> @Alternate Data Stream - 1251 bytes -> C:\ProgramData\Microsoft:7uOmNltUHSwdajm0EKVZB
NY -> @Alternate Data Stream - 1258 bytes -> C:\ProgramData\Microsoft:cXOm8MHT2epBczG5nQnE8KkxH
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Hi, I ran both of the programs and here are the results. I think it worked perfectly!

I would like you to run Malwarebytes now to catch any orphans and then let me know of any outstanding problems

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I ran the scan, removed 3 infections, restarted my computer and here is the log.

Hmm they were in the temp files again - what site did you visit ?

What problems are outstanding ?

well right now I’m not experiencing any problems at all. My machine runs just perfectly. There really isn’t nothing noticable…

I visited a site that used loombo as a media player. The problems started from when I pushed play…

Also, I ran a scan with MB again and no infections were found. What do you think?

Methinks you should avoid that site and the player

oh, about that, sure! It was my first AND last visit there!

Thanks again for the help, I’m very grateful!

Run for a day or so and when you are happy let me know and I will remove my tools

No malwares were detected for the past few days, and my computer runs smoothly as it used to run before the infection. I’d say that the problem is solved!

Thanks again, you’re awesome!

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

SPRING CLEAN

To manually create a new Restore Point

[*]Go to Control Panel and select System
[*]Select System
[*]On the left select System Protection and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create

Now we can purge the infected ones

[*]GoStart > All programs > Accessories > system tools page
[*]Select Performance Information and Tools
[*]Right click Disc cleanup an select run as administrator
[*]Select Your main drive and accept the warning if you get one
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[
]Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave: