URL Blocked 'http://rk400.com/?sov=rook-xxx'

[plumbcrazy]

ok thanks

here's the results of the scan..it only found 'suspicious objects' nothing 'malicious'. I assume that as only suspicious objects were found, the Cure -> Continue->Reboot Now instruction doesnt apply/appear.

log file attached.

[essexboy]

OK lets see if we can find a replacement for the bad file.  There will be just one log this time

• Run OTL. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
int15.*
/md5stop
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[plumbcrazy]

thanks for your continued help with this. 

please the log attached.

[essexboy]

Not a problem, I do not like to be beaten 

On completion could you re-run aswMBR please and post the log

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [CREATERESTOREPOINT]
  
  :Files
  C:\Windows\System32\drivers\int15.sys|C:\Acer\Empowering Technology\eRecovery\int15.sys /replace
  
  :Commands
  [emptytemp]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[plumbcrazy]

Hi Essexboy, do you want me to re-run aswMBR after I have run the OTL fix? Just a little bit confused as you instruct to do this 'on completion' but post the that instruction 1st, so wanted to make sure when the before going ahead 

Also I only have free MBAM and it appears that Protection tab is only active with the paid for version.

[Pondus]

Hi Essexboy, do you want me to re-run aswMBR after I have run the OTL fix?

yes he wants a new aswMBR log to see if the infection is gone

Also I only have free MBAM and it appears that Protection tab is only active with the paid for version.

Malwarebytes PRO is a one time fee for a liftime license   

[plumbcrazy]

ok thanks Pondus

here's the logs
the log 05062012_090759_ansi is the OTL log after the fix has been applied. OTL05062012.txt is the quick scan OTL log after the reboot.

also i'm finding that when I attempt to attach the logs FF crashes. Have had to use IE to finish this post. (not sure if its related but thought I should mention)

[essexboy]

Looks like that may be a FP on Avasts part as the switch appeared to go well

All the links are directing to Haute secure.net

Could you uninstall Haute secure and then let me know if you continue to get the alerts

[plumbcrazy]

Ok will do Essexboy.

Thanks to you and everyone for your help thus far - much appreciated.

[plumbcrazy]

nothing so far 

[essexboy]

Lets wait a little longer.. It looks as though that programmes uses a dodgy server that Avast does not like

[plumbcrazy]

Not so much as a whisper so far this week...do you think that Haute Secure was the cause or any further thoughts?

[essexboy]

No I am happy that it was Haute secure

If you are happy I will remove my tools and tidy up