google search AVAST comes up with malicious virus

waddler_8

cepheus wrote: »

No problem in safe mode

Good - That helps.

This will run OTL slightly differently to when you ran it before - follow the instructions carefully. It should only take a few seconds.

• Double click OTL.exe to run it
• Allow the UAC prompt
• Under the Custom Scans/fixes box copy/paste this in:

Dir C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26} /s /c

• Click the NONE button
• Click the RUN SCAN button.
• When it's finished, Notepad will open.
• OTL.txt <- Will be opened
• Post the contents of OTL.txt

cepheus

OTL logfile created on: 8/14/2012 7:29:22 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\stephen\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 47.34% Memory free
7.60 Gb Paging File | 5.74 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 69.11 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
Drive | 148.65 Gb Total Space | 140.46 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 14.51 Gb Free Space | 6.23% Space Free | Partition Type: NTFS

Computer Name: STEPHEN-TOSH | User Name: stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< Dir C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26} /s /c >
Volume in drive C is WINDOWS
Volume Serial Number is B085-552C
Directory of C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
28/07/2012 21:37 <DIR> .
28/07/2012 21:37 <DIR> ..
28/07/2012 21:37 <DIR> chrome
28/07/2012 21:37 129 chrome.manifest
28/07/2012 21:37 804 install.rdf
2 File(s) 933 bytes
Directory of C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\chrome
28/07/2012 21:37 <DIR> .
28/07/2012 21:37 <DIR> ..
28/07/2012 21:37 <DIR> content
0 File(s) 0 bytes
Directory of C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\chrome\content
28/07/2012 21:37 <DIR> .
28/07/2012 21:37 <DIR> ..
28/07/2012 21:37 6,566 browser.xul
1 File(s) 6,566 bytes
Total Files Listed:
3 File(s) 7,499 bytes
8 Dir(s) 74,204,930,048 bytes free
< End of report >

waddler_8

We have our culprit. Combofix usually deals with these quite well?

• Double-click OTL.exe to start the program.
• Allow the UAC prompt
• Copy and Paste the following code into the textbox. Do not include the word Code

  :processes
  killallprocesses
  
  :OTL
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{132931E3-D8F4-11E1-8270-B8AC6F996F26}: C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\ [2012/07/28 21:37:42 | 000,000,000 | ---D | M]
  [2012/07/28 21:37:42 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
  
  :commands
  [CREATERESTOREPOINT]
  [REBOOT]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Click OK & allow it to do so if asked.
• The report should appear in Notepad after the reboot.
• Copy and Paste that report in your next reply.

cepheus

========== PROCESSES ==========
All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{132931E3-D8F4-11E1-8270-B8AC6F996F26}: C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\ not found.
C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\chrome\content folder moved successfully.
C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26}\chrome folder moved successfully.
C:\USERS\STEPHEN\APPDATA\LOCAL\{132931E3-D8F4-11E1-8270-B8AC6F996F26} folder moved successfully.
========== COMMANDS ==========
System Restore Service not available.

OTL by OldTimer - Version 3.2.57.0 log created on 08142012_200341
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

waddler_8

Have Avast's warnings stopped?

cepheus

waddler_8 wrote: »

Have Avast's warnings stopped?

:T

Yes thanks, success!

waddler_8

Good.

uninstall combofix.

Open a Run command box. (Start > Run or Windows key + R on your keyboard) and copy/paste this command in:

ComboFix /uninstall

Note the space between ComboFix and /uninstall , it needs to be there.

Click OK

let combofix uninstall itself.

Let me know when you've done that successfully.

cepheus

Yes that's done now.

waddler_8

• Double-click OTL.exe
• Click the CleanUp! button
• Select Yes when the Begin cleanup Process? Prompt appears
• If you are prompted to Reboot during the cleanup, select Yes
• The tool will delete itself once it finishes, if not delete it by yourself

Uninstall these:

Java(TM) 6 Update 22
Java(TM) 6 Update 31
Java(TM) 7 Update 5

Install this:

Java(TM) 7 Update 6

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1637588.html

Accept the license agreement, you want:

Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe


Update these.

Adobe Reader 9.5.0

Open Adobe Reader go to > Help > Check for updates

Mozilla Firefox 13.0 (x86 en-US)

Open Firefox go to Help > Check for updates

Shareaza 2.5.5.0

Downloading Torrents & P2P file sharing is always a risk and a major conduit for malware - it's possibly how you are becoming infected. I'd uninstall it.

cepheus

Do I need the 64 bit version of Java as well, or should I leave that?