amch.questionmarket.com Pop-Up

Sorry if my constant issues are becoming a burden, but I have yet another issue I would like any help that can be provided.
Today I logged onto Windows Live Messenger for the first time in a couple of weeks while doing some homework for an online course. I close out of a chat window and suddenly this window from the titular site pops- up. The pop- up was a blank page, however. At first I thought that perhaps I had clicked some survey link my school had put up; But after seeing there was no such link, I searched the site in Google and discovered it was spyware.
I immediately ran Malwarebytes, which found nothing. Then I cleaned my temp files using Old Timer’s Cleaner and ran boot-scan with Avast!, which found nothing as well.
So was it just hiding in the temp? I use firefox with NoScript and AdBlackPlus so I don’t even know how it got in my computer, and I don’t really know how viruses in the temp files operate or anything technical like that. I would just like to know if i’m clean now or not.
I run a 64-bit Vista with Avast version 6.0.1000
All help is appreciated.

After attempting to view your OTS log, I got an alert that it contained malware by Avast and Avast has been notified. This could be real malware or a false positive.

I will contact Essexboy, our Certified Malware Removal Expert to assist with your issue. In the meantime, please keep your Avast and MBAM definitions up to date, re-run scans, including Avast Full and boot scans, and MBAM scans. Do not attach anything to the forum post yet but save the logs.

The alert is a false alarm from Avast - it does this due to the nature of some of the designations within OTS log

I am not seeing a great deal there - what are your current problems ? I feel that what you saw was a redirect from the site you were visiting, this was blocked so no data was on your system

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. []
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. []
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

When I attempted the fix Windows gave me a message saying it had a critical error and needed to shut down. Now I have two files called desktop.ini on my desktop.
Edit Okay I think that might have just been because I didn’t run it as administrator. It worked this time. The computer wouldn’t shut down successfully however(it just stayed at the shutting down screen)so I had to manually switch it off. The desktop.ini files are gone now, however.

Yes, the detection is based on what OTS has found or the way it is displayed, though like posting an example of exploit code on a web page rather than using an image, I wouldn’t call this an out and out false positive in what is after all a generic signature looking for autorun stuff.

Perhaps it needs fine tuning a bit more so should be submitted to avast for analysis.

Edit: uploaded the file for analysis, see http://www.virustotal.com/file-scan/report.html?id=09da97a7b74063f11efd725a435fa1921a1739747fa55bce6a019d51c82152e5-1302441485.

Hmm 'tis a thought I will download and then submit

Glass_Eye What problems do you have now ?

I sent a copy to avast, see image two in my last post.

Ooops didn’t see the second image, oh well they have two copies now

At the moment I don’t seem to be having any. Or anything I notice at the moment. Did my log come out clean then? The theory that I was redirected to that site worries me considering I was on my school’s online course.

I can see nothing apparent there and this leads me to believe it was blocked before it could do anything

The pop- up was a blank page,

Ah, well then, that’s good news.
I really just wanted to make sure my files weren’t in any danger as I was going to install my new copy of Windows 7 into the computer after I was finished when that happened.

As always, you have every ounce of my gratitude for the assistance.

As you are installing windows 7 - may I recommend that you use the 64bit version, as this is more robust against malware

The downside of this is that you will have to back up all your data first as it will require a re-format

Well I was going to back my data regardless so I don’t see why I shouldn’t!

Good plan - as I say 64 bits are fairly resistant as they have better protection on the drivers and run keys in the 64 bit area ;D