Hello, can someone please help me. Avast keeps saying threat has been detected and pops up on every website. I followed the instructions on this thread: “http://forum.avast.com/index.php?topic=53253.0”. I’ve attached the otl logs and the aswMBR logs. The MBAM logs are copied and pasted below this. Any help is appreciated and thank you very much.
Here are the MBAM logs:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.17.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: JOSH-VAIO [administrator]
Protection: Enabled
9/17/2012 3:34:58 PM
mbam-log-2012-09-17 (15-34-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200286
Time elapsed: 4 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID{86065E16-B690-03D2-DC96-CAF9794268D9} (PUP.DownloadnSave) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{86065E16-B690-03D2-DC96-CAF9794268D9} (PUP.DownloadnSave) → Quarantined and deleted successfully.
HKCR\TypeLib{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) → Quarantined and deleted successfully.
HKCR\Interface{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) → Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) → Quarantined and deleted successfully.
C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
C:\Users\Josh\Downloads\Codec-V.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Temporary Internet Files\Content.IE5\NB05NMOA\500e09785b263[1].exe (Adware.Dropper) → Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Temporary Internet Files\Content.IE5\R2OHRUIL\updater[1].exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
(end)
2012/09/17 15:33:52 -0700 JOSH-VAIO Josh MESSAGE Starting protection
2012/09/17 15:33:52 -0700 JOSH-VAIO Josh MESSAGE Protection started successfully
2012/09/17 15:33:52 -0700 JOSH-VAIO Josh MESSAGE Starting IP protection
2012/09/17 15:33:53 -0700 JOSH-VAIO Josh MESSAGE IP Protection started successfully
2012/09/17 15:34:03 -0700 JOSH-VAIO Josh MESSAGE Starting database refresh
2012/09/17 15:34:03 -0700 JOSH-VAIO Josh MESSAGE Stopping IP protection
2012/09/17 15:34:03 -0700 JOSH-VAIO Josh MESSAGE IP Protection stopped successfully
2012/09/17 15:34:05 -0700 JOSH-VAIO Josh MESSAGE Database refreshed successfully
2012/09/17 15:34:05 -0700 JOSH-VAIO Josh MESSAGE Starting IP protection
2012/09/17 15:34:07 -0700 JOSH-VAIO Josh MESSAGE IP Protection started successfully
2012/09/17 15:34:11 -0700 JOSH-VAIO Josh MESSAGE Starting database refresh
2012/09/17 15:34:11 -0700 JOSH-VAIO Josh MESSAGE Stopping IP protection
2012/09/17 15:34:11 -0700 JOSH-VAIO Josh MESSAGE IP Protection stopped successfully
2012/09/17 15:34:13 -0700 JOSH-VAIO Josh MESSAGE Database refreshed successfully
2012/09/17 15:34:14 -0700 JOSH-VAIO Josh MESSAGE Starting IP protection
2012/09/17 15:34:15 -0700 JOSH-VAIO Josh MESSAGE IP Protection started successfully
2012/09/17 15:44:04 -0700 JOSH-VAIO Josh MESSAGE Starting protection
2012/09/17 15:44:04 -0700 JOSH-VAIO Josh MESSAGE Protection started successfully
2012/09/17 15:44:04 -0700 JOSH-VAIO Josh MESSAGE Starting IP protection
2012/09/17 15:44:05 -0700 JOSH-VAIO Josh MESSAGE IP Protection started successfully
here’s aswMBR logs:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-17 16:59:16
16:59:16.625 OS Version: Windows x64 6.1.7601 Service Pack 1
16:59:16.625 Number of processors: 4 586 0x2A07
16:59:16.626 ComputerName: JOSH-VAIO UserName: Josh
16:59:18.694 Initialize success
16:59:19.188 AVAST engine defs: 12091701
16:59:28.145 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
16:59:28.146 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
16:59:28.161 Disk 0 MBR read successfully
16:59:28.163 Disk 0 MBR scan
16:59:28.166 Disk 0 Windows 7 default MBR code
16:59:28.181 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10930 MB offset 2048
16:59:28.209 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22386688
16:59:28.223 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599448 MB offset 22591488
16:59:28.257 Disk 0 scanning C:\Windows\system32\drivers
16:59:38.900 Service scanning
16:59:57.607 Modules scanning
16:59:57.612 Disk 0 trace - called modules:
16:59:57.623 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
16:59:57.950 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8004d32060]
16:59:57.954 3 CLASSPNP.SYS[fffff88001a5143f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac9050]
16:59:58.982 AVAST engine scan C:\Windows
17:00:00.867 AVAST engine scan C:\Windows\system32
17:02:04.670 AVAST engine scan C:\Windows\system32\drivers
17:02:13.891 AVAST engine scan C:\Users\Josh
17:07:05.644 Disk 0 MBR has been saved successfully to “C:\Users\Josh\Downloads\MBR.dat”
17:07:05.650 The log file has been saved successfully to “C:\Users\Josh\Downloads\aswMBR.txt”