My current version of Avast! is 5.0.677
Engine and definitions:110202-1 (02/02/2011 14:50:57)
I have run a Quick Scan, Full Scan and a Boot Scan.
The boot scan picked up 5 instances of PUP:Win32:Mirc-Z which I moved to chest.
My problem is that when I open Firefox to my many homepages an extra site opens up and brings itself to the front, the address starts: http://91.216.122.161
This site pretends to look like something official from windows, it has the IE logo as a FavIcon, and the page looks like windows explorer of a computer similar to mine, except the drives had the wrong letters and names. It was suggesting that my computer had suspicious applications running and it could fix them, it was also trying to download an .exe . I couldn’t close the page and had to kill Firefox from the task manager. If I open Chrome or IE it doesn’t open this page. Do you require any other information? What should I do?
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
You will need to reset your firefox home page after this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com|http://groups.yahoo.com/group/scilly-freecycle/pending|https://login.yahoo.com/config/login_verify2?.intl=uk&rand=78448921&i=IWZkZHNKf2h7YmBgIXRzZnNydEpidXV4dSF0ZEqOZHh4fH5iU356YmNYcnM%3d&.src=ym|http://forums.civfanatics.com/forumdisplay.php?f=119|http://www.yankodesign.com/|http://www.facebook.com/friends/?status=&ref=hp|http://magicseaweed.com/UK-Ireland-MSW-Surf-Charts/1/|http://magicseaweed.com/UK-Ireland-MSW-Surf-Charts/1/pressure/in/|http://aswarmofangels.com/thenineorders/index.php?act=idx|http://www.radioscilly.com/index.php|http://www.stagnesgigclub.co.uk|www.stagnesscilly.co.uk|http://forum.stagnesscilly.co.uk|http://toseainasieve.wordpress.com/|http://www.xkcd.com/|http://www.onemorelevel.com/|http://www.penny-arcade.com/comic/|http://www.ctrlaltdel-online.com/comic.php|https://www.national-lottery.co.uk/player/p/home/home.do"
[2010/05/16 17:29:08 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacà pamÄ›Å?) -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\kf444uiv.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
O4 - HKLM..\Run: [SW20] File not found
O4 - HKLM..\Run: [SW24] File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Update and re-run Malwarebytes posting the resultant log
I’m so sorry for wasting everyones time, I have fixed the problem, one of my homepages (one that I don’t usually actually look at much was forwarding me to the dodgy one, I have removed hxxp://aswarmofangels.com/thenineorders/index.php?act=idx from my homepages. Thankyou so much for the help though, and sorry again.