please help me with this malware/virus?

Hello, and thank you very much in advance for any help provided, I am grateful!!!

I am not completely stupid when it comes to computers; I’d say I’m ‘a bit above average’ if you were to look at the general population, but I’m still not completely hip to all the lingo, so please bear with me if I have to ask a stupid question :slight_smile:

I’ll start with the history/symptoms —

Purchased computer new less than a year ago (Nov 2012)
In the last month or so, when I go to restart the computer, often it would not boot. Usually would boot on the 2nd or 3rd try.
Today, it would not boot at all (the computer itself would turn on as well as the monitor, but only black screen.)
I turned off the power strip, unplugged/replugged everything just to make sure something wasn’t loose or a squished chord.
Tried to reboot. Black screen again.
Reboot #2 worked.
Everything started as normal, except when I went to open Google Chrome, my regular ‘dashboard’ page popped up - as usual - and then a second page popped up, without me doing/clicking anything - it was hotcleaner . com. It showed a bar saying it was checking my system and I closed it really fast.
I closed chrome, deleted all web history, cookies, etc.
Opened chrome again to come to this website.
Got a red popup from avast:

http://turning8.info/lps/flvupdate.php?c
Process: C:\Program Files (x86)\Google\Chrome\App…
Infection: URL:Mal

I ran a check on Spybot - Search & Destroy - I’ll include some of the report you may find useful below. Please let me know if I missed anything (and my apologies if I didn’t post the right parts, or repeated them…) or can answer any more questions in assisting your help!!


– Spybot - Search & Destroy version: 1.6.2 (build: 20090126) —

Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM
command: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 958576
MD5: 48BE298F7FD1BEF4D8FBACB04D8D95C4

Located: HK_LM:Run, avast
command: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
file: C:\Program Files\AVAST Software\Avast\avastUI.exe
size: 4858968
MD5: 3F11B20D12D89365D7721BDC860CE5F0

Located: HK_LM:Run, HP Software Update
command: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
file: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953

Located: HK_LM:Run, PDF Complete
command: C:\Program Files (x86)\PDF Complete\pdfsty.exe
file: C:\Program Files (x86)\PDF Complete\pdfsty.exe
size: 658424
MD5: 29BAD398C82369BFC1E709B536520960

Located: HK_LM:Run, SunJavaUpdateSched
command: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 253816
MD5: D63797E8E7781EE1500A810CB6194FA6

Located: HK_CU:Run, Sidebar
where: S-1-5-19…
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19…
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20…
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20…
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Magic Canvas
where: S-1-5-21-2052497529-376305701-1047746094-1001…
command: “C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter\SmartCenter.exe”
file: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter\SmartCenter.exe
size: 6162432
MD5: BF2D499B1F2EA456B63C1BDE47D6872B

Located: HK_CU:Run, Sidebar
where: S-1-5-21-2052497529-376305701-1047746094-1001…
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3

Located: HK_CU:Run, Spotify Web Helper
where: S-1-5-21-2052497529-376305701-1047746094-1001…
command: “C:\Users\ilovemustacherides\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
file: C:\Users\ilovemustacherides\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
size: 1105408
MD5: F10ADB851EF1BD5144FE6D1691CD7576

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2052497529-376305701-1047746094-1001…
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887


— Report generated: 2013-05-21 10:03 —

Log: Install: setupact.log (Backup file, fixed)
C:\windows\setupact.log

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052497529-376305701-1047746094-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-2052497529-376305701-1047746094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052497529-376305701-1047746094-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052497529-376305701-1047746094-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-2052497529-376305701-1047746094-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (9) (Cookie, fixed)

Cache: [SBI $49804B54] Cache (19) (Cache, fixed)

History: [SBI $49804B54] History (70) (History, fixed)

Congratulations!: No immediate threats were found. (Status)

follow guide and attach logs. (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done, removal experts will be notified and help will arrive

^^^thank you!!

here’s adwcleaner

mbam

otl

aswmbr

Are you still experiencing the boot problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O3 - HKU\S-1-5-21-2052497529-376305701-1047746094-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.