So I’ve gotten a virus recently that apparently others have been having issues with. The viruses that avast has picked up in the vault are as follows.

Win32:FakeAV-CPP [Trj] (found in Temp)
Win64:sirefef-c [Drp] x3 (Found in System32)
Win32:Maleware-gen x6

For whatever reason the virus that comes back calls itself Windows 7 AV Security. Malwarebytes is unsuccessful in deleting said virus for good. It seems that it always makes it presence known after re-launching Firefox. If anyone could assist me in finally evicting this unwelcome tenant I would be more than grateful.

did you update Malwarebytes before scanning ?

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

Could you follow the destructions in this thread http://forum.avast.com/index.php?topic=53253.0 and attach the resultant logs

Is this something new you have started with ;D

Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8366

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/13/2011 4:04:49 PM
mbam-log-2011-12-13 (16-04-49).txt

Scan type: Quick scan
Objects scanned: 176359
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Screenshot posted

I hit the blue screen of failure after attempting to run the aswMBR.exe program

not sure if this is the part where I run RogueKiller, the start menu and other stuff is still there, but I cant see them as they are the same color as my now weird UI after the blue screen.

Could you reboot please and then run OTL… I have just finished preparing an analysis scan for you to run whilst I look at the log

1. Preferably from a clean computer, please download the following: gparted-live-0.10.0-3.iso (115 MB)

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

2. Now, please boot off of the newly created GParted CD. See How to Set BIOS to Boot from CDROM for information on how to boot from the CD.

You should arrive to the following screen:

http://img829.imageshack.us/img829/5772/gpartedsplash.th.png

Press the ENTER key

http://img5.imageshack.us/img5/7286/gpartedkeymaps.th.png

By default, “do not touch keymap” is highlighted. Leave this setting alone and press the ENTER key.

http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png

Next, choose your language and press the ENTER key. English is the default setting [33]

http://img140.imageshack.us/img140/7958/gpartedgui.th.png

Once again, at this prompt, press the ENTER key.

You will now be taken to the main GUI screen below

http://img69.imageshack.us/img69/466/gpartedsamplelayout.th.jpg

Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see. It is very important that you complete this step.

I was unable to create the boot disk. It repeatedly will not show the file when trying to specify the boot file. I’m not pretending to be terribly amazing with computers, the word terrible itself might be a better description.

Okey Dokey more than one way to skin a cat

Could you run OTL please with the following script

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[]Tick LOP and Purity boxes
[]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems /s
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

[QUOTE]Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.