Redirect problem like others

Im getting notifications from mbam and avast regarding a redirect to an ip like 64.111.xxx.xxx, i didnt quite remember the exact numbers. it gets activated randomly as I use firefox…
avast says its an “Infection: al”

here are some logs, I see people attach.

I used mbam and avast to detect some infections but the problem persists.

my OTS log is over 200kb so here is the link http://fileape.com/dl/QkkCl92u52c5nod5

This looks like a failed install of hard drive malware

On completion of this let me know if the alerts continue. You also have two antivirus programmes installed, in this case more is not better

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2533503728-2277263029-2195191997-1000\] > -> HKEY_USERS\S-1-5-21-2533503728-2277263029-2195191997-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY ->  ~P1kAlMiG2Kb7Fz -> C:\ProgramData\~P1kAlMiG2Kb7Fz
NY ->  ~P1kAlMiG2Kb7Fzr -> C:\ProgramData\~P1kAlMiG2Kb7Fzr
NY ->  System Repair.lnk -> C:\Users\Aeson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
NY ->  P1kAlMiG2Kb7Fz -> C:\ProgramData\P1kAlMiG2Kb7Fz
[Files - No Company Name]
NY ->  ~P1kAlMiG2Kb7Fz -> C:\ProgramData\~P1kAlMiG2Kb7Fz
NY ->  ~P1kAlMiG2Kb7Fzr -> C:\ProgramData\~P1kAlMiG2Kb7Fzr
NY ->  System Repair.lnk -> C:\Users\Aeson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
NY ->  P1kAlMiG2Kb7Fz -> C:\ProgramData\P1kAlMiG2Kb7Fz
[Custom Scans]
YY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\Users\Aeson\AppData\Local\Temp\RarSFX1\procs\explorer.exe
YY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\Users\Aeson\AppData\Local\Temp\RarSFX1\h\explorer.exe
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

thanks, here is the notepad result from the fix after the reboot.

I installed the second AV after this virus successfully installed itself without getting detected.
how does this virus get into the system? i dont remember running a random executable…

I will try to see if the redirect happens again.

It usually arrives with a bit of social engineering - check out my photo, or have you seen this link type of thing. But, it was never able to install due to it being blocked

Have the alerts ceased ?

the alerts did not go away :frowning:
i thought it did but mbam logs reports this

1:44:50 xxx IP-BLOCK 217.20.113.113 (Type: outgoing, Port: 62415, Process: avastsvc.exe)
15:07:32 xxx IP-BLOCK 63.223.121.212 (Type: outgoing, Port: 55049, Process: avastsvc.exe)
02:03:39 xxx IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 59553, Process: bittorrent.exe)
02:03:39 xxx IP-BLOCK 77.78.246.190 (Type: outgoing, Port: 43591, Process: bittorrent.exe)
02:03:47 xxx IP-BLOCK 193.107.16.156 (Type: outgoing, Port: 59571, Process: bittorrent.exe)
02:03:55 xxx IP-BLOCK 109.235.55.11 (Type: outgoing, Port: 59614, Process: bittorrent.exe)
02:41:18 xxx IP-BLOCK 222.76.85.142 (Type: incoming, Port: 43591, Process: bittorrent.exe)

i run all the tests again except boot time… here are the logs attached and this is my OTS http://www.mediafire.com/?kanbud38pb385k6

With regards to Avast outgoing that is MBAM being overzealous, I have disabled that function myself as it always alerted when Avast did its updates. For the bit torrent I will remove the toolbar, but to be honest I can see no active malware

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [User Folders] > -> 
YY -> BitTorrentBar Community Toolbar   -> C:\Users\Aeson\AppData\Roaming\Mozilla\Firefox\Profiles\wyldmq4i.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} [HKLM] -> C:\Program Files (x86)\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> C:\Program Files (x86)\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar]
[Files/Folders - Created Within 30 Days]
NY ->  System Repair -> C:\Users\Aeson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[File - Lop Check]
NY ->  BitTorrent -> C:\Users\Aeson\AppData\Roaming\BitTorrent
[Custom Scans]
YY ->  explorer.exe : MD5=3C33B26F2F7FA61D882515F2D6078691 -> C:\_OTS\MovedFiles\07262011_074728\C_Users\Aeson\AppData\Local\Temp\RarSFX1\procs\explorer.exe
YY ->  explorer.exe : MD5=ABC6379205DE2618851C4FCBF72112EB -> C:\_OTS\MovedFiles\07262011_074728\C_Users\Aeson\AppData\Local\Temp\RarSFX1\h\explorer.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

thanks essexboy
heres the log

How is your computer behaving now ?