Similar problem to this user, http://forum.avast.com/index.php?topic=99535.0 and have been advised by Asyn to start my own topic.
The problem happens when I load pages using Chrome. Things seem to be fine with Internet Explorer.
This is what Avast comes up with:
Object: "hxxp://includeit.info/scripts/inl_dmmtc/inldmmtch.js
Infection: “URL:Mal”
Process: chrome.exe
I have followed the steps here, http://forum.avast.com/index.php?topic=53253.0
The log from MBAM:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.15.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David Le :: DAVIDLE-LAPTOP [administrator]
15/06/2012 4:24:19 PM
mbam-log-2012-06-15 (16-24-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216444
Time elapsed: 6 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 15
HKCR\CLSID{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\TypeLib{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\Interface{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\CLSID{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Quarantined and deleted successfully.
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Data: VShareTB → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) → Data: → Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) → Bad: (http://startsear.ch/?aff=1&cf=bb799703-1dab-11e1-a6bb-ea7e163ecfb7) Good: (http://www.google.com) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) → Bad: (http://startsear.ch/?aff=1&cf=bb799703-1dab-11e1-a6bb-ea7e163ecfb7) Good: (http://www.google.com) → Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) → Quarantined and deleted successfully.
(end)
Having trouble getting past OTL with
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.exe
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
entered in. It scans for firefox files and then doesn’t respond.
Installed firefox as I previous didn’t have it. It still stop at “Scanning FireFox settings”.
Malwarebytes’ Anti-Malware seems to have solved the problem. Will report back if it comes up again.
EDIT: Problem is still there =[
Any suggestions for getting stuck at Scanning FireFox settings with OTL?
Try once more but without the script this time just press run scan
It still hangs unfortunately.
Please download DDS and save it to your desktop.
Please attach the contents of the following in your next reply:
DDS.txt
Please attach the second file; Attach.txt. To attach a file, do the following:
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green Upload button
[*]Once it has uploaded, click the Manage Current Attachments drop down box
[*]Click on
http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png
to insert the attachment into your post
I couldnt upload the files, but I have put them in to my dropbox public folder.
https://dl.dropbox.com/u/28272193/Attach.txt
https://dl.dropbox.com/u/28272193/DDS.txt
Hope you can help!
According to that Firefox has a plethora of entries which is why OTL appears to be stalling there
The main problem with using DDS is that it forces me to use combofix for the cleaning
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Essexboy, ComboFix ran and completed, here is the log https://dl.dropbox.com/u/28272193/ComboFix.txt
It took longer than I thought.
Anyway my laptop no longer seems to be coming up with the Avast warning. I’m not sure if it’s due to the processes I’ve been doing or the recent Java update.
Could you please have a look at the log and see if you find anything?
I will post back in a few days to let you know if the warning comes up again.
Thank you again for your help so far.
wait until evening for essex to reply please 
That log looks OK. What I would recommend is a clean install of Firefox as it appears to be corrupted. Could you do that and then retry OTL please. Also how is the system behaving now ?
Clean install http://kb.mozillazine.org/Uninstalling_firefox
I’ve done the clean install of FireFox but have not installed it again as I use Chrome. Would you still suggest installing FireFox and running OTL?
My laptop is running fine now!!! Woohoo!!! No more pop-ups. Thanks a lot Essexboy. Have a great weekend.
Hope to hear from you soon.
No if you are happy without Firefox then leave it
If you could run an OTL quick scan selecting all users I will check for orphans
Today I am getting warnings for pretty much every page I surf, again using Chrome. Here is a screen shot, https://dl.dropbox.com/u/28272193/warning.jpg
OTL files:
https://dl.dropbox.com/u/28272193/OTL.Txt
https://dl.dropbox.com/u/28272193/Extras.Txt
Could you attach the OTL log please as it is garbled in drop box
Hope this works.
It should be OK, though it is now almost 12.30am in the UK so essexboy is probably off line now. So it may be later today before he is able to analyse it.
