Virus/Worm trouble?

My laptop recently started with a small pop-up window in the lower right corner in both Chrome and Internet Explorer. I have also had a few issues with redirects when clicking on links on sites. It happened on the Avast site when trying to go to the forum.

Here is a screen cap of what I am having issues with
http://i47.tinypic.com/psqwi.jpg

Any help would be greatly appreciated.

if you think you are infected, follow this guide
attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Here is MalwareBytes log

OTL logs

OTL Log

aswMBR log

Hi,

I notice that you have both McAfee and Avast running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either McAfee or Avast (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It’s fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you’re asking for trouble.

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-1787937856-188895321-2800918151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1787937856-188895321-2800918151-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O33 - MountPoints2\{0a074f2d-ff4b-11e0-b0e5-00262d734ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{0a074f2d-ff4b-11e0-b0e5-00262d734ca2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/09/13 19:58:59 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/13 19:58:59 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/13 19:58:36 | 000,000,408 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

I ran the OTL quick scan, but I unchecked the boxes for LOP and Purity and they were checked when I ran the quick scan. I have attached the Log. If I did this wrong please let me know and I will re-run the scan.

Thank you!

Hi,

You are running things just fine. :slight_smile:

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[createrestorepoint]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

here is the log from the run fix

It was pointed out to me that you possibly had Norton on your system at some point? I only see the one entry and take it that you do not use that any longer?

The machine may have come with a trial installed. We have not used it.

I have attached the log from the scan after the Run Fix. It still checked the boxes for LOP and Purity when I clicked Quick Scan. Should I be doing something different.

I have attached the log from the scan after the Run Fix. It still checked the boxes for LOP and Purity when I clicked Quick Scan. Should I be doing something different.
You don't have to worry about LOP and Purity any longer. :)

Let’s be sure that we removed all of the McAfee entries…download and run the tool found here >> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Let me know if you have problems with that at all. While you are doing that I will review your new OTL log. :slight_smile:

thank you. I ran the removal tool for McAfee without any troubles

[list]Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

[]Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[
]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[
]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.

[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[*]Click the Start button.
[]Accept any security warnings from your browser.
[
]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[
]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish

http://www.eset.com/onlinescan/

In your next reply please attach the logs made by Malwarebytes and ESET online scanner. :slight_smile:

MalwareBytes log

Eset log

Hi,

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL

:Files
C:\Users\Forney\Downloads\FLVPlayerSetup_MMM.exe
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )


In your next reply attach the new OTL log and let me know how your system is running. :slight_smile:

OTL RUN FIX log

Quick scan OTL log