Hi, i was a little concerned about a possible virus outbreak on my pc this week, im hoping its ok now but id like to know if there is anything else i can do.

—next is what i wrote a day ago on notepad-----
Breakdown of what happened

i was alerted by avast that a dowload/webpage contained a virus (link: http://www.mediafire.com/download/or010rs0lpyu63p/Odesk_-_Test.rar)
i ignored it (i believed the source to be trusted) then i continued to download it
after it finished i tried to run it, and a message popped up saying “.net framework 4.0 or higher is required”
this message was generated from the program i believe from the basic view of it, no header nothing but a box and a message.
i know i have .net 4 since i use it everyday as a developer. but just to be sure i downloaded the latest. and still the same message popped up.
i just left it after that…

after 1 day i noticed the IE browser kept opening by itself, maybe once every couple of hours (VUBE.com) which concerned me a little but i had no time to fix it so i left it.

the next day avast started to throw out alerts

1- another file was detected almost as soon as my system booted, the network shield blocked an attempt to modify network settings, i immediately blocked it and quarantined the file
(Quarantinedetails - hckmd.exe , C:/windows/windows explorer/ , NO Virus detected).

2- the file i downloaded, i aipped it to send to another source for checking, when i unzipped it avast immediately picked it up and quarantined it.
(quarantine details, Odeskjobapplkication - Code.exe, desktop, Win32:Evo-gen[Susp]

3 another file detected cant remember when, i think it was during manual scan
(Quarantine details nsz78CC.tmp, located - users/myaccountname/appdata/local/temp/, Win32:Virus Somoto-F [PUP]. )

i noticed the time when i tried clicking the exe file, several files were created, they were cookies i think .txt and some other files (system files)
i remember clicking the exe a few times, which got my attention when several cookies all with the same name was listed in my file search

something like this

txt
txt
txt
sys
sys
sys

txt
txt
txt
sys
sys
sys

i deleted them already anyway, im certain they are related, the sys files all shared the same names, but there order was different for each batch. inside one of the sys files there was a URL, this is the contents of the file from notepad.
p



ÐÔÅÃA`Î
(  2 €Đ_Î
€ÐùìeÎ
 €ÐùìeÎ
€Đ_Î
¥ ca h t t p : / / o c s p . v e r i s i g n . c o m / M F E w T z B N M E s w S T A J B g U r D g M C G g U A B B S 5 6 b K H A o U D % 2 B O y l % 2 B 0 L h P g 9 J x y Q m 4 g Q U f 9 N l p 8 L d 7 L v w M A n z Q z n 6 A q 8 z M T M C E G Q b 6 C D O A g g T 8 y 1 N L Z X W f m c % 3 D

as of now i sometimes get a popup still, but ive scanned my pc with
sophos avast defender and some more i forgot, they show no viruses or anything as of now.
i even reinstalled google and IE, i still think its here though,
my computer seems slugish, and i get a poppup every now and then, its really not that often though, only once yesterday, but it maybe because of a site a went to.

i just feel like i have more cleaning since all thats been done is 3 files got quarantined, wont there be registry entries etc to clean up?

here is the results of adware cleaner

results oof MBAM
is it normal for this program to be detected as a rootkit threat by avast?

Here is the OTL Report

Results of aswMBR scan

Avast was alerting on the behaviour of the low level MBAM drivers so that is a false positive. I would like to get a second opinion on the MBR if I may

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please attach its contents on your next reply.

Hi this is the report from TDSSKiller

As it stands all the logs so far look good, is it just a sluggish system at the moment

It seems that its a little sluggish, but im just wandering since if ran allthese testts and cleaned the drive with umpteen diferent cleaners, maybe the cache’s are all empty so everything needs to build up again, the browsers take a while to kick in and most of my programs seem to freeze for a few seconds between switching windows.
but right now i must say a couple of my well used apps are super fast, and my pc has been running for about 12 hours straight. ill just stop running these cleaners for a day maybe itll speed up a little. ill keep you posted
thanks for your help

Certainly, when you are happy let me know and I will remove my rubbish

Hi i think everything is running fine now with 1 exception
http://media.fastclick.net keep showing itself at various places, not often but sometimes it just pops up an a new browser window, and its showing in the ‘Frequent window’ in internet explorer yet i never visit this site.

Lets see if AdwCleaner can fix that

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

ok here is the report,i think it deleted another malware scanner

Oops, I will see if that was a one off or if there is a reason the Author does not like it. Are you still getting the occurrences ?

I think everything is ok now, ive not had any strange activity for 2 days.

while im here, im interested in this spybot S&D, ive not had a good look at it yet but it looks like a comprehensive set of tools and monitors.
is it anygood in your opinion. can it be used as an effective preventative?

Spybot as it currently stands is not overly effective in preventing adware/malware and the cleaning routines are not to hot either