Hi, I have the exactly same problem as this guy here:
http://forum.avast.com/index.php?topic=126226.msg948366

so I followed what essexboy said here and attached the logs:

what should I do now?

Please wait for further instructions from one of the malware team, note that it may be several hours before a response is placed due to time zone differences.

where is the MCShield log…

sorry, it’s here

Monitoring.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
FF - prefs.js..browser.search.order.1: "Ask.com"
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9121F764-9F66-481B-A00B-61B1412C7F66&apn_ptnrs=U3&apn_sauid=1A3283CD-026F-4198-BE10-59A57F7C2BDF&apn_dtid=OSJ000YYBR&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O4 - HKU\S-1-5-21-1168249818-3509678531-2443559842-1000..\Run: [1ce3] C:\Users\Gabriel\AppData\Roaming\0a\1ce3.js ()
O4 - Startup: C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4aa.js ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)


:files
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4aa.js
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js
C:\Users\Gabriel\AppData\Roaming\0a
C:\0b64
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys


:services
NIS
NAVEX15
NAVENG
BHDrvx64
IDSVia64

:commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[emptytemp]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

log attached

Have you done fix?

Repeat once more fix exactly as directed.

yeah, I’m sorry, I had clicked scan instead of fix

now after the reboot i didn’t see any warnings from avast
here is the log

OK

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

here

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1ce3"=-

:files
C:\Users\Gabriel\AppData\Roaming\0a\*.js
C:\Users\Gabriel\AppData\Roaming\0a
C:\0b64

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
.

=========== Next =========

[*]Download AdwCleaner (by Xplode) on your desktop.

[*] Click on the [Delete] Wait for the programme completes his work.
The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK
[*] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt

Note: The report will also be stored on C:\AdwCleaner[S1].txt

here

Re-run DDS

Attach here that logreport (DDS.txt).

edit.

This worm is always a random name, hard to catch

yeah im noticing
here are the logs

Good job, any problems?

I think everything is fine ;D

Thank you very much for the help!

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

Greeting.

I did it, but I’m having a problem now

http://i.imgur.com/6jVBsZF.jpg

I can’t turn on the avast or the windows firewall anymore…
do you know what could cause this?

edit:
avast is fine now, but i still can’t turn on the firewall

edit:
nevermind, i fixed it

again, thanks for the help