Avast blocking Google in Chrome/IE intermittently LOGS ATTACHED

[Baelzar]

Only happens sometimes.  Not happening now, for instance, but last week was affecting both browsers.

+-MBAM LOG-+
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: 1FBACK [administrator]

8/21/2012 1:06:22 PM
mbam-log-2012-08-21 (13-06-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181677
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


+-aswMBR Log-+
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 13:30:04
-----------------------------
13:30:04.062    OS Version: Windows 5.1.2600 Service Pack 2
13:30:04.062    Number of processors: 1 586 0x801
13:30:04.062    ComputerName: 1FBACK  UserName: Owner
13:30:05.750    Initialize success
13:30:07.796    AVAST engine defs: 12081600
13:30:13.093    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:30:13.109    Disk 0 Vendor: WDC_WD800EB-11DJF0 77.07W77 Size: 76319MB BusType: 3
13:30:13.125    Disk 0 MBR read successfully
13:30:13.125    Disk 0 MBR scan
13:30:13.156    Disk 0 unknown MBR code
13:30:13.156    Disk 0 Partition 1 00     0B        FAT32 RECOVERY     5086 MB offset 63
13:30:13.171    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        71221 MB offset 10417680
13:30:13.187    Disk 0 scanning sectors +156280320
13:30:13.312    Disk 0 scanning C:\WINDOWS\system32\drivers
13:30:34.437    Service scanning
13:30:35.000    Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
13:30:55.578    Modules scanning
13:31:33.734    Disk 0 trace - called modules:
13:31:33.765    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x85c2f459]<<
13:31:33.781    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cceab8]
13:31:33.781    3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000005a[0x85caa130]
13:31:33.796    5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85cd1d98]
13:31:34.437    AVAST engine scan C:\WINDOWS
13:31:43.406    AVAST engine scan C:\WINDOWS\system32
13:35:28.640    AVAST engine scan C:\WINDOWS\system32\drivers
13:35:57.296    AVAST engine scan C:\Documents and Settings\Owner
13:37:37.656    AVAST engine scan C:\Documents and Settings\All Users
13:38:25.765    Scan finished successfully
13:47:19.890    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\All Users\Documents\INCLUDE OR ATTACH\MBR.dat"
13:47:19.890    The log file has been saved successfully to "C:\Documents and Settings\All Users\Documents\INCLUDE OR ATTACH\aswMBR.txt"

Thank you in advance.

[magna86]

Hello 
I will be working on your Malware issues.
Please note: Do not color your log report.

We need to run additional antirootkit scanner.


Download GMER , AntiRootkit tool from the link below and save it to your Desktop :


Download GMER

Double-clicking to run GMER .

• Wait for initial scan to finish - if there is any query, click No ;
  
  
• Click Scan and wait until the full scan is complete;
  
• Click Save ... - save the report to the Desktop (called Gmer1 );
  // note: the scan for Gmer1 log may take some time
  
  
  
• Right-click in the window GMER and select Options> Only non MS files - click Scan ;
  
• after a fasts scan, click Save ... - save the report to the Desktop (called Gmer2 );
  
  
  
  
• Click the >>> and select Autostart card;
  
• after a fast scan, click copy ;
  
• open notepad and it copy-paste text - save the report to the Desktop (called Gmer3 )

> Attach here Gmer1; Gmer2 and Gmer3 logreports.

[Baelzar]

Gmer1
Gmer2
Gmer3
attached.  Thanks in advance, magna86.

[magna86]

Download TDSSKiller  and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.

•     Press Start Scan
  
   
•   If Suspicious object is detected, the default action will be Skip, click on Continue.
   
•   If Malicious objects are found, select Cure.
  

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



*************************




> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.

[Baelzar]

Had to attach log; The message exceeds the maximum allowed length (10000 characters).

[Baelzar]

We all done, then?  I think it's cured, so thanks!

EDIT: Oops, missed the Combofix.  Sorry, will put it up ASAP.

[magna86]

We all done, then?

Nope, i dont see Combofix.txt log

Attach it here ( C:\Combofix.txt )

[Baelzar]

COMBOFIX LOG ATTACHED.  Sorry, only have access to this computer occasionally.

[magna86]

@Baelzar

Please note: Do not color your log report.

>> Explain to me what you attain to tell me when you write words with so large fonts? 
No need for that. Did you see from someone the write with such big letters?


You are malware free.


It is necessary to uninstall the ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.

---------------------

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.