need assistance with malware

[x2397]

Today malwarebytes detected something that avast did not and was able to remove it. I am wondering if someone could help me figure out if I am clean.
will upload otl files later

thanks in advance for any assistance

[x2397]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]

8/29/2012 9:45:55 AM
mbam-log-2012-08-29 (09-45-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188179
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)
this is from a quick scan

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Biohazard\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

[x2397]

this is from a full scan

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]

8/29/2012 8:52:41 PM
mbam-log-2012-08-29 (20-52-41).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317026
Time elapsed: 39 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[x2397]

for some reason otl didn't generate the extras file so I ran it again to make sure but it still didn't create it, I attached the log that was created

[x2397]

here is the asw log

[Pondus]

for some reason otl didn't generate the extras file so I ran it again to make sure but it still didn't create it, I attached the log that was created

that reason is that exrta.txt is only created first time OTL is run ....so i guess you have run it before
anyway that log is not important

[essexboy]

No apparent malware there are you experiencing any problems ?

[x2397]

oh so extras only appears the first time? now it makes sense
 no malware in my system? sounds excellent.
The reason I ran a scan was because firefox blocked me from google saying it was untrusted and I read on the web that maybe my browser had been compromised, so I got concerned, I ran a scan with avast and nothing came up then I ran a scan with malwarebytes and it found that exploit.
thank you very much for taking the time to look into my problem. Appreciate your great work.

[x2397]

the infection came back, what do I do? I am starting to think there might be something hidden on my system that bringing it back. Please help me figure out whats going on.
I scanned with malwarebytes today and it gave me this, nothing came up in avast:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]

9/7/2012 10:14:05 AM
mbam-log-2012-09-07 (10-14-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193193
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Biohazard\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

[x2397]

here is a new otl log

[x2397]

here is the last log

[Theo Peterbroers]

On mui files

http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/winlogonexemui-system-file-or-malware/d74bc560-d79e-4b10-8a26-5cdeff0382fc?msgId=8b7ca0ed-14a6-4257-ac04-66c867ac2c38

"Explanation:
Unlike previous versions of Windows, the code Binaries that are used to build Windows 7 are Language Neutral. This means that at least one Language Pack must be installed that defines the Base Language for that version of Windows 7. The base language cannot be uninstalled.
These .MUI files are the language pack files."

Seems to be a false positive by Malwarebytes. Such things do happen. Of course, there is no guarantee that your services.exe.mui is legit.

[essexboy]

OK lets empty the temporary files

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

[x2397]

ok will do

[essexboy]

Attach the logs in this thread