win32:malware gen assistance please

[omegaluke]

My avast shows me as having this virus, any help in removing it would be truly appreciated.  attached is the adwcleaner log.

[omegaluke]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: ORION [administrator]

3/10/2013 9:41:44 AM
mbam-log-2013-03-10 (09-41-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205030
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Pondus]

we also need OTL and aswMBR logs

http://forum.avast.com/index.php?topic=53253.0

[omegaluke]

sorry working on those as we speak.  I didnt know if you wanted them all at once or not...so i posted them as i do them.

[Pondus]

sorry working on those as we speak.  I didnt know if you wanted them all at once or not...so i posted them as i do them.

that is fine   


and any info on the file avast detected
file name?
location....full file path?

malware removers are notified, it may take hours before thay arrive so be patient

[omegaluke]

heres a few screen shots of scan logs from avast.  as well as the otl log. 

[omegaluke]

with the aswmbr program Should i click fix after.....or just post the log and wait?

[essexboy]

Do not press fix on aswMBR unless we need to change the MBR so the log will do for the moment

[omegaluke]

heres the aswmbr scan log

[essexboy]

If I could have the OTL log we will then start

[omegaluke]

the otl log is posted about 4 posts up with the 2 jpeg screen caps.

[essexboy]

It appears that Avast is reporting the recovery portions of your computer for some reason. To me they appear legitimate 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2628011366-3451951904-1772102454-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2628011366-3451951904-1772102454-1009\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
[2013/02/24 14:53:21 | 000,373,248 | ---- | M] () -- C:\WINDOWS\EyeCand3.INI

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[omegaluke]

this log popped up when I ran the otl fix and reboot. 

[essexboy]

Is Avast still reporting those files ? Also how is the computer behaving

[omegaluke]

this is the quick scan log for otl (after the fix and reboot).  Computer seems to be running ok, ill have to run avast again to see if it shows any infections.