HELP! Windows32:installer-M in virus chest, but still infected

[rocknroehl]

HELP!!!  I don't know what to do, I ran avast! and it put 6 files labeled Windows32:installer-M, but it's still in my browsers... firefox and chrome.  When I click on things another window opens another tab.

I tried uninstalling firefox and reinstalling, but it's still infected.

I have Windows 8.  Do I have to do a complete delete of my hard drive and reinstall everything in order to get rid of this???  Any help would be greatly appreciated!!

Thanks!
Laura

[Secondmineboy]

Follow this guide and attach the logs from OTL, Malwarebytes and ADWCleaner: http://forum.avast.com/index.php?topic=53253.0

No need to reinstall.

Please make the link not clickable, it leads to some malicious website with a fake Chrome and Flash Update.

[rocknroehl]

I went to edit my post so the link wasn't clickable, but it didn't work.  Should I just delete it?

[Secondmineboy]

Just delete the link then.

[rocknroehl]

There were 199 infected from the Malware scan.  Here are the files from OTL....

[Secondmineboy]

Can you attach the Malwarebytes Log Text file if possible?

You can find it under History>Application Logs.

[rocknroehl]

Here's the one from Malwareytes.

After I got all this, I hooked up an external hard drive to back up my pictures and docs.  Do you think I should also scan it?

[Secondmineboy]

Thats not really needed for this, only PUP Junk.

I can recommend you Unchecky: unchecky.com

But i can recommend to do a backup of important data or the full system every 2 weeks or so in case
something is wrong.

[rocknroehl]

What did you happen to find out looking at those logs? (thanks again for all your help!!!)

[essexboy]

OK let me know how the computer is behaving on completion of this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites04_14_15_ch&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtCzzyBtC0D0AyDzztA0DtN0D0Tzu0SzztAtDtN1L2XzutBtFtCzytFyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtD0EtC0C0CtBtGtAzzyC0EtGtAtDtD0AtG0A0F0D0DtGtCyCzzyE0B0DzyzytAyCyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtB0AyEtC0F0FtGyB0D0B0EtG0E0DyE0DtGzy0D0DtDtGtDtC0B0AtAyBzzyC0F0A0E0F2Q&cr=16824861&ir=
IE - HKU\S-1-5-21-1387231482-1300850384-1573731806-1001\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites04_14_15_ch&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtCzzyBtC0D0AyDzztA0DtN0D0Tzu0SzztAtDtN1L2XzutBtFtCzytFyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByBtD0EtC0C0CtBtGtAzzyC0EtGtAtDtD0AtG0A0F0D0DtGtCyCzzyE0B0DzyzytAyCyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtB0AyEtC0F0FtGyB0D0B0EtG0E0DyE0DtGzy0D0DtDtGtDtC0B0AtAyBzzyC0F0A0E0F2Q&cr=16824861&ir=
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
[2014/04/09 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\rocknroehl\AppData\Roaming\systweak
[2014/04/09 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\rocknroehl\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/04/09 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/04/09 17:50:52 | 000,000,000 | ---D | C] -- C:\Users\rocknroehl\AppData\Roaming\DigitalSites
[2014/04/09 17:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter
[2014/04/10 19:56:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/04/09 18:05:35 | 000,001,162 | ---- | M] () -- C:\Users\rocknroehl\Desktop\Live PC Help.lnk

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.