Trojan detected by Avast, JS:FakeAV-FL [Trj.]

[RONIN2010]

You're welcome.
We (for the most part) are just avast users like yourself, trying to help other avast users, though there is input from time to time from the avast developers

Well, without you guys, there would be no medium between developer and the client, therefore nothing to develop.

OK lets give this a whirl - On completion can you let me know what problems you are experiencing

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-2664475973-242872999-3650903500-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-2664475973-242872999-3650903500-1003\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O33 - MountPoints2\{7c2ac3fc-9594-11db-b6f7-0010dcf478f7}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe -- File not found
  [2009/03/20 07:44:49 | 000,060,744 | ---- | M] () -- C:\WINDOWS\java\g2mdlhlpx.exe
  [2009/04/25 19:56:51 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\??4??) -- C:\WINDOWS\System32\??4??
  [2009/04/25 19:56:51 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\??4??) -- C:\WINDOWS\System32\??4??
  [2009/04/25 19:17:52 | 000,061,224 | ---- | M] () -- C:\WINDOWS\java\GoToAssistDownloadHelper.exe
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

Thanks Essexboy for replying. I think I got this right... Seems all the question marks in the script you asked me to run in OTL, prompted a whole lot of smileys instead in your reply..  :o But I think I sorted through that. I'm starting the scan now and will attach logs as requested, once complete.

[RONIN2010]

Scans are complete. Only thing I experienced, other than the usual slowness, was when I rebooted after the files had been moved I could see hidden files on my desktop. They dissapeared after I opened OTL to run the quick scan though. Here are the logs:

[essexboy]

I will rehide the hidden system files at the end 

Lets now run a defrag and see what problems remain

Download and run Puran Disc Defragmenter

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[RONIN2010]

Thanks Essexboy. I DL'd Puran an ran the defrag as you instructed. However, my computer locked up at 21% in the process. I had to hard boot and run the scan again. The scan completed the 2nd time and was successful. After defrag I updated and ran MBAM, with results attached in the log below:

[essexboy]

Any improvement on the speed front ?

[RONIN2010]

Unfortunately not. I removed a lot of unnecessary apps including a 2 GB app and have got my free space up to 65% on my HD but it's still running about the same, even after defrag.

[essexboy]

Ok next box of tricks 

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this

• In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software 
  
• In the HKCU tab, you may disable all entries.
  
• In the StartUp tab, you may disable all entries.
  

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask

[RONIN2010]

Got it! There were no processes listed under the HKCU tab and only Secunia PSI, under the Startup tab. I do have a question though. In the HKLM/Run tab I have quite a few processes that seem like they might be necessary. I'm not entirely sure what's safe to disable and what's not exactly and was wondering if you might be able to shed some light. The ones that I know are safe to disable and not needed I've highlighted in bold, as I've already disabled those. Here is what I have in the HKLM/Run tab of StartupCP. The name of the processes are listed first, with their directory path underneath. Thanks again for your help Essexboy.



Adobe ARM    
("C:\Program Files\Common Files\ADOBE\ARM\1.0\AdobeARM.exe")

Adobe Reader Speed Launcher    
("C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe")

AlcxMonitor    
(ALCXMNTR.EXE)

ATIPTA ATI Control Panel    
(C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe)

Avast 5    
(Security, definitely no disable)

COMODO Internet Security    
(Security, definitely no disable)

Content Transfer WMDetector.exe    
(C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe) Related to MP3 player

HotKeyCmds    
(C:\Windows\System32\hkcmd.exe)

hpsysdrv    
(c:\windows\system\hpsysdrv.exe)

Intellipoint    
("C:\Program Files\Microsoft Intellipoint\ipoint.exe") Optical mouse

KBD      
(C:\HP\KBD\KBD.exe)

LTMSG      
(LTMSG.exe 7)

PS2    
(C:\WINDOWS\system32\ps2.exe) Keyboard and mouse drivers??

QuickTime Task      
("C:\Program Files\Quick Time\QTTask.exe" -atboottime)

Recguard    
(C:\WINDOWS\SMINST\RECGUARD.EXE)

S3TRAY2    
(S3tray2.exe)

StorageGuard      
("C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r)

SunJavaUpdateSched      
("C:\Program Files\Common Files\Java\Java Update\jusched.exe")

TkBellExe      
(Real update scheduler "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot)

WCOLOREAL  
("C:\Program Files\Coloreal\coloreal.exe")

[essexboy]

Right then  Disable all bar these ones

Recguard  - monitors the recovery partition
Avast 5 
COMODO Internet Security     
LTMSG - part of your modem

Unless you have the paid copy of Adobe it might be worth replacing that with Foxit PDF reader.  Do you really need Real Player ? 

Let me know your progress

[RONIN2010]

Unless you have the paid copy of Adobe it might be worth replacing that with Foxit PDF reader.  Do you really need Real Player ?  

Which one are you referring to? The reader 9.0 or ARM? Reader I had to download from Adobe's site to satisfy Secunia PSI. Apparently I hadn't DL'd a patch and it forced me to update. However the patch wasn't successful and I ended up getting backwards on where I was in the progress of patching things and somehow managed to mess that and my flash player up.. So I ended up uninstalling all my adobe software and starting over from scratch. As for Real Player.. I "HATE" Real Player. That was installed by my wife lol. I have no problem getting rid of that!

[essexboy]

Real player is a nightmare the only way to stop it starting with the system is to rename a file

Any improvement ?

[RONIN2010]

I disabled the processes you mentioned and have noticed an improvement in speed with startup and opening applications. Albeit, it's not light speed but it definitely beats traveling at the speed of dialup, as I seem to have been doing for quite some time! Real player is gone. I did not hesitate on that one lol. Did you want me to disable the 2 adobe processes? I'm not sure what you mean by paid adobe. I thought reader has always been free? I checked their forums and from what I could tell ARM is an updater and I did see mention of Foxit Reader. Are there issues with Reader 9, other than Adobe?

Also I had a question regarding disabling Avast5 and Comodo in the HKLM tab. Does this only disable the GUI but still allow both to run in the background?

[essexboy]

OK what I would suggest is that you uninstall Adobe and install Foxit reader http://www.filehippo.com/download_foxit/ it is free, small and fast.  When you install it do not accept the toolbar and do not let it run at start   

Leave both Avast and Commodo active along with LTMSG and Recguard the remainder can be disabled 

[RONIN2010]

Sorry, misunderstood your post from earlier... It's been a long week I disabled all processes in Startup, except for the ones you mentioned and installed Foxit.

[essexboy]

Give it another temporary file clean and defrag - and note any improvements

For the temp files use :

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.