Please help! A scan detected win32/adware.loudMo.d

[EdithCov]

Hello. This is my first post on your site. I work from home & recently I noticed my computer running a bit slower than usual. Yesterday while working my computer was unresponsive & I had to shut it down using the power button. After running various different scans one reported detecting the win32/adware.loudMo.d. It said it was removed but I am pretty sure it is still infected.  I ran it in safe mode & ran aswMBR.exe.  I saved it to my desktop as per the instructions.  Then I proceeded to FixMBR but got this message:
                            **caution**
This computer appears to have a non-standard or invalid master boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become
inaccesible.
If you are not having problems accessing your drive to not continue.
Are you sure you want to write a new MBR?
 
I am not a very advanced computer user so I stopped as I was unsure & afraid of what would happen if I proceeded.  My computer is a Gateway ZX4931 Windows 7 Home Premium  Pentium Dual-Core 3.19GHZ  3.00 GB 64-Bit Operating System. I've attached aswMBR saved document.  Please help & thank you in advance.

[Pondus]

aswMBR is used for rootkits..and the log looks clean to me...so do not click anything



run a quick scan with this

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected  button to quarantine anything found

post the scan log here

[EdithCov]

Thank you for responding so quickly.  I didn't mention this earlier but I did run aswMBR in safe mode w/networking.  Don't know if that makes a difference or not. I updated my computer & ran the scan.

[Pondus]

well MBAM log is clean  


if you still think you have something then follow this guide and attach the OTL log`s
http://forum.avast.com/index.php?topic=53253.0



Essexboy will then have a look when he arrive here...late UK time

[EdithCov]

Tyvm for all your help! I will run & then post.

[EdithCov]

Here are the OTL logs.

[Pondus]

it seems you have avast and Norton installed....you must remove one ?

if you wonder why, read the reply from quietman7 here
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638


Run and reboot - Uninstallers – Security Software - Norton is Nr #26a
http://singularlabs.com/uninstallers/security-software/


i also see something from McAfee and Emsisoft there, would remove that also + all toolbars you dont use

[EdithCov]

Hello Pondus.  I've uninstalled the programs.  Did you see anything else wrong with the OTL logs?

[essexboy]

Hi what are your current problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70683026-7D6E-4790-A105-EB3ABD04482B}: C:\Users\EDITH\AppData\Local\{70683026-7D6E-4790-A105-EB3ABD04482B} [2011/06/16 11:23:14 | 000,000,000 | ---D | M]
  [2011/06/16 11:23:15 | 000,000,120 | ---- | C] () -- C:\Users\EDITH\AppData\Local\Oyipub.dat
  [2011/06/16 11:23:15 | 000,000,000 | ---- | C] () -- C:\Users\EDITH\AppData\Local\Xceruvahohilof.bin
  @Alternate Data Stream - 180 bytes -> C:\Users\EDITH\Documents\Image (9).tif:3or4kl4x13tuuug3Byamue2s4b
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[EdithCov]

Hi Essexboy.  My computer seems to be running much better.  Only thing I've noticed is that it's a little slow at start-up.  Everything else seems good.  Here is the OTL log. 

[Pondus]

you still seems to have the McAfee Security Scan there

you probably got it with a java update... http://www.java.com/en/download/faq/mcafee.xml
if you dont untic, they install this stuff....like toolbars etc

[essexboy]

Looks much better - I will remove some non-essentials and then see if we can speed you up a bit

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
  FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70683026-7D6E-4790-A105-EB3ABD04482B}: C:\Users\EDITH\AppData\Local\{70683026-7D6E-4790-A105-EB3ABD04482B} [2011/06/16 11:23:14 | 000,000,000 | ---D | M]
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and install revo uninstaller free http://www.revouninstaller.com/revo_uninstaller_free_download.html

Run the programme and select the tools button
Select Autoruns
Untick all items except security related ones
Reboot and see if that makes a difference

Then run a disc defragment

[EdithCov]

I did the items listed below. Computer seems to be running good so far. Here is the log.

[essexboy]

How is the computer behaving now ?