I’ve read the forums for info on this and followed instructions to use MBAM, and OTL. Mbam found items and I removed them. Before and after that and probably a total of 4 times now I’ve done a full avast windows scan (the one that takes a couple hours) and boot scans, and done move to chest on the items. Then I do another scan to make sure it’s actually gone it appears again in a new scan… like it’s replicating??

MAL:URL is what is popping up with avast, but one of the things avast found was a trojan. This all started with a pop up from a grocery store blog! Apparently one the ad partners had spyware or a virus because several visitors to the blog said they got infected. My avast had expired from the free version and I didn’t realize it until I realized there was something on the system :\

No clue what’s going on here! Would appreciate any help.

If you have run Malwarebytes and OTS/OTL then post the logs

to avoid multiple post with copy and paste, attach the logs
lower left corner > Additional Options > Attach

• download aswMBR.exe and save to desktop http://public.avast.com/~gmerek/aswMBR.exe
• double click aswMBR icon to run
• click scan, then “Save Log” and post it here in your next reply

I’m not currently using the infected PC, and I disabled the internet on it. I’ll see if I can find the log files and transfer them. I may have to re-run everything to get new logs, as I’m not absolutely sure I selected to save the files originally, I haven’t messed with it in over a week.

Well I reran Avast and Malwarebytes and both came up with no infected files, figuring that couldn’t be right I turned the network back on and went to google, and it redirected me and Avast popped up that it blocked MAL URL. Apparently I didn’t run OTS like I thought I had, and I just did that and have the logs. Should I post the logs even though the newer scans found nothing? or should I post the old scan logs.

Bear with me, I’m new to fixing this type of stuff myself.

Also, I had clicked run fix with a copy and paste fix I found on the forum…did that do any harm?

Here’s the OTS log.

Hi your log shows 3 system files as being updated very recently - so I would like to check them out

But first I will clear your temporary files - this may take a few minutes as there are quite a lot

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "hpqSRMon" -> []
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

[Custom Items]
:files
ipconfig /flushdns /c

:end 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools, do not let Avast sandbox anything whilst the programme is running
[]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I accidentally used combofix twice from the downloads directory before realizing what was the issue . I was going back and forth between two computers with the instructions and whatnot since I didn’t want to keep the internet open on the infected PC, and missed the part about running it from the desktop. I ran it from the desktop on the third try and it’s been sitting at the scanning for infected files for probably 30 minutes, it doesn’t appear to be locked up… should I be concerned or restart it?

Leave it a tad longer, when you ran it from the downloads folder did it appear to work ?

It appeared to have frozen windows so I did a hard reboot, came back and tried to run it again and it gave me a blue screen error that flashed away too quickly for me to read it all and rebooted the system, something about there being a problem with a newly installed file or driver and the system.

When I used it from downloads it took up a dos looking whole screen for the extracting, etc… then rebooted the system, that’s all.

I can work on getting a picture of the blue error screen if that would help any.

Yes please

Hi, sorry been really busy and just now got a picture taken of the error…still happening when I run it.

Can you get to safe mode

Restart the computer and press then hold F8
From the menu select safe mode with networking

Not sure if it matters but I have the network disabled since I have other PC’s on the network along with the internet connection. I didn’t want any possible infection spreading elsewhere. If that’s paranoid let me know, I don’t know much about all this! And yes, I should be able to get into safe mode.

OK once in safe mode could you run a fresh OTS log please and I will see what is causing the blockage

Will do!

Ta ;D

Here are the results.

Intriguing all drivers are good and in the right place

OK two things to do

First

Restart the computer to the safe mode menu and select Last Known Good

Does that boot ?

If not then re-run combofix from safe mode

I wasn’t able to run Combofix in regular windows, it completely frozen the system I couldn’t even CTRL ALT DEL it. Safe mode worked fine and here is the log.