hello to whomever might be able to help.

Only 4 days ago, I have paid for a cleanup on my friend’s computer. It was getting many types of alert messages (Malicious URL Blocked, Trojanhorse Blocked, Malware ???.. etc). That was four days ago before the fix that was done for a price by avast! Total Support. I know the computer was really messed up at that time. It had multiple window popup at times as well as going to websites that was never requested. The fix seemed to take care of the problems, a I talked to and ask how the computer was doing. Today, I am here and using the computer and have had two alerts popup already, one of which was a Malicious URL Blocked alert.
SO, now I am asking for some help early in these errors. I know in the past that I had gotten help via the forum for correct problems of the Malicious URL alert when it popped up on my computer at home.
I will be checking back here as often as I can for the help for this problem, but as I say, I am at and requesting for a friends computer at this time.
Thanks for any help,

kissagain

To help you we need some logs…

Attach Malwarebytes and OTL logs http://forum.avast.com/index.php?topic=53253.0

I have been scanning with the Malwarebyes program for about 40 mins now. It has been sitting at same number of objects scanned for about 20 mins now. I am wondering how long the scan should take. It looks like it is scanning the last to be scanned, “Filesystem Objects: Working”.

Wait a while … if MBAM scan doesn’t progress, abort the scan, restart the computer and then attempt to re-run the scan.

Hi again,
I waited for the scan until it had scanned for an hour. It never continued… (only the lapsed time). I stopped the scan, closed the program. I clicked on the icon that was left on the desktop, only to realize I had begun the download again. I proceeded through the full process again and scanned again. The scan got to the same point in less than 4 minutes. Then didn’t go any father for 15 minutes again. I stopped the scan again.
I must leave (my friend’s place, and computer) to go home now. I will be back again tomorrow to try the scan again and, if successful will proceed to the OTL program scanning.

Try Safe Mode. If it still doesn’t work, skip it and just run OTL

Ok! I had to skip the scan of the Anti-Malware program. It didn’t even work in the safe mode. It still stalled within the same checking process (Filesystem Objects: Working). To that point it was showing 11 objects detected all withig the Registry scan section.

I then clicked on the link for downloading OTL. I got a message saying it was not able to save the file due to not being able to read it. I then clicked the link again to download it, and instead of a message I had a new tab open with a warning title of: The Connection Was Reset, under which stated: The connection to the server was reset while the page was loading.

Now what!?

Hi,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

That MBAM is hanging after a while seems to be a bug which needs to be fixed.

I downloaded the Farbar program and ran it as instructed. I have attached the files (FRST.txt and Addition.txt) here.

[list]Hi,

What did you do with your mashine … lol
Let’s start cleaning …

Multiple Antivirus Programs

You are running more than 1 Antivirus program!

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.

Next …remove leftovers. You also have Kaspersky leftovers. You need to remove that as well…

http://www.appremover.com/

Download this app, run and remove all finded leftovers.

.

Then from Control Panel > Programs and Features uninstall the following:

-BuzzSearch
-Iminent

.

=>> FRST’s FixList

Download FixList.txt from attachments …

FixList.txt must be in the same location where FRST.exe tool is!

Re-run FRST.exe as you did before …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt and will keep that log in the same folder where FRST.exe is.

Attach here fixlog.txt logreport.

.

=>> Then …

1. Please download ComboFix by sUBs (
   http://www.mcshield.net/personal/magna86/Images/IconComboFix.png
   ) from here and save it to your Desktop.
   [i]If you are unsure how ComboFix works, read this guide.

2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
   If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

3. Run ComboFix. Then, on disclaimer window, click I Agree! button.

[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

• ComboFix will scan your computer in stages, total of 50 stages.
  Do not mouse-click around while ComboFix is running.
• If malware is detected, ComboFix will begin with its removal, and may need to restart Windows.
  Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
  [/i]

4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt)
   => Attach log report (ComboFix.txt) back to topic.

ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

I searched for the other two antivirus programs to uninstall them (AVG 2012, and Windows Defender). I could not find Defender at all in neither the programs nor in the Uninstall and change programs in the control panel). I thought I, or the tech that did the cleanup on this computer last week (noted in my initial post), had uninstalled AVG 2012. I attempted to uninstall the AVG again, twice via Uninstall and change programs (control panel) AND via the Uninstall within the programs folder. The first attempt brought open a window that appeared to me of being “false”. The program indicates it has been removed (all 3 times) and I chose to Restart computer later.

The AVG 2012 program apparently is still on the computer… .after 3 attempts toUNinstall! Just saying as a FYI at this time. I will move onto the next steps as you hae indicated to do.

Okay NOW, I have done as far as downloading and running the AppRemover. I stopped at that point, as of now, to let yopu know that after running it, there was a message that popped up that says:
“AppRemover encountered an error while attempting to uninstall the selected product(s). Please use the ‘Report an issue’ link to send this issue to OPSWAT.” I am leaving that window up until further word from you (not clicked “OK” yet).

FYI: when I clicked on your link to download AppRemover there were many other windows and tabs that opened up. I was very careful in what I clicked on to download. I am sure I was at the website that was the link that you provided when I clicked on the download. I closed all other tabs and window that I beleived I could without producing other pop-ups (as some in the past have produced other multiple windows or tabs).

PS:
There were only 2 programs appearing on the AppRemover for selection of removing… AVG Free Edition and avast! Antivirus. I selectedonly the AVG to be removed. Pease note as I indicated previously that I nor AppRemover couldn’t find Windows Defender.

I have been looking about on this computer and in the logs last sent to you as attachments. I have noticed somethings noted as follows:

There is a folder titled “Program Files (x86)” ( which I will refer to as the “false" folder”) in addition to the usual folder titled “Program Files” (which I will refer to as the “true folder”). It appears that the false folder has duplicate programs and files as the true folder has, plus other files and programs/folders.

I also notice that within the Addition.txt log, which I sent as an attachment, shows the AVG as “(hidden)”, as well as the BuzzSearch and the Iminent. I have also noticed that the Windows Defender is “hidden”.
Within the FRST.txt I have noticed that not only the AVG but the Malwarebytes Anti Malware program that I downloaded from the site that you directed me to do so, has been installed also within that false folder. I am not sure when, let alone how, that false folder was created but it appears that everything that has been downloaded since its creation has been installed within that false Program Files folder in addition to wherever else a particular program might have been installed. I suspect this is why the Malwarebytes didn’t work as expected and that the OTL program couldn’t read something.

I have also clicked the “ok” ok the AppRemover app, though I have left the window open where it is asking to report any issues.

After I send this post, I’m going home for the night.
kissagain

Hi,

Skip appremover and go here and download appropriate uninstall tool & run it. These tool shall target the AV files and remove them.
http://singularlabs.com/uninstallers/security-software/
http://www.askvg.com/ultimate-collection-of-uninstallers-removal-tools-for-all-popular-anti-virus-software/

Each AV has his own uninstaller tool. Windows Defender is not AntiVirus, it is AntiMalware program (confusing I know, consider it as an additional security software) and Windows Defender does not need to be removed. WD is Ok.

Program Files (x86) is legit Windows folder, it contains all 32bit programs as 64bit programs goes to 64bit’s native Program Files. Don’t touch that.
AVG is “hidden” from Programs and Features for valid reasons, it protect himself. But main uninstall component is visibly.

=> Perform further cleaning with uninstaller tools and then just continue with the rest of the steps (FixList and then ComboFix)

When I just clicked on your first link, it of course went to the website, but then within seconds I watched the “design” of the website change before my eyes. This is what the invasive trouble does and it makes me nervous about clicking to download anything. It also opened multiple windows and tabs at the same time. I still have the matching website name on the tab as the one I clicked on but it looks different than the original one I saw. I will try clicking again and proceed with caution.

AVG Any Bit (32 & 64) http://download.avg.com/filedir/util/AVG_Remover_en.exe

Edit:
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe (32 Bit)
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2013_2706.exe (64 Bit)

Edit:: You need the 64 Bit version

While downloading ComboFix, it was showing a process of extractions then I got an error msg that stated the OS was incompatible. I clicked the “OK” and all is gone from screen of the ComboFix, leaving only my window with this forum posts.

PS: I am now attaching the Fixlog.txt which you requested before the download of ComboFix.