Recently, I somehow managed to run into one of those fake Anti-Virus programs.
“Win 7 Home Security 2012 Firewall Alert”

Needless to say OBVIOUS VIRUS IS OBVIOUS
I’m smart enough to know the difference in a fake anti-virus and the widely trusted protection programs that I self installed (MalwareBytesAntiMalware, SpyBotSearch&Destroy and Avast)

Soo…

Immediately I begin the removal process by unplugging my computer from the internet to prevent IE pop-ups redirection me to harmful or nasty websites, followed up by checking to see if a proxy was input in order to do this. - Nothing there

After realizing I now have to right click and “run as admin” to open any program I need to use (without the “Win 7 Home Security 2012 Firewall Alert” popping up attempting to convince me every damn program I have is infected), I immediately run MBAM on quick scan, followed up by SpyBot and Avast.

MBAM and SpyBot both detect the FraudInternetSecurity, Trojan.Agents,Hijack.Exe, and Microsoft.Windows.FileExe…

After they successfully remove the detected viruses/malware etc… I restart my PC to finish the removal, after boot up I run SpyBot along with MBAM again but this time on full scan…
Nothing detected, looks like I’m good to go

However, the next day the fake anti-virus finds its way back onto my screen, leaving me to question if there is a line in my registry causing it to eventually come back after a set time and a reboot.

I repeat the previous removal process above and also notice in the meantime these applications popped up and are also in my documents or local settings

Now after doing the full removal process again I run OTL to post the logs here.

any help is much appreciated

Disk Management screenshot

aswMBR log

RKreport

I believe that is everything I am supposed to post, correct?

PS
I don’t know if this is a related issue but in “Documents” the folders “My Pictures, My Videos, and My Music” is locked off and I get this message trying to open them…

“Location is not available: C:\Users\Public\Documents\My Pictures is not accessible
Access is denied.” (Changing the security permissions did not allow access)

Oddly enough I can access these three folders from “Libraries”

malwarebytes log…remeber to update before quick scan

Essexboy will have a look when he arrive…

Sorry but I did not think to save the logs from MBAM and Spybot detecting and removing the infected objects… If it helps however, I did take a screenshot of what they detected the first time I encountered the issue.

MBAM detected

MBAM auto saves logs…so if you click the log tab on top…you have no log there ?

Thanks, I was not aware.

Here are the MBAM logs from where it detected and removed infected objects

Nice job you appear to have killed most of it… What problems are you experiencing at the moment

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2011/12/15 10:05:39 | 000,000,000 | ---D | C] -- C:\Users\Mystwolf\Documents\gegl-0.0 [2011/12/15 09:51:23 | 000,011,146 | -HS- | M] () -- C:\Users\Mystwolf\AppData\Local\3l61sx1j30j538 [2011/12/15 09:51:23 | 000,011,146 | -HS- | M] () -- C:\ProgramData\3l61sx1j30j538

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

updated log

What are your current problems ?

I’ll post back if something pops up but as far as I can tell, none.

Thanks for the help

PS
Are Mbam, SBS&D and Avast still the primary three, or are there new anti-spy/virus/malware programs I should pick up?

Not so hot on spybot nowadays - but that is just me

MBAM and Avast will generally cover all your needs

When you are happy run OTL and press the cleanup button to remove it

It’s not only you…!!
I also would drop Spybot.

and just so you know…Malwarebytes was not updated when you did the scan… ALWAYS click the update button before you start a scan