Almost everytime I run MalwareBytes, it finds Hijack.Trojan.siredef, and I don’t understand how that is happening when I have Avast running and supposedly protecting me…also, I’m getting pop-ups from Avast while online, telling me that my activity online is not secure…how can that be with the Firewall activated.

Hi Kathryn9, welcome to the forum

Please follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

OK, all scans run, but on the FRST, the Additions.text scan was not active,

Please check and see if the log is in the C:\FRST\Logs directory. If the log is not there then please run the scans again by following the steps below:

First, move FRST.exe from the C:\Users\Owner\Favorites\Downloads directory to your desktop. (Come back and ask if you do not know how to do this.)
Then follow these steps:

[*]If you still have the Addition.txt file on your desktop, please delete it now.
[*]Right click the FRST file on your desktop and select “Run as Administrator…” (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the “The tool is ready to use.” message.
[*]Please check the Addition.txt in the Option Scan section of FRST.
[*]Press the Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

New scans attached

Files are in C:FRST Attaching them

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.1.7
Freemake Video Downloader
Freemake Youtube Mp3 Converter
MyFreeCodec

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

FRST Fixlist run

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
  icon and select
  https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
    Please attach it to your reply.

THIRD >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

• On reboot a log will be produced; please attach that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Also, please tell me how your system is running now. Thanks.

Ok, all done with AdWare, fix log attached.

Found the adware log, will attach…not new, but when I open browser and get Avast window open, navigate to adware file on C:, my screen freezes and my cursor won’t operate, can’t get task manager to open, I have to shut down computer. Is this a problem caused by too little RAM? This is my oldest and most used computer, and only has 4GB of RAM. 1T Hdd.

You may want to check on your RAM. The FRST Additional log shows 3GB RAM available with 1GB free. Possibly the Video is using the other 1GB of RAM?

Did you run a Malwarebytes Antimalware scan?

On 9/4 scan the same Hijack.Trojan.,Siredef.C (MBAM)
Today’s scan showed two instances of Open Candy PUP
The scan was still running when the computer froze…I waited 30 min to turn it off, but don’t know for sure it finished, I had a browser screen on top of it. Will turn off the browser and rerun the scan, and post if the result is any different.
I’m not sure what you mean by Video using RAM? What video? Thank you for helping me trouble-shoot.

Sorry for not being clearer; Video (in the message I posted) meant your PC’s Video “card” or processor. Most common systems have the main RAM ‘shared’ by the CPU and the Video as this is more space saving than having to have separate memory for just the Video.

No, the Trojan was 9/4/15 at 3:21pm, and the fixlog was 9/4/15 at 9:27pm.

Just making sure; please post the latest MBAM log when you can. Thanks.

The malwarebytes logs are not the correct format to upload to your page…won’t allow me to change the file type. They are xml documents. Suggestions?

Start MBAM. Go to History > Application Logs and double click on a Scan Log.

Once the log window is open, click on the Export button in the lower left corner and select Text file (*.txt). Save the file to your desktop and then attach the file here.

Thank you for the instructions…2 files attached

Thank you for the logs. Everything is looking clean, so if the system is running fine for you, then let’s clean up our tools and get you on your way.

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Thank you for your help…question: Am I to expect that Avast Anti-virus will catch these daily Trojans, or will I still need to do MBAM scans once or twice a day? Also, while I am working online, the pop-ups from Avast telling me my activity can be seen/is not secure/ I need to know the function of the Firewall, which is supposed to be active, and protecting me.

FYI, I am waiting for CSR to resolve a $90 charge placed on my credit card for a service I did not receive…otherwise, I would be donating something for your help…I do appreciate your assistance with this, and can’t wait to see if I will be protected from this nerve wracking Trojan I’m constantly getting. Thank you very much.

The “non-secure activity” popups from Avast are related to the SecureLine VPN service Avast offers. You can disable this option by going to Settings > Tools > SecureLine VPN and selecting OFF. If you do a lot of traveling and connecting to Public networks, this might be something you would like to have. You can find more information about this service here and on the forum boards here.

As to the Firewall, as long as your Avast GUI says it is active then you are good to go. It blocks unrequested inbound traffic and malicious outbound traffic. You can view the logs and what is connected / blocked by going to Avast GUI > Tools > Firewall.

You have the Premium version of MBAM; you can have it run a scheduled scan once a day in the background to help protect your system.

As to the donation, I appreciate your offer and concern but as I state this work is voluntary and done for free; no obligation on your end other than working with me to clear your machine. ;D