Help please!

[nanajana]

In April I had a virus see http://forum.avast.com/index.php?topic=97480.0 and since then things just have not been right on my computer.  I have had several issues with AIS working properly.  I have been running all kinds of scanners to find out what is wrong and have now had a few things show up.  First of all I ran spybot to check for adware and it found 125 problems, see attached.  While it was running it kept stopping and display an error message and when I clicked on it, it would continue.  I clicked on fix all and it completely changed my desktop and so I did a system restore thinking that I would then just come to this forum for help with the 125 entries I put back but then when I reran Spybot it said everything was okay.  No entries to be found.  All of a sudden desktop.ini shows up all over and so I ran MCShield which found malware on my D drive, see attached.  Actually desktop.ini showed up before I ran Spybot.  Then yesterday a folder shows up on my desktop (which I did not create) called DVD Shrink with a bunch of files that I cannot open and an example of one is:  Analysis results.0b128c36  4/12/2008 2:49 PM 0B128C36 File  10 KB.  There is 138 such files and when I scan the files with Avast it does say:  NO THREAT FOUND.  At the same time this appeared on my desktop, esetsmartinstaller_enu.exe icon (which I probably ran back in April) also showed up but I didn't place this on my desktop.  Today I ran Outpost scanner and bifrost backdoor & bzub trojan are found.  See attached.  I have experienced the BSoD several times as well.  See http://forum.avast.com/index.php?topic=101516.0 and http://forum.avast.com/index.php?PHPSESSID=vpq38e64tc6qqars3cv87rld87&topic=106530.0.  I don't know if any of these are related but things are not right on my computer!

I have AIS installed but unable to get the Firewall to work so instead I have Outpost.  I run malwarebytes every other week or so and it shows nothing.  So where do I go from here.  Also one other incident happened.  I was checking cwshredder merijn page when I noticed nginx appeared at the bottom of the page, not on the top as before (I can't remember what the address of the page was)>  It was late at night and I thought I would just go back the next morning as I just didn't want to deal with it at that time but I haven't found this again.

Cheers,
Janice

[Pondus]

So where do I go from here.

since you have had help here before.....then you know what logs you need to attach   

http://forum.avast.com/index.php?topic=53253.0


AdwCleaner
Malwarebytes
OTL
aswMBR

[nanajana]

HI,

Of course I know , here is malwarebytes.  I ran adwcleaner but on reboot no log appeared.  Where should I look for it?  Also trying to redownload adwcleaner this time siteadvisor is red telling me its full of viruses etc, did the same for otl.  Should I rerun adwcleaner and I did run otl anyway and will attach as soon as it is done.

[Pondus]

AdwCleaner removes browser/toolbar crap....the log is not that important
The removers will see any leftovers in the OTL log so just continue....

[nanajana]

otl but no extras, where will I find it if you need it?  now running ansmbr

[essexboy]

The Outpost ones are false positives, Spybot appears to have had a mad half hour by the look of it

Nginx is the name of the server that hosts a lot of different domains and if there is a problem with the domain it will show Nginx on the page

When you try to run Avast firewall what error do you get ?

When you had the BSOD did it reference any files ?

[nanajana]

Hi

Avast firewall doesn't get past the found new network, at that point my browser can't connect to the internet.  While running aswmbr it crashed so I had to run in safe mode and the only thing I caught was bad_pool_header.  Having a dinner party at the moment so won't be back til later tonight and I'm thinking you'll be sound asleep!

Cheers,
Janice

[essexboy]

I can see no apparent malware, but I am wondering whether you were one of the unfortunate ones that had two network drivers, so we could look at that if you wish.. 

Have a nice party and see you tomorrow 

[nanajana]

Hi,

Yes I had a nice party, and yes we can look at the network drivers.  Just let me know what is required.

Cheers,
Janice

[essexboy]

Okey dokey first you will need to do a full uninstall of Avast and Outpost

Utilise the small programme appremover http://www.appremover.com/

Download the latest AIS to your desktop http://files.avast.com/iavs5x/avast_internet_security_setup.exe

Run Appremover to remove Outpost and Avast (after disabling self protection) also any other antivirus/firewall software installed 

Run the AIS setup... Don't forget about  the Chrome optin screen
Add the Avastlic licence to activate IAS

Then if the firewall does not load let me know what the error is

[nanajana]

I will do that but its not that the Avast firewall doesn't load, it does.  What happens though is when I connect to the internet, it reports that it has found a new network, I then pick the default option, I can't think off hand what it is maybe work anyway it is the middle option (recommended) and at that point my browser cannot connect to the internet, and I get the blank page up and of course I cannot do anything online.  This is the same thing that happens when I try to run my browsers sandboxed so that I can't use the browser protection feature either.  It may work for a day and then my browser no longer allows me to surf the internet.  So I then have to uninstall the plugin to be able to surf the internet.  This is on all three browsers, Firefox, Explorer and Chrome.

So if uninstalling & reinstalling is still the answer I will go ahead and do this.  But again it does install just doesn't allow me to do anything.

Cheers,
Janice

[essexboy]

Good, could you give me a screenshot of the selection page prior to you selecting it

[nanajana]

Hi,

Well now I am totally frustrated!  I tried to uninstall avast using appremover from your link, it did uninstall Outpost, no problem but it did not uninstall Avast, tried 3 times.  I then used aswclear to remove it.  Fine, I then reinstalled AIS from your link, just before setup finished my computer crashed, I caught NO_MORE_IRP_STACK_LOCATIONS before it restarted.  Actually I have seen that quite often when my computer crashes.  So then I reinstall AIS with firewall and it absolutely will not allow me to do anything.  See attached screenshots in order of trying to get this installed!  So after it is installed and I connect to the net I get the first screenshot up, I click on work (medium setting default) and then the second screenshot comes up unable to connect (btw this is in all three of my browsers) and then I have to uninstall avast again and then the third screenshot comes up on reboot.  Sometimes I have to run system restore to fix this but this time I just went to my network & sharing folder, clicked on JanicePC and it connected.  Most times when this happens there is no JanicePc to click on so hence system restore.  So what's next. 

Cheers,
Janice

[essexboy]

OK could you select home as opposed to work

[nanajana]

Doesn't matter what I select, same thing happens.  At the moment I am not running avast because it just won't work with firewall installed.

Cheers,
Janice