Hi,
Avast keeps blocking harmful files (using Chrome) but when I do a scan with either Avast or Malwarebyte nothing is found.
I’ve seen similar threads on here but they are all specific to that person, what do I need to do?
Many thanks in advance for any help.
Tim
The same as the others have done. 
Follow the instructions and attach the logs:
https://forum.avast.com/index.php?topic=53253.0
Did you, uh, happen to see my post? Just found it funny we both posted about the identical issue around the same time.
Some additional things that my assist you…
Task manager: Check for any suspicious/unusual programs
Installed programs: Check for junk/unusal programs (toolbars and such)
Services snap-in/services.msc: Any unusual services running (especially ones without descriptions/odd service names)
Startup programs: Check msconfig.msc for odd start up entries
Web Browser plug-ins/add-ons: Make sure only the plug-ins you recognize are running
Checking loaded drivers is also a good thing. DriverView is a great program for that: http://www.nirsoft.net/utils/driverview.html
You can also see which programs where executed when with UserAssist: http://blog.didierstevens.com/programs/userassist/
Use http://www.systemlookup.com to check any program/name/entry you do not recognize. I identified a driver loaded on my computer that had been added by a PUP (it was a network driver).
Of course, do this if you’re “computer savy” and want to know the root cause of this issue. If you don’t feel comfortable with removing these kind of things (or the risks that might come of it), then just stick with Eddy’s solution.
Hi,
Thanks for the link, here are the logs.
Cheers
Tim
Hi there, the first thing you must do is uninstall Chrome, you may reinstall once we have finished
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ADOBE INDESIGN CS6 Extended Final Multilanguage cracked dll.lnk ShortcutTarget: ADOBE INDESIGN CS6 Extended Final Multilanguage cracked dll.lnk -> C:\ProgramData\{0affc786-e9fd-8d92-0aff-fc786e9f1e1b}\ADOBE INDESIGN CS6 Extended Final Multilanguage cracked dll.exe (No File) Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f44Da6.lnk ShortcutTarget: f44Da6.lnk -> C:\ProgramData\{3d7f0381-4aa1-6567-3d7f-f03814aa0e05}\f44Da6.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> DefaultScope value is missing. BHO: uniSalleas -> {4f58e3a7-f19a-4e95-93e9-e4dc2173763f} -> C:\Program Files (x86)\uniSalleas\SL43V6sfhcZ6tt.x64.dll () CHR HomePage: Default -> hxxp://www.google.co.uk/ig?hl=en CHR StartupUrls: Default -> "https://mfb.capsulecrm.com/login", "https://vendorcentral.amazon.co.uk/gp/vendor/sign-in", "hxxp://www.amazon.co.uk/", "hxxp://www.ebay.co.uk/mbf/Summary?MyEbay&gbh=1&CurrentPage=MyeBaySummary&ssPageName=STRK:ME:LNLK:MESUMX", "https://dub130.mail.live.com/default.aspx?fid=flinbox", "https://www.linkedin.com/", "https://www.evernote.com/Login.action?targetUrl=%2FHome.action#st=p&n=d5bb7500-e17c-43a9-b613-a6d04e5c2e99", "https://keep.google.com/#home" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) CHR Plugin: (RealPlayer Video Downloader for HTML5 (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10] CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-10] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16] CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10] CHR Extension: (Google Cast) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-06] CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10] CHR Extension: (Avast Online Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-24] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-02] CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10] CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10] CHR HKU\S-1-5-21-3159809400-3735709745-1024690528-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] 2015-02-09 14:58 - 2015-02-20 11:27 - 00000000 ____D () C:\Program Files (x86)\uniSalleas 2015-02-09 14:58 - 2015-02-09 14:58 - 00000000 ____D () C:\ProgramData\iddlpfadappdgcdapmmbecibbgfmbggp 2015-02-09 14:58 - 2015-02-09 14:58 - 00000000 ____D () C:\Program Files (x86)\Tab Shutter 2015-02-09 14:57 - 2015-02-20 08:48 - 00000000 ____D () C:\ProgramData\{3d7f0381-4aa1-6567-3d7f-f03814aa0e05} 2015-02-09 14:57 - 2015-02-16 11:31 - 00000000 ____D () C:\Program Files (x86)\unisalless 2015-02-09 14:57 - 2015-02-16 11:27 - 00000000 ____D () C:\Program Files (x86)\uniIsales 2015-02-09 14:57 - 2015-02-09 14:57 - 00000000 ____D () C:\ProgramData\ddoochggilinkljepbjdacndhjfofglp 2015-02-09 14:57 - 2015-02-09 14:57 - 00000000 ____D () C:\ProgramData\14933581729149760352 2015-02-09 14:56 - 2015-02-20 08:48 - 00000000 ____D () C:\ProgramData\{38d2f0c9-c7e1-3d65-38d2-2f0c9c7ec327} 2015-02-09 14:56 - 2015-02-20 08:48 - 00000000 ____D () C:\ProgramData\{0affc786-e9fd-8d92-0aff-fc786e9f1e1b} 2015-02-09 14:56 - 2015-02-09 14:56 - 00000000 ____D () C:\ProgramData\kagnjbhkefjpejcphpjcmohoigoicdae 2015-01-22 16:55 - 2015-01-22 16:55 - 00261332 _____ () C:\Users\Tim\Downloads\U4sc9vCmQrCveAseYVM1-osOFM6BznP-zlGNX2We1QG7VvKe0d2y0YfMP7D7kSAHbhPHs_GR1H-Z pEJvIviKL7X2QKrnfZiCB43yAlpu0Il1J5D2VgCLIJh6WvoV7_ypYiH8HV_lSW_C8I6e0P8JgR9u hNRO-e9_q4IRQhK1jBkLHEOw- Task: {894B6F92-A14F-41A0-BEF1-4D28595A7BB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.) Task: {CD8C3BC9-3478-47ED-B626-D9C2F37FAA15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-10] (Google Inc.) Task: {DEA08B6E-43CD-465C-A4E8-0EA8157865A4} - System32\Tasks\{025399CA-91D0-40D6-B394-CE5F8FB6DF97} => pcalua.exe -a C:\Users\Tim\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=amt -simple=0 <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Tim\AppData\Local\Temp\_MEI52082 C:\Program Files (x86)\uniSalleas C:\Users\Tim\AppData\Local\Google\Chrome C:\Program Files (x86)\Google\Chrome EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Hi,
Thanks for the help so far, log file below:
Tim
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\Interface{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\ Internet Explorer v11.0.9600.17416
-\ Mozilla Firefox v35.0.1 (x86 en-GB)
[oqbx8nxu.default\prefs.js] - Line Deleted : user_pref(“extensions.quick_start.enable_search1”, false);
[oqbx8nxu.default\prefs.js] - Line Deleted : user_pref(“extensions.quick_start.sd.closeWindowWithLastTab_prev_state”, true);
AdwCleaner[R0].txt - [1512 bytes] - [20/02/2015 19:23:55]
AdwCleaner[S0].txt - [1390 bytes] - [20/02/2015 19:26:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1449 bytes] ##########
Could you attach the fixlog please. How is the computer now ?
sorry, attached.
PC seems to be ok but it’s deleted Chrome where I was having the issues, do I simply reinstall?
Thanks a lot
Tim
Ah you did not read the first line which asked you to uninstall Chrome. It was a developer build which has no security features. I removed the remnants (if you had uninstalled it 
)
Yes re-install Chrome now and let me know if the problem recurs
Oops, ah well, at least the line I missed wasn’t too critical!!
Thanks for all your help, seems good so far.
Tim
If all is well tomorrow let me know and I will tidy up
Hi,
I rebooted and now can’t access the internet on either chrome or Firefox (on phone now)
Any thoughts?
Thanks
Tim
hang on, rebooted again and seems to be working…strange!
Thanks again for your help
Tim
Let me know if that occurs again please
hi Essexboy.
A week in and all seems great still, thank you so much for your help, really generous with your time and knowledge.
Thank you.
Tim
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
https://dl.dropboxusercontent.com/u/73555776/javara.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 