Got a Virus or worm or anything

So the situation is like this. Whenever I start my PC Avast bocks something. In addition, it blocks something everytime I use google. And to add to that sometimes random pages just keep opening. Does anyone know what to do.

I know it not much info. But I can submit the logs just not sure how.

Thanks in advance

Follow instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

Please see logs attached

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Task: {F25B03CC-24A8-4B38-A529-5425BD1EC787} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0CzyyBtD0Ezy0ByEtByE0Fzzzy0C0EtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyE0A0DyEtBzy0BtG0CyDtAyEtGtDyD0CzztGzzyDtAtCtGtDyD0Azzzz0BtBzyyD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0C0AyCzytC0CtGtDtBtC0EtG0ByDyE0BtGtByCyEtAtGtByCzy0DyD0CtC0AtA0A0DtC2Q&cr=938489699&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Users\admin\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-25]
HKU\S-1-5-21-4023048206-416325105-1711805914-1001\...\Run: [AceStream] => C:\Users\admin\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 
C:\Users\admin\AppData\Roaming\ACEStream\engine\ace_engine.exe
C:\_acestream_cache_
C:\Users\admin\AppData\Roaming\ACEStream
C:\Users\admin\AppData\Roaming\ACEStream\updater\ace_update.exe
HKU\S-1-5-21-4023048206-416325105-1711805914-1001\...\MountPoints2: {c39d80c9-786a-11e3-8276-08d40c01c687} - "F:\Setup.exe" 
EmptyTemp: 
CMD: bitsadmin /reset /allusers

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.


Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
[i]For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file (
http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.

• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:

  • ‘Could not load protection driver’. Click ‘OK’.
  • ‘Could not load DDA driver’. Click ‘Yes’ to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe

  • Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution …
  • When you see “press any key to exit” fix is completed, press any key to close the window. Reboot the system.

> The following reports will be created in mbar folder:

  1. mbar-log-year-month-day (hour-minute-second).txt
  2. system-log.txt

Please post both logs in your next reply.

Hi,

Thanks for the help it finally stopped poping up.

Please see logs attached

OK,

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

You are an absolute legend. Thanks a lot!!!