Got the free avast, then anti virus, no luck.

I am not very computer literate but i have no choice but to learn this trade because the internet is like a public bathroom wall. So I got the free avast two days ago and ran each scan and still got avast pop ups re: scoringtomeasure. So today I ran the malware program this site linked to which found and quarantined 744 files (?) It restarted and I get the same amount of pop ups but different malware names and everything still runs like molasses. Any help is appreciated.

I spoke too soon. There were a couple of pop ups after restart but they seem to have subsided and overall speed seem to be ok.

we need some logs before we can help, see here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

Trying to post attachments.

Not sure which of the three MCSHields I need to use.

Hi if there is anything you are unsure of then just ask

Uninstall Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

  1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
  2. Then I need you to go Google Sync and sign into your account
  3. Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
  4. Now we need to uninstall chrome.
    Note: When asked about user data or settings you must remove this also so please check the box.
  5. Restart the computer

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.seekplaza.info/ BHO: No Name -> {c629f9d4-7c19-45ff-8329-7ecf029e9cba} -> No File 2015-04-02 12:42 - 2015-04-02 12:42 - 00000020 ____H () C:\ProgramData\PKP_DLec.DAT 2015-04-02 12:42 - 2015-04-02 12:42 - 00000000 ____D () C:\ProgramData\Ultima_T15 2015-04-02 12:42 - 2015-04-02 12:42 - 00000000 ____D () C:\ProgramData\EnterNHelp 2015-04-02 12:42 - 2015-04-02 12:42 - 00000000 _____ () C:\ProgramData\PKP_DLds.DAT 2015-03-30 20:10 - 2015-03-30 20:10 - 00007103 _____ () C:\Users\Steve\Downloads\hijackthis2 2015-03-30 20:10 - 2015-03-30 20:10 - 00003126 _____ () C:\Windows\System32\Tasks\{EC2CA923-9903-49F8-B33F-50CBF05BB3B4} 2015-03-30 20:02 - 2015-03-30 20:11 - 00007752 _____ () C:\Users\Steve\Downloads\hijackthis.log 2015-03-30 19:57 - 2015-03-30 19:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steve\Downloads\HijackThis.exe 2015-03-30 15:55 - 2015-03-30 15:55 - 00002962 _____ () C:\Windows\System32\Tasks\{9A12DDAC-9220-405C-A301-B702361FEEEA} 2015-03-28 12:51 - 2015-03-28 12:51 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Steve\Downloads\SpyHunter-Installer.exe 2015-03-28 12:51 - 2015-03-28 12:51 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Steve\Downloads\SpyHunter-Installer (1).exe 2015-03-19 08:32 - 2015-03-19 08:33 - 01149528 _____ () C:\Users\Steve\Downloads\Chrome_Updater.exe 2015-03-15 18:57 - 2015-03-15 18:57 - 00009522 _____ () C:\Users\Steve\Downloads\Setup .website 2015-03-28 11:15 - 2014-11-18 11:17 - 00004567 _____ () C:\Users\Steve\Downloads\software_removal_tool.log 2015-03-28 11:14 - 2014-11-17 21:51 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-28 11:14 - 2014-11-17 21:51 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Task: {6260A046-F074-4268-853C-F09AE0882D06} - System32\Tasks\{EC2CA923-9903-49F8-B33F-50CBF05BB3B4} => pcalua.exe -a C:\Users\Steve\Downloads\HijackThis.exe -d C:\Users\Steve\Downloads Task: {854935B2-4E9E-443B-95A6-CC9442EE3EC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.) Task: {B87A48AA-7318-4817-BA98-757A46C4676F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Chrome C:\Users\Steve\AppData\Local\Google\Chrome Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Ok.

And the fix log?

Ok.

What problems are you experiencing now ?

Everything seems to be ok this morning. I thought the chrome icon was missing but it had changed to a totally different look.

When I bought this desktop four or five months ago it started to collect malware on the first day so I began to look for ways to fix it without calling the tech guy who ‘repairs’ my computers. He transferred my old stuff onto this one. It seems like I’ve been buying a different computer every three years whenever they cease to function. And all I use them for is email and surfing.

I spoke too soon. I got a pop up a minute ago that requires you to log off.

OK could you provide afresh FRST scan for me and I will see if I have missed anything

I think this is the new scan.

Chrome is still not (completely) removed ???
And where is the new addition.txt ?

OK lets try again, don’t be worried about this as some people do have problems with computers

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03] CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03] CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03] CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03] CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03] CHR Extension: (Avast SafePrice) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-04] CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03] CHR Extension: (Avast Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-03] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03] CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03] CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-30] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-30] 2015-04-03 20:17 - 2014-11-17 14:53 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google 2015-04-03 20:12 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files (x86)\Google C:\Users\Steve\AppData\Local\Google Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

I appreciate everyone’s help. I think this s the new log.

OK that looks to be the last of Chrome, how is the computer behaving now ?

So far so good.

OK if you wish you may now re-install chrome

Everything is now running smoothly ?

I haven’t done anything since the last scan and still get a lot of avast pop ups blocking malware. I noticed chrome had two boxes checked that allowed other people to use my browser and that doesn’t sound good.

Is this after re-installing Chrome ?

I didn’t reinstall chrome, I thought I only needed a new scan. I’ll print those steps and try it again in the next 48 hrs.