Suddenly I’m getting a pop up or slider ad whenever I go to Amazon or Ebay. It’s called “Hot Deals.” The only info I can find online are various sites recommending I download this or that adware/virus removal software. Since I already have Avast, I’d think I shouldn’t have to get new security software, but Avast doesn’t seem to be detecting it when I scan the system. I’ve tried removing any extensions, and I’ve tried going into the control panel to uninstal anything that’s recently showed up there, but nothing is working.

I just found an Avast blog that says I can go into the online security plug-in’s settings and disable “Safeprice” (is that the same thing?), but I don’t know how to find those settings.

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Ok, here’s the one from Malwarebytes. Do I really have to download two more things to scan with? Why isn’t Avast picking up on this?

Yes, we also need the other logs.

There is no tool in the world that can detect/fix everything.

Ok, here are the rest of them.

OK, now you’ve to wait a bit…

Why isn't Avast picking up on this?

Refering to the PUP that your Malwarebytes log is full of, avast PUP detection is default off except for in boot scan …so turn it on if you want it
PUP = not malware / Possible Unwanted Program … usually crap that comes bundled with free downloads

Ok, how do I turn on pup detection? I’m dumb about this stuff. Also, I think I deleted my browser protection extension while trying to solve this problem. In another thread, I thought I read that Hot Deals came with the Avast browser protection extension itself and couldn’t be gotten rid of without deleting it. Deleting it didn’t help though.

Open Avast! - Settings - General - Select “Scan for potentially unwanted programs ( PUPs )”

Greetz, Red.

Ah. Duh. Thanks.

It is a gereral setting for all shields and scans, except the boot-time scan I beleve …

Greetz, Red.

Let me know how the system is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: ProxyServer: [S-1-5-21-2926032088-3883841205-485596375-1000] => http=127.0.0.1:49218;https=127.0.0.1:49218 URLSearchHook: HKLM-x32 - (No Name) - {37153479-1976-43c3-a1ee-557513977b64} - No File URLSearchHook: HKU\S-1-5-21-2926032088-3883841205-485596375-1000 - (No Name) - {37153479-1976-43c3-a1ee-557513977b64} - No File SearchScopes: HKU\S-1-5-21-2926032088-3883841205-485596375-1000 -> {9F5FC505-FAC3-445D-8D0B-5AE504A35EFB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN40020705493019813&UM=2 SearchScopes: HKU\S-1-5-21-2926032088-3883841205-485596375-1000 -> {ED93FE06-0AF4-47DA-AC3B-9A395744850C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 Toolbar: HKLM-x32 - No Name - {37153479-1976-43c3-a1ee-557513977b64} - No File Toolbar: HKU\S-1-5-21-2926032088-3883841205-485596375-1000 -> No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File FF SearchPlugin: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\tfsavrwy.default\searchplugins\safeguard-secure-search.xml CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M330C7560-0B76-403C-A221-CB614C3EAC01&SearchSource=55&CUI=&UM=6&UP=SP0BE21310-06DC-4BF9-B7AE-37346D72FDF6&SSPV= CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\Jason\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found] 2015-03-07 00:16 - 2013-10-26 11:35 - 00000000 ____D () C:\ProgramData\Conduit 2015-03-07 00:15 - 2013-10-27 01:05 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DigitalSite 2015-03-07 00:15 - 2013-10-26 11:35 - 00000000 ____D () C:\Users\Jason\AppData\Local\CRE 2015-03-07 00:05 - 2013-10-27 01:05 - 00000292 _____ () C:\Windows\Tasks\DigitalSite.job 2014-12-02 19:51 - 2013-01-14 10:34 - 0007680 _____ () C:\ProgramData\Z@!-7db1b044-bfc2-473c-a627-84c2e0908afe.tmp 2014-12-02 19:51 - 2013-01-14 10:34 - 0007168 _____ () C:\ProgramData\Z@S!-a3803127-b398-4f43-95b6-b778f54a140f.tmp Task: {2056ECBF-8511-4BC1-84B9-97C0BD60A2A4} - System32\Tasks\DigitalSite => C:\Users\Jason\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {3CFD555E-72F3-4E41-B213-0871C101D4B3} - \RocketTab No Task File <==== ATTENTION Task: {96AF29D9-A9F5-475D-AA2C-663497F2649F} - \RMCreator No Task File <==== ATTENTION Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Jason\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\Users\Jason\Desktop\dr.eternity.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Jason\Desktop\dr.eternity.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Jason\Desktop\Dr.eternity2.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Jason\Desktop\Dr.eternity2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

SET PUP’s ACTIVE

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP’s) "

https://dl.dropboxusercontent.com/u/73555776//pups.JPG

After Rednose’s comment, I enabled “scan for PUPs” and the problem now appears to be solved. I should’ve known it was something simple.

Did you run the suggested fixes ?

No, I enabled scan for pups before I even got the fixes.

essexboy made a fix for you to remove leftover crap files and clear your browsers with adwcleaner

No, you should still apply Essexboy’s fix, and follow his recommendations !

Greetz, Red.