I’ve uninstalled Webroot SecureAnywhere, I’ve been having it regularly disabled while using avast. Is there any way I can completely clear chrome/google from my desktop and reinstall chrome?

Re-installed chrome and alerts came back, Figure I’ll just leave it uninstalled until everything is sorted out.

Hi,

Since I see nothing in posted logs (and we have been run&analyzed OTL,Zoek,FRST and ComboFix) and no one sees malware.
This may be avast FP’s. Can’t tell as you are malware free. I can only run powerfull AntiRootkit diagnosis as this checks works on a system-core level.

If you wish AntiRootkit Check, run Gmer tool:

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer1 );

[*]Right-click wherever in the GMER’s window and select Options > 3rd party - click the Scan button;
[*]Please wait until the full scan is complete;
[*]Click Save … button and save report to Desktop (named Gmer2 );
note: time scan for Gmer2 log may take some time

[*]Click the >>> and select Autostart card;
[*]After quick scan, click Copy button;
[*]Open notepad and Paste text. Save report to the Desktop (named Gmer3 )

Attach here all Gmer logreports. (Gmer1; Gmer2 and Gmer3)

I’ve run Gmer and the 3 logs are attached, it readily found a number of hidden files with just the opening search.

Hi,

Just to let you know, do not be alarm on Gmer’s “RootKit” pop-ups at Gmer primary and 3rd party scan. These flaged drivers…well they belong to avast.
But I want to perform some additional checks + to delete some non-active value key that Gmer pointed out …
I shall use FRST’s Script for that.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" /v "{23170F69-40C1-278A-1000-000100020000}" /f
File: C:\Windows\system32\conhost.exe
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Alright, I’ve run FRST64 and the log is attached.

Hi,
I’ve seen your PC as malware free. It is time to remove used tools.

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

Thanks for your help, Uninstalled Combofix and ran DelFix. When installing chrome again the alerts come back, I’ll try using firefox for awhile.

Sorry. I can’t fix what I don’t see, as I can’t find any problem. Try to run these tools aswell.
But know that if these tools find something, theye are only inactive remains … maybe some of them revolt avast to create pop-ups …

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

THEN

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.

Sorry for the late reply, I’ve run both programs and attached both logs.

Just as I expected … they find nothing.

Run AdwCleaner and hit [Uninstall] button. JRT delete manual.