Avast not removing eDeals Malware

[REDACTED]

And the next round of logs.
Have I forgotten anything?

Cheers

Stuart

[REDACTED]

How is your PC?

[REDACTED]

It seems the same.
eDeals is still popping up all over the place as is FilmOn.com, Voucher Giveaway and some berk who says he's English but talks with and pure american accent trying to sell me a secret to making shit loads of money.

Thanks for helping though.

Whats next?

[REDACTED]

Every browser?

[REDACTED]

Not sure what you mean by "every browser".

I only use Google Chrome (and that comes up with the error that it can't find a proxy server most of the time). That is under my user account.

The issue seems to be worse under my wife's user account, with more frequent and just simply more pop up windows, if that is possible.

What do you need me to do next?

[REDACTED]

Reset Chrome by perusing this and provide me a fresh FRST scan log.

[REDACTED]

Done and done.

Hopefully, attached are the right logs.

BTW, I still have MBAM running in the background. Is this okay?

[REDACTED]

• Step #4 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --

Code: [Select]

Start
Closeprocesses:
Emptytemp:
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2457115571-3965115341-3941088439-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stuie\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:021703B2
AlternateDataStreams: C:\ProgramData\TEMP:0785072C
AlternateDataStreams: C:\ProgramData\TEMP:0ACF1AF5
AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5
AlternateDataStreams: C:\ProgramData\TEMP:0F64164E
AlternateDataStreams: C:\ProgramData\TEMP:12258D63
AlternateDataStreams: C:\ProgramData\TEMP:12A012A1
AlternateDataStreams: C:\ProgramData\TEMP:1604D047
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC
AlternateDataStreams: C:\ProgramData\TEMP:18B5F839
AlternateDataStreams: C:\ProgramData\TEMP:195E8317
AlternateDataStreams: C:\ProgramData\TEMP:1A5822A3
AlternateDataStreams: C:\ProgramData\TEMP:1B61A2D1
AlternateDataStreams: C:\ProgramData\TEMP:1D8551A3
AlternateDataStreams: C:\ProgramData\TEMP:1E2D49E0
AlternateDataStreams: C:\ProgramData\TEMP:2211E7A0
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:2636DE16
AlternateDataStreams: C:\ProgramData\TEMP:2658F5EB
AlternateDataStreams: C:\ProgramData\TEMP:28BE9DE0
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F384CF4
AlternateDataStreams: C:\ProgramData\TEMP:2F474C84
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:371060CE
AlternateDataStreams: C:\ProgramData\TEMP:391535F9
AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C
AlternateDataStreams: C:\ProgramData\TEMP:3C8B784A
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:4EE95FE7
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:5164A01F
AlternateDataStreams: C:\ProgramData\TEMP:52329B88
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:55F44B88
AlternateDataStreams: C:\ProgramData\TEMP:56C66609
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:62AF94A0
AlternateDataStreams: C:\ProgramData\TEMP:69FE2EE4
AlternateDataStreams: C:\ProgramData\TEMP:6DD124E2
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:7254CF01
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1
AlternateDataStreams: C:\ProgramData\TEMP:8967C154
AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3
AlternateDataStreams: C:\ProgramData\TEMP:927EC486
AlternateDataStreams: C:\ProgramData\TEMP:9338F136
AlternateDataStreams: C:\ProgramData\TEMP:94A19129
AlternateDataStreams: C:\ProgramData\TEMP:95079543
AlternateDataStreams: C:\ProgramData\TEMP:95D421DF
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:9AE67195
AlternateDataStreams: C:\ProgramData\TEMP:9AEE100C
AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:9E05DEB0
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A13B696A
AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:BC1F7CAE
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:C370B84F
AlternateDataStreams: C:\ProgramData\TEMP:C43C957E
AlternateDataStreams: C:\ProgramData\TEMP:C6104C4F
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC386FD2
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E5496666
AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
AlternateDataStreams: C:\ProgramData\TEMP:E99D1D3C
AlternateDataStreams: C:\ProgramData\TEMP:EA9D8B40
AlternateDataStreams: C:\ProgramData\TEMP:ED51D3ED
AlternateDataStreams: C:\ProgramData\TEMP:F5B51004
AlternateDataStreams: C:\ProgramData\TEMP:F5E8CAE0
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72
AlternateDataStreams: C:\ProgramData\TEMP:FB08C210
AlternateDataStreams: C:\ProgramData\TEMP:FD7DCDA6
ProxyServer: http=127.0.0.1:16512
End

• • Click on File > Save as...
    
    • Inside the File Name box type fixlist.txt
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Attach the log in your next reply.

• Required Log(s):
  
  • FRST Fix Log

Regards,
Valinorum

[REDACTED]

Cheers 

[REDACTED]

How is your PC?

[REDACTED]

No real change.

Chrome still pops up with a multitude of crap and eDeals is still highlighting words.

Am I better off just getting a new lappie?

Stuart

[Pondus]

Am I better off just getting a new lappie?

and if you get the same on the new one .... buy another one?

reinstall would be cheaper, anyway, no need for that yet Valinorum has not given up   

[REDACTED]

and if you get the same on the new one .... buy another one?

Why not? It's only money 

Naaaahhh, I'd keep the dodgy one for dodgy stuff and give the clean one to the wife to stop her moaning 

The one thing I have noticed is that it is so much worse on website where you can buy something i.e. snapfish, ebay, department stores etc. Maybe I should tell the missus that she'll have to stop buying shit off the internet for a while until we've saved up for a new laptop!!
PING! Silver lining I see ahead!! 

[REDACTED]

Give me a fresh FRST scan log please.

[REDACTED]

You certainly can.
Here you go.
Oh, and I've included MBAM log as well because in the past couple of days it's been screaming at me constantly.

Cheers.