Trovi and malware virus

[REDACTED]

Hello

I can't seem to remove some malware, ie, shopop and trovi.  I have PUP enabled on avast and scanned but didn't seem to work.  Any help would be great.  I followed some information on this forum, but nothing has worked so far. 

Thanks and Happy Thanksgiving

b

[Pondus]

how to get help instructions   https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Hello

I've tried that already and every time I try and download malwarebytes I get an error:

ShellexecuteEx failed; code 1314.
A required privilege is not held by the client

Thanks for the response

[Pondus]

if problem with one tool .... move to next .... Farbar Recovery Scan Tool is the important one

attach requested logs

[REDACTED]

That didn't download either...

A required privilege is not held by the client

[essexboy]

Is it a 32bit system or 64bit

[REDACTED]

Hello

64 bit

I got it to work...however, whenever I want to use google chrome, I still get that trovi site popping up, even when I uninstalled google chrome and reinstalled.  And I went through what was suggested, but it's still lingering.

Thanks

[Pondus]

And I went through what was suggested, but it's still lingering.

and where are the logs?

[essexboy]

This link is different

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Select  additions at the bottom
• Press Scan button.
  
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach both logs generated.

[REDACTED]

Hello

Here are the attachments.

Thanks for your help.

[REDACTED]

I also used junkware removal tool, but that didn't work either.

[essexboy]

Ok let me know if this kills it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
ProxyServer: [S-1-5-21-497700538-1024835446-2164638275-1001] => http=127.0.0.1:49717;https=127.0.0.1:49717
HKU\S-1-5-21-497700538-1024835446-2164638275-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-497700538-1024835446-2164638275-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M959A5700-9F58-417D-9B20-22F13B4E1810&SearchSource=55&CUI=&UM=6&UP=SP961BA957-DF5C-4351-9AB0-DB3B16161BD5&SSPV=SP21830TB_sp_ch
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M959A5700-9F58-417D-9B20-22F13B4E1810&SearchSource=55&CUI=&UM=6&UP=SP961BA957-DF5C-4351-9AB0-DB3B16161BD5&SSPV=SP21830TB_sp_ch", "https://www.google.com/?trackid=sp-006", "hxxp://Vosteran.com/?f=7&a=vst_cmi_14_48_ch&cd=2XzuyEtN2Y1L1QzuyCzzzyyEtBtA0B0EyDtAtC0CtCzzzztCtN0D0Tzu0StCtDyCtCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBzz0DzzyDtBzz0BtGzyyCyDtAtGzy0Ezz0BtGzzyC0EzytGtA0F0A0DyByEtCzytA0EtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0F0E0FtBzztAtGtDtBtBtBtGyEtDtByEtG0ByDzz0AtG0ByCyEyBtC0ByC0CtAtD0CyE2Q&cr=1561476360&ir="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M959A5700-9F58-417D-9B20-22F13B4E1810&SearchSource=58&CUI=&UM=6&UP=SP961BA957-DF5C-4351-9AB0-DB3B16161BD5&q={searchTerms}&SSPV=SP21830TB_sp_ch
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M959A5700-9F58-417D-9B20-22F13B4E1810&SearchSource=69&CUI=&SSPV=SP21830TB_sp_ch&lay=5&p=cnts&UM=6&UP=SP961BA957-DF5C-4351-9AB0-DB3B16161BD5&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
C:\ProgramData\SetStretch.exe
Task: {64908977-7742-442C-8792-DF12A089987A} - \RocketTab Update Task No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

Hello

First off, I don't have that icon of FRST64, so how do I get that?...secondly, I tried downloading that adwcleaner, and it got blocked by avast.

Hey, I really appreciate your help especially since you probably have better things to do...so thanks.

[REDACTED]

Ok, I figured it out.  Here are the attachments.

Thanks

[essexboy]

Have they now disappeared ?