Hi, after this I would like you to re-install Avast and let me know if the problem recurs
Uninstall ChromeUnless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them -
Export Bookmarks2. Then I need you to go
Google Sync and sign into your account
3. Scroll down until you see the
"Stop and Clear" button and click on the button. At the prompt click on
"Ok"4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer .
NEXTCAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open
notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3766729113-1246661115-1794795006-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3766729113-1246661115-1794795006-1000 -> ÛŸÆîZ§’2¹Þpv¨IÍá�*X(Ž2s��(ÛÎÀJºÔÓµ± �vË°!×—(ä¼48и�patm6êo�^Mp`�Ëõ÷_i£w˜¾!„Áû�†x¢8€ÙjÀÿþ ´Ñ;áa´�[¦†8 º~RÙxœòÜ8'£-)�xä URL =
Toolbar: HKU\S-1-5-21-3766729113-1246661115-1794795006-1000 -> No Name - {6A417353-8201-41DE-AF84-B551615B5F63} - No File
CHR Extension: (Google Drive) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (YouTube) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\MADALENA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
2015-04-01 22:40 - 2015-04-02 16:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-24 00:52 - 2015-03-25 11:53 - 00000000 ____D () C:\ProgramData\{2d219ae8-adb0-f3b7-2d21-19ae8adb6ba2}
2015-04-02 17:22 - 2013-12-28 00:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 17:21 - 2014-08-28 16:23 - 00000434 _____ () C:\Windows\Tasks\newSI_4396.job
Task: {1176A541-A384-4951-9155-BA0D83D3B770} - System32\Tasks\{46E88E55-0731-456E-A3F3-9DB5E7740BD7} => pcalua.exe -a C:\sj646\setup.exe -d C:\sj646
Task: {37EF97A7-E329-42A2-8011-6D26465C97AD} - System32\Tasks\RegCure Pro => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {60797C5D-C06B-487B-9922-F3A51383925B} - System32\Tasks\Steam-S-1-8-22-9865GUI => C:\Users\MADALENA\AppData\Roaming\XMedia Recode\Reversed\steam.exe <==== ATTENTION
Task: {AE98C30E-BD76-4929-BEBD-A12E53E87CA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\MADALENA\Application Data:NT
AlternateDataStreams: C:\Users\MADALENA\Application Data:NT2
AlternateDataStreams: C:\Users\MADALENA\AppData\Roaming:NT
AlternateDataStreams: C:\Users\MADALENA\AppData\Roaming:NT2
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
C:\Users\MADALENA\AppData\Local\Google\Chrome
C:\Program Files (x86)\Google\Chrome
C:\ProgramData\whlb32g.dll
C:\Program Files\AVAST Software
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mobogenie
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as
fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THENPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
Download
Avast Uninstall Utility to your
Desktop.
Download the correct version of Avast
Avast FreeAvast ProAvast Internet SecurityAvast PremierDisconnect from the net
Uninstall Avast via control panel
- Run the uninstall tool and accept the reboot to safe mode
- Once complete reboot your system
- Reinstall Avast
----------
