Just like gdavid1055, I am having the exact same issue, with a threat being detected every time I use Google in Firefox or Chrome (it is not affecting IE).
I’m experiencing this as well with every google search. The URI pattern is identical to what you are seeing.
I’ve been poking around my FW logs and I have yet to find a successful connection out to that host. In fact I have no requests going out to that netblock before yesterday afternoon…but in the past 18 hours I have seen a request to this one host for every google search I have made.
I haven’t made any changes to my system…that’s not to say I didn’t catch a drive-by somewhere.
So this morning, when searching in google, I have not had any of the previous notifications from Avast. So, re-run Avast to see if it had cleared, buut now getting the following threat:
html:fblistener-a
Removed, rebooted, and rescanned, and it is still present on my system.
Started seeing the same thing a few days ago and it’s been bugging me. After digging around it seems to be related (at least in my case) to the AS Magic Player browser extension, which comes with the Ace Stream software. I’ve had to delete the Chrome extension altogether for the alerts to stop.
Check your browser for this extension and let me know how you get on.
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
HKU\S-1-5-21-3729994215-325241207-151601611-1001\...\Run: [AceStream] => C:\Users\Paul Robson\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-13] ()
C:\Users\Paul Robson\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.3.0-next -> C:\Users\Paul Robson\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
C:\Users\Paul Robson\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF Extension: AS Magic Player - C:\Users\Paul Robson\AppData\Roaming\Mozilla\Firefox\Profiles\4orzrcsw.default\Extensions\magicplayer@acestream.org
C:\Users\Paul Robson\AppData\Roaming\Mozilla\Firefox\Profiles\4orzrcsw.default\Extensions\magicplayer@acestream.org
C:\Users\Paul Robson\AppData\Roaming\.ACEStream
C:\Users\Paul Robson\AppData\Roaming\ACEStream
C:\_acestream_cache_
C:\Users\Paul Robson\AppData\Roaming\ACEStream\updater\ace_update.exe
HKU\S-1-5-21-3729994215-325241207-151601611-1001\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3729994215-325241207-151601611-1001\...\MountPoints2: {4e381f7d-2b38-11e2-b5a4-0090f5d00348} - G:\MotorolaDeviceManagerSetup.exe -a
Emtytemp:
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
As it seems to be taking screenshots of the webpages I am browsing, and recording them as .png files. Unsure if this is a usual feature of firefox, as I have never checked that location before?
Everything else seems to be running fine, running MBAM and Avast is showing I am clean.