Every day when i turn on my laptop and several times an hour Avast is blocking this site showing me a popup window

http://198.105.244.68/usappex/i/4F/BF5D10D17298697A69B46D205227BD_w150_h150_m7.jpg

Avast says it blocked that file from accesing Chrome and another time that it blocked svchost.exe

Is it possible tht this site is trying to acces my computer?
Cause several malware scanners did not find anything on my device.

Any help ?

Please follow the instructions and attach the logs to your next post.
https://forum.avast.com/index.php?topic=53253.0

Here are my logs
I appreciate any help.

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-18\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe C:\Program Files (x86)\Safe Browsing Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Well the problem still occur.
For a second I suspected that maybe I used this address as speeddial thumbnail in my browser, but they all seem to be fine .
But it’s constantly same address that is blocked.
Maybe I should report that as false positive ?

Could you run Chrome in incognito mode and let me know if the alerts cease or continue https://support.google.com/chrome/answer/95464?hl=en-GB

I done that and problem stopped. At least for few hours.
So It’s probably one of Chrome’s extension.
I cleared cache of Ublock Origin and so far no popups.
Will see tomorrow.
Thanks

OK let me know the result please

Nope. still the same.

This time new attack from

“http://198.105.244.68/ct.js”

should I add false positive rule to stop this popups?

So it is not there in incognito but it reappears when you run Chrome normally ?

Yes,
That address from post #1 just no tried to connect with svchost.exe, right after i turned my laptop on. Avast blocked it of course, and I didn’t even run Chrome this time.
I got some knowledge about viruses and Malware cause I dealt with them in the past but something like this is weird and new to me
I like the fact that Avast is blocking it, but these popups showing several times an hour are a bit frustrating.

Re-install Chrome
Chrome is probably infected deep down

1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
4. Now we need to uninstall chrome.
   Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Then run a fresh FRST scan please

I uninstalled Chrome and deleted all google folders from AppData/local etc. generaly from every place I could find.
And straight after restarting computer I got 6 popups that Avast prevented this and some other websites addresses from accesing svchost.exe
I reinstalled Chrome but after few hours of using these dam popups continued to appear.

OK lets reset the network connections… Is this the only computer that experiences this ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Well no popus since computer restart. Lets hope it will stay like this.

AdwCleaner v5.031 - Logfile created 30/01/2016 at 12:16:21

Updated 25/01/2016 by Xplode

Database : 2016-01-25.3 [Server]

Operating system : Windows 10 Pro (x64)

Username : Mariusz - MARIANO

Running from : C:\Users\Mariusz\Desktop\AdwCleaner.exe

Option : Cleaning

Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : windows-7-usb-dvd-download-tool.softonic.pl
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchgol.com
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : open-fm.softonic.pl
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : windows-theme-installer.en.softonic.com
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : koszulkowo.com
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hdd-regenerator.en.softonic.com
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : avg-rescue-usb.softonic.pl
[-] [C:\Users\Mariusz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=3CF2001644A980F2&affID=119357&tsp=5016

:: “Tracing” keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2033 bytes] ##########

If all is well tomorrow then let me know

I was about to write that my problem is solved but then BAMMM. Again, blocked infection.
I am happy that avast is blocking this, but can he do it in the background? Without noticing me several times an hour?
I am sure my system is free of viruses and Malware now.

It appears that a legitimate programme has a jpg stored on a bad site

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.

This Is the only computer that is experiencing this magic.
no changes . Still one popup after another,
I am happy that Avast keeps blocking them. But can this be done in background?

Could you screenshot the last popup and post that please