Avast says it is blocking url mal trying to access win32 svchost. The one from today is blackled.info/3131/appendedit_142237743564187.dll Each time I boot it is a different one. Yesterday it was Blackfight.They all are trying to access win32\svchost. Recently someone gained access to my bank account I hope it wasn’t because of this.

I have a Dell with win 7 professional 64bit. the computer is only about 1 month old. I am running Avast Premier. I ran Malwarebytes, Malwarebytes Anti Rootkit beta, Spybot SD and Avast full system scan. Nothing was found on any scan. I also ran Hijack this. I’ve cleaned out my cookies, history and cache. Please help!

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

O k I will do that. But I want to add today it popped up with http//epictory.com/3131softwareplus_14224259260676.dll A new one everyday.

Are these the correct logs?

Yes, now you’ve to wait a bit…

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: SearchScopes: HKLM -> DefaultScope {89296F80-5696-40B6-95CE-22EC6D7F5DC1} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzy0Czz0CtB0AtBzyyDtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtB0AtDyE0B0BtG0F0EyEyDtGyD0AtD0FtGzytCyCtBtGyByBtCzzyB0ByEzytA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0AyEtBtB0FzytCtGyEtD0CtCtGyEyDzzyEtG0A0FtAtCtGyBzytDyD0DyDyDtA0FyCyB0C2Q&cr=426665202&ir= SearchScopes: HKLM -> {89296F80-5696-40B6-95CE-22EC6D7F5DC1} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzy0Czz0CtB0AtBzyyDtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtB0AtDyE0B0BtG0F0EyEyDtGyD0AtD0FtGzytCyCtBtGyByBtCzzyB0ByEzytA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0AyEtBtB0FzytCtGyEtD0CtCtGyEyDzzyEtG0A0FtAtCtGyBzytDyD0DyDyDtA0FyCyB0C2Q&cr=426665202&ir= SearchScopes: HKU\S-1-5-21-1814408722-1703625289-1128119730-1000 -> DefaultScope {89296F80-5696-40B6-95CE-22EC6D7F5DC1} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzy0Czz0CtB0AtBzyyDtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtB0AtDyE0B0BtG0F0EyEyDtGyD0AtD0FtGzytCyCtBtGyByBtCzzyB0ByEzytA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0AyEtBtB0FzytCtGyEtD0CtCtGyEyDzzyEtG0A0FtAtCtGyBzytDyD0DyDyDtA0FyCyB0C2Q&cr=426665202&ir= SearchScopes: HKU\S-1-5-21-1814408722-1703625289-1128119730-1000 -> {89296F80-5696-40B6-95CE-22EC6D7F5DC1} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzy0Czz0CtB0AtBzyyDtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByCtB0AtDyE0B0BtG0F0EyEyDtGyD0AtD0FtGzytCyCtBtGyByBtCzzyB0ByEzytA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0AyEtBtB0FzytCtGyEtD0CtCtGyEyDzzyEtG0A0FtAtCtGyBzytDyD0DyDyDtA0FyCyB0C2Q&cr=426665202&ir= 2015-01-11 14:51 - 2015-01-11 14:51 - 00000000 ____D () C:\ProgramData\fe3114de00001bfb 2015-01-11 14:47 - 2015-01-11 14:47 - 00000064 _____ () C:\Users\Lorrie\AppData\Local\7ca93fefb668400f0d0bbe727a38ea6c EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

is this the log

Have the alerts ceased

Yes they have problem solved. May I ask you what it was?

It was a downloader using MS bits job. But, as Avast was blocking it then nothing was downloaded

BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C9BA5807-B81B-418A-A2A6-E6B7A62ED3E1}.
{57A3B135-6FD6-45AC-B644-97F5D258AB13} canceled.
1 out of 2 jobs canceled.

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

Thank you so much for your help. Have a great day

URL MAL popping up again this time it’s object- https://54.213.181.100:443/redir
infection- URL MAL
process - program files (x86)mozilla firefox\firefox.exe

Is it ok I post this here? You helped me clean other url mal last week. COULD YOU HELP PLEASE.

Sure, it’s your topic. Attach your logs.