Avast malicious URL Blocked continuously popping up

Since this morning my computer has started to endlessly run malicious URL detected popups. Could anyone help me with this?
I ran a boot-time scan, it detected 10 threats and all of them were successfully moved to the chest. But the pop ups keep spamming my screen

Thanks,

Franjc

Could you post a screenshot of the alert

Here

Could you follow the steps in this thread and attach the logs here

http://forum.avast.com/index.php?topic=53253.0

Logs for AdwCleaner

A veritable adware city … When you get time read this blog http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/

Malwarebytes log.

Should I restart my computer now? It’s telling me to do it

I restarted the computer. It’s giving me trouble opening web browsers. I’m currently running the OTL Scan.

Can’t open anything on web browsers. Had to to use a flash drive and my laptop to post this.
OTL and Extra logs.

aswMBR log

Please tell me what to do next. The pop ups keep spamming my screen.

OK lets get at it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
C:\Users\Shaul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
C:\PROGRAM FILES\IB UPDATER
C:\Program Files (x86)\PriceGong
IE - HKU\S-1-5-21-2850971343-1695200756-2869130833-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.3\FF [2012/02/15 22:47:51 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O4 - HKLM..\Run: [iBryte browseforchange Desktop] C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe File not found
O4 - HKLM..\Run: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe File not found

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

:Files
C:\Users\Shaul\AppData\Local\Temp\spqervu

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

When the fix on OTL was done it restarted the computer and this log was on the screen.
I’m doing the quick scan now

Looks like it had problems resetting the registry key. Lets see if combofix catches it

Quick Scan log.
By the way, the red malware window hasn’t popped out since the computer restarted

Yes it has been disabled now and the files are gone but, we still need to reset that registry key

Combofix log. Should I restart my computer now?

Yes please, I will check the log now :slight_smile:

How is the computer behaving now ?

OK I just restarted the computer. No pop ups until now. The OTL program though starts as soon as the computer is done restarting. Should I uninstall it?
Thank you so much for all your support.