avast! Web Shield has blocked a harmful webpage or file

I am getting constant pop ups stating -

avast! Web Shield has blocked a harmful webpage or file

Examples of further explanation include:

URLhxxp://gm45beta78.com/task/3038/
InfectionURL:Mal

hxxp://find-everything.info/?query=good jobs without college degree

hxxp://trottilez-x8.biz/task/3038/

hxxp://strong-sellos78.org/task/3038/

hxxp://best-my-search.biz/?query=car insurance quotes for rebuilt titles

I followed instructions outlined in another tread regarding this including running Malwarebytes Anti-Malware and the problem persists.

Additional helpful information is attached.

Any assistance would be much appreciated!

Hello,

You have multiple infections on board. Do not use any USB mem. device until I tell you so.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start
File: C:\Program Files (x86)\Miller\Miller.exe
File: C:\Users\Jason\CTX.DAT
CloseProcesses:
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {0a329ad5-633c-11e2-9228-844bf55a9418} - J:\LaunchU3.exe
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {1c53d473-2d5d-11e2-8c69-844bf55a9418} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {84c25b09-f282-11e2-92d8-844bf55a9418} - J:\Setup.exe
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {84c25b23-f282-11e2-92d8-844bf55a9418} - J:\Setup.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
SearchScopes: HKCU - {0CA0591C-6F14-45A7-BF31-364A7FD9CFC5} URL = 
SearchScopes: HKCU - {48F72CC2-85DC-4DB9-BD26-B1434B866662} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123487&q={searchTerms}
SearchScopes: HKCU - {5F49F591-A930-44AE-AA32-0C0582111F13} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN16044707834907199&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6960D5E7-2D30-4A45-AAA0-4CF8D4A23234}&mid=32d17f921e8447d0943b5502b3be7deb-0&lang=en&ds=qw011&pr=sa&d=2012-11-26 11:54:44&v=13.2.0.4&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {99129112-8952-491C-A552-1855154F8E32} URL = 
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jason\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR HKCU\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-05]
Task: {0709AD6F-C2F4-46D3-9B97-A523106FDB0D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {6966CA4C-A809-49A3-AACD-C892278160D3} - System32\Tasks\4688 => Wscript.exe C:\Users\Jason\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
EmptyTemp:
C:\Program Files (x86)\Browsersafeguard
C:\Users\Jason\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
C:\Users\Jason\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx
C:\Program Files (x86)\MediaMall
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.


Download RogueKillerx64 from one of the following links and save it to your desktop:

http://www.adlice.com/softwares/roguekiller/

[*]Close all programs and disconnect any USB or external drives before running the tool.[/]
[*]Double-click RogueKiller.exe to run the tool [/color].[/
]
[*]Once the Prescan has finished, click Scan.[/]
[*]Once the Status box shows “Scan Finished”, click the Delete button.[/
]
When the Status box shows “Deleting Finished”, click the “Report” button to show the log.[/]
[
]Copy and paste the report that opens into your next reply.
[list]
The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs[b]RKreport_DEL_mmddyyyy_hhmmss.log
[*]>>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs[b]RKreport_
DEL_mmddyyyy_hhmmss.log

[/list]


Then read this guide from here and preform the MCShield scanning;
https://forum.avast.com/index.php?topic=53253.0

Post me the AllScan.txt logreprot.


Re-run FRST, press Scan button and post me the fresh FRST.txt logreprot.

Thank you for the response/assistance!

I have attached the Fixlog.txt.

However, every time I run RogueKiller I get a pop-up stating “You are about to be logged off” “Windows must be restarted now because the DCOM server process launch service terminated unexpectedly”.

The pop up occurs shortly after the pre-scan starts and my computer restarts just after the pre-scan finishes.

The pre-scan does find some infections.

Please advise. Thanks!

Ok, re-run FRST …

[*]Double-click to run it.
[*]Check box for Addition log and press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]Tool should makes also another log (Addition.txt). Please attach it to your reply.


Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

I’ve attached the requested files.

Thanks much!

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

File: C:\Users\Jason\CTX.DAT
Folder: C:\Users\Jason\AppData\Roaming\5243b570140ba01a4200f1bf
Folder: C:\Windows\schemas
CloseProcesses:
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Hosts:
HKU\S-1-5-21-2046408403-678403135-1354486067-1001\...\MountPoints2: {a2b2e8c7-2d4a-11e2-a86c-806e6f6e6963} - D:\Autorun.exe
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Thank you!

Go to start → Run → copy/paste the following line in the run box and click OK after each line:

cmd /c del /a /f " C:\Users\Jason\CTX.DAT"

A windows flashes each time, this is normal.

Tell me how is the computer behavior now?

It is running much better now. No more pop ups. My computer did freeze up the last time I ran FRST64 and it wouldn’t re-boot (just windows page displaying). I rebooted in safe mode and went back to the day prior on my computer and it re-booted and after that no more pop ups. Interestingly I don’t see avast in my add/delete programs, although I know it’s still on my computer.

With that last step you advised, nothing seemed to happen when I clicked “OK”.

Not sure if what I wrote above makes sense.

Thank you!

Ok, delete the current FRST and download fresh copy from official link and run the tool. Post me fresh FRST.txt and Addition.txt logreprot.

As for avast! concern, by downloading a fresh setup and running you should be able to repair AV itself and that should be done.

I’ve attached the files.

Thank you!

Hi,

Your security center sees only AVG AntiVirus on board. The avast! drivers and modules are very well active but damaged.

Remove one AV as you shouldn’t run two AV and other leave it be. Then go here …
http://singularlabs.com/uninstallers/security-software/

…or here …
http://www.appremover.com/

…and download antivirus uninstaller tool to remove any leftover. When you done that, post me fresh FRST logs (both of them).