avast web shield keeps popping up

Hi

Every time I go on the internet, the avast web shield keeps popping up over and over again. Not sure what has infested my computer. I have installed malwarebytes (free edition) and scanned the computer. It finds loads of stuff, does it’s thing and then next time I am on the computer, the same thing happens. I am not very technical, so any help I could get would be great.

Thanks
Sue

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Here are the scan logs. Not sure whether they sent last time. Thanks for helping

OK, now you’ve to wait. As many experts are on holiday or busy, it might take a while…

Thank you. I will wait to hear back.

Hi there. Has anybody had a chance to look at this yet? REally could do with some help.

Thanks
Sue

Hi sorry that we missed you

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: GroupPolicyUsers\S-1-5-21-2360735211-315669688-3937860421-1078\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2360735211-315669688-3937860421-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URLSearchHook: HKU\S-1-5-21-2360735211-315669688-3937860421-1000 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File URLSearchHook: HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1077-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_other&cd=2XzuyEtN2Y1L1QzutDtDtCyDzztAtCyC0CtCtCzzyC0Czy0FtN0D0Tzu0SzztDzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtB0A0EtByB0ByCtGtDyBtA0AtGtC0DyEtDtG0B0AzytDtGtByEtCzy0B0ByE0DyB0FtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAyD0FtBzzzyyEtGyDyE0DzztG0AyCyBzytGtCyEzztDtGyD0F0C0DyCyC0Dzy0AyD0B0E2Q&cr=211875779&ir= SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1077-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1077-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_other&cd=2XzuyEtN2Y1L1QzutDtDtCyDzztAtCyC0CtCtCzzyC0Czy0FtN0D0Tzu0SzztDzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtB0A0EtByB0ByCtGtDyBtA0AtGtC0DyEtDtG0B0AzytDtGtByEtCzy0B0ByE0DyB0FtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAyD0FtBzzzyyEtGyDyE0DzztG0AyCyBzytGtCyEzztDtGyD0F0C0DyCyC0Dzy0AyD0B0E2Q&cr=211875779&ir= SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1078-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyDzztAtCyC0CtCtCzzyC0Czy0FtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0ByC0FyE0FtAtGtBtAtDtCtGtBtD0DzztG0AtC0FtDtGyE0CzyyEyByEtDtCyByDzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyC0D0EyCtAyEtGtB0FtDtCtGzz0DyEtCtGtBtB0AtAtGyD0EyB0DyEtA0BtByEzy0EyE2Q&cr=1928725118&ir= SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1078-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyDzztAtCyC0CtCtCzzyC0Czy0FtN0D0Tzu0SzztDyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0ByC0FyE0FtAtGtBtAtDtCtGtBtD0DzztG0AtC0FtDtGyE0CzyyEyByEtDtCyByDzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyC0D0EyCtAyEtGtB0FtDtCtGzz0DyEtCtGtBtB0AtAtGyD0EyB0DyEtA0BtByEzy0EyE2Q&cr=1928725118&ir= SearchScopes: HKU\S-1-5-21-2360735211-315669688-3937860421-1078-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKU\S-1-5-21-2360735211-315669688-3937860421-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2360735211-315669688-3937860421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} S3 gtermddo; \??\C:\Users\nicholas\AppData\Local\Temp\gtermddo.sys [X] Task: {02AB8792-477A-4084-B789-B520152A268E} - System32\Tasks\{28A610A1-3FB0-4D08-8D9C-C1FDB918504A} => pcalua.exe -a F:\autorun.exe -d F:\ Task: {0319B68F-E6BF-4C83-8E7E-E783DD1599FD} - \Optimizer Pro Schedule No Task File <==== ATTENTION Task: {0EC249DA-A9E0-4F5B-B2B7-77F7D6F53F4A} - System32\Tasks\{7D03727F-ACBC-4D24-A754-CD4263D5B8C2} => pcalua.exe -a C:\Users\nicholas\Desktop\delta201Setup.exe -d C:\Users\nicholas\Desktop C:\Users\nicholas\AppData\Local\Temp\gtermddo.sys C:\Windows\Tasks\{E899F45A-0425-4E9C-A371-7B4B77A7B818}.job EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Many thanks for responding.

I have completed all you suggested. Here is the log from adwcleaner

Sorry, I forgot to say, the alerts are still popping up.

Did you run the fix with FRST…? If so, post the log.

Could you also attach a screenshot of the Avast popup

Hi, here is the fixlog and also a screenshot. Each time the shield pops up, the object is different.

Do you get the same alert for IE and Firefox ?

Idon’t usually use IE, but I have just tried it and they do not appear to pop up with IE. Don’t have firefox.

OK that confirmed my suspicion that it is hiding in Chrome somewhere.

First back up your bookmarks :

Export bookmarks from Chrome
1.In the top-right corner of the browser window, click the Chrome menu Chrome menu.
2.Select Bookmarks > Bookmark Manager.
3.Click the “Organise” menu in the manager.
4.Select Export bookmarks.
5.Save to the desktop

Chrome will export your bookmarks as an HTML file, which you can then import into Chrome after the reset.

Reset your browser settings :

1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings”, click Reset settings.
5.In the dialogue that appears, click Reset.

Now restart Chrome … Do the alerts still appear

That appears to have worked. Marvellous, thank you very much.

Any further problems before I tidy up ?