I keep getting the pop ups from Avast that says “Avast web shield has blocked a harmful webpage or file”. been reading some threads about it. also followed the instructions at the “Logs to assist in cleaning malware”. so attached here are the logs generated from the programs. any help would be highly appreciated. thanks.

Hi the first thing you must do is uninstall Chrome, you can re-install once we have finished

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: [S-1-5-21-3806116259-2701564684-460816932-1001] ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: [S-1-5-21-3806116259-2701564684-460816932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/15&hid=2324403327642007347&lg=EN&cc=PH&unqvl=82 SearchScopes: HKU\S-1-5-21-3806116259-2701564684-460816932-1002 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/15&hid=2324403327642007347&lg=EN&cc=PH&unqvl=82 SearchScopes: HKU\S-1-5-21-3806116259-2701564684-460816932-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/15&hid=2324403327642007347&lg=EN&cc=PH&unqvl=82 SearchScopes: HKU\S-1-5-21-3806116259-2701564684-460816932-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1091&r=2015/02/15&hid=2324403327642007347&lg=EN&cc=PH&unqvl=82 FF DefaultSearchEngine: WebSearch FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=1091&r=2015/02/15&hid=2324403327642007347&lg=EN&cc=PH&unqvl=82&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: WebSearch FF SelectedSearchEngine,S: WebSearch FF Extension: youtubeadblocker - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\i334dn59.default\Extensions\pPlKxH@IU3.edu [2015-02-16] FF Extension: UniiDealsi - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\i334dn59.default\Extensions\sForJayIz@ID.net [2015-02-16] CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/?cid={3FB89E2A-8894-4782-8604-B4D75C6721F3}&mid=1537aaf7d28a47d389f9d16f6480c854-b5163dd50f11eb58a630e12862eaec01f838c7ac&lang=en&ds=is015&pr=sa&d=2013-06-24 10:44:07&v=15.2.0.5&pid=safeguard&sg=0&sap=hp", "hxxp://www.default-search.net?sid=476&aid=104&itype=n&ver=12349&tm=347&src=hmp", "hxxp://www.default-search.net?sid=476&aid=104&itype=a&ver=12627&tm=347&src=hmp" CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09] CHR Extension: (Avast SafePrice) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-15] CHR Extension: (Select and Speak) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2015-02-15] CHR Extension: (Avast Online Security) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-09] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-09] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] HKU\S-1-5-21-3806116259-2701564684-460816932-1002\...\Run: [GoogleChromeAutoLaunch_65E5181ECE61BC684C401CB8CBBA7B70] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) HKU\S-1-5-21-3806116259-2701564684-460816932-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_65E5181ECE61BC684C401CB8CBBA7B70] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2015-02-15 11:35 - 2015-02-16 18:57 - 00000000 ____D () C:\Program Files (x86)\Select and Speak 2015-02-15 11:31 - 2015-02-16 18:57 - 00000000 ____D () C:\Program Files (x86)\UniiDealsi 2015-02-15 11:31 - 2015-02-15 11:31 - 00000000 ____D () C:\ProgramData\kfeljjkkgbfegpnmakhhpfdolmoodfbk 2015-02-15 11:31 - 2015-02-15 11:31 - 00000000 ____D () C:\ProgramData\4970935420550119281 2015-02-15 11:29 - 2015-02-15 14:03 - 00000000 ____D () C:\ProgramData\{e1a7f783-a466-566e-e1a7-7f783a46de0e} 2015-01-26 13:33 - 2015-01-26 13:33 - 00051881 _____ () C:\Users\ACER\Downloads\2e6596d0277b99ddcbe56957339604c9d387cfb0.zip Task: {75AE871C-A1B9-4EAD-A05D-932934EDFAE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.) Task: {D24AA5A4-5956-4D23-A24E-891A43BB6F63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\ACER\AppData\Local\Google\Chrome C:\Program Files (x86)\Google\Chrome C:\Users\ACER\AppData\Local\Temp\0FD8B0d6A673 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Here are the 2 new log files

I’ve had the same problem for the last couple of weeks. I read somewhere in this forum that one of the steps for finding and removing the source of this problem was to clean out the browser add-ons. That was the first thing I did, and I noticed that somehow “Search Suggestions” had been enabled for the Bing browser. I turned that off and the pop-ups seem to have stopped. After I did that, I needed to log off, so I didn’t try any of the other steps. Is it possible that this may be a way of avoiding the effects of this virus, or was it just a coincidence?