I’ve been getting pop ups from Avast on and off for about 3 weeks. The pop up states that an attempt to reach some web site url has been blocked and that the request came from C:\Windows\Explorer.exe
When I first saw these notifications I ran a full scan with Avast, which found nothing. I also ran a complete scan with Malwarebytes, which also found nothing. I then booted into Safe Mode and re-ran the scans. Avast again found nothing while Malwarebytes did quarantine a handful of files and registry entries.
It appeared everything was good for a few days but then the pop ups started again. So, I went through the steps outlined in the sticky at top of this forum and the log files are attached. Any assistance would be greatly appreciated.
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
GroupPolicyUsers\S-1-5-21-2906135931-3338677851-3029852863-1004\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {12A5B8E6-3AD9-4498-BAF2-97D51368B7D2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2906135931-3338677851-3029852863-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
2014-10-30 21:37 - 2014-10-30 21:37 - 00003136 _____ () C:\Windows\System32\Tasks\{C168FA08-DD23-4128-BB5C-46CDF2E097AA}
2014-10-22 17:47 - 2014-11-20 19:26 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
CustomCLSID: HKU\S-1-5-21-2906135931-3338677851-3029852863-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\apphelp.dll No File
CustomCLSID: HKU\S-1-5-21-2906135931-3338677851-3029852863-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.