Pop-ups on shutdown and repeated IP address block

Hi.
My Windows 7 machine with Avast Free has these symptoms

  1. When I shut down, there appears to be a flash screen window that pops up as Windows shuts down, sometimes blank, sometimes showing random-looking text or logos e.g. “Allvoices - write for the world’s top brands” and “Congratulations you’ve won” etc.
  2. I repeatedly get the following threat blocked.
    URL: htxp://104.193.252.236/adsc.php?sid=1957
    Infection: URL:Mal
    Process: C:\Windows\explorer.exe
    3 I’ve been struggling to get all Windows updates installed after a recent fresh installation of Windows 7 SP1 - issues such as the Windows Update getting stuck on “Checking for updates” or “Unable to install updates”

Boot scan and full scan show no threats. The “threat blocked” message came from Avast Free Antivirus by itself - not during a scan. They appear to occur when online and running IE or Windows Update.

Can you advise? Thx

Please attach the logs as explained in the sticky at the top of this forum to your next post.

Hi. Logs attached. Malwarebytes identified 5 threats. So I gather I’m clean now. No more pop-ups on shut-down. Curious that Avast doesn’t pick up what Malwarebytes did. Presume the Windows Update is a Windoze problem which I’ll deal with separately. Thx

There is no tool that detects everything.
MBam is good, but very limited.
It only checks executables, nothing else.

Although the pop-ups are gone,it doesn’t mean the system is clean.
One of the listed malware removers will soon have a look at the logs and let you know if there is something that need to be done.
Please do not change anything on the system for now.

Could you let me know if you are experiencing any problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: 2016-05-04 12:06 - 2016-05-04 12:06 - 0000003 _____ () C:\ProgramData\B9F238AB4F78.dat Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Thank you for following up. This infection is now resolved. Following the debacle I found several problems related to updates involving missing or corrupted dlls so I reinstalled Windows - quicker and cleaner in the end. Apologies for having you continue reviewing while I did this.

No problem :slight_smile: