URL Malware / svchost.exe

[Timmehxx]

Hello everyone,

My avast keeps giving me the message :

Object : http://skegnessasc.org/accounts/stylesheets.css
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
(added a jpg)

I have run SEVERAL anti malware softwares and non can find the culprit.
This even happens when I am not using a browser and I am just on the desktop.

Malwarebytes Anti-Malware
Search & Destroy
Hitman Pro
Rogue Killer
Adware Cleaner

(an no not all at the same time one by one)

I can't add the aswMBR log as it keeps crashing when it reaches C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.

Any help would very much be appreciated

[Timmehxx]

Possibly fixed it myself with ComboFix

Have not gotten a message since I have ran it

[Eddy]

Please post new Farbar logs and let us have a look.

[mikaelrask]

hey also attach the logs from combofix. combofix should not be run without an expert instruction it can make your computer unbootable.

[Timmehxx]

Here you go!

I normally am able to fix all of my own computer problems but seeing as this was a very stealthy bug i decided to get some help but then fixed it right after asking it.
I do hope I fixed and if so that these can help someone else in case they get the same problem!

[Eddy]

I see several things that still need to be fixed.

Did you set/use a proxy server?

[Timmehxx]

Not using any proxies

did use VPN for a while but secureline is currently uninstalled

uhh.. Hamachi is installed and I recently uninstalled Tunngle if that helps

[essexboy]

Combofix clears the BIT's job the same as I would do and that is where the adware resides

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1776179238-3159533700-1341010490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-13]
CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.