Malicious URL message keeps popping up

[tes015]

I keep getting a red malicious URL message popping up. It tells me that avast Network shield has blocked a harmful site.

Object  http://includeit.info/include.|s?id=|S25
Infection: URL:MAL
Process: C:\ProgramFiles\Google\Chrome\Application\chrome.exe

Ran malwarebytes quick scan and nothing showed up. Running a complete scan now. So far nothing found

[Asyn]

Please attach your logs.
http://forum.avast.com/index.php?topic=53253.0

[tes015]

MBAM log

[tes015]

Other logs

[SafeSurf]

I am going to refer you to our Certified Malware specialist, named Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time, but on weekends earlier usually.  He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the logs.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Do not use this machine unless Essexboy or another malware removal specialist instructs you do to malware removal instructions; use a different machine to check email, sync your phone or other devices.

Let us know if you have any questions.  Thank you.

[essexboy]

Let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
  IE - HKU\S-1-5-21-3729517373-780162555-934271568-1005\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://mumbojumbo.start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
  FF - prefs.js..extensions.enabledItems: {35933438-E8AE-4A56-A78B-3582E28C97E5}:1.9.1
  FF - prefs.js..extensions.enabledItems: {40FD30BB-5C5B-4444-9885-97F1FB18A3E7}:1.9.1
  FF - prefs.js..extensions.enabledItems: {8258C202-FFB3-4DB3-8316-0E55FB593352}:1.9.1
  FF - prefs.js..extensions.enabledItems: {28D0CC5B-8A76-4256-BA49-5CA20E1529CB}:1.9.1
  FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
  FF - prefs.js..extensions.enabledItems: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17}:1.0.27
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 5555
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{35933438-E8AE-4A56-A78B-3582E28C97E5}: C:\Documents and Settings\Tammy Smith\Local Settings\Application Data\{35933438-E8AE-4A56-A78B-3582E28C97E5} [2010/06/19 16:45:59 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{40FD30BB-5C5B-4444-9885-97F1FB18A3E7}: C:\Documents and Settings\Mel Mel\Local Settings\Application Data\{40FD30BB-5C5B-4444-9885-97F1FB18A3E7} [2010/06/19 23:35:28 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8258C202-FFB3-4DB3-8316-0E55FB593352}: C:\Documents and Settings\Keith\Local Settings\Application Data\{8258C202-FFB3-4DB3-8316-0E55FB593352}\ [2010/06/20 17:43:43 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{28D0CC5B-8A76-4256-BA49-5CA20E1529CB}: C:\Documents and Settings\Shelby\Local Settings\Application Data\{28D0CC5B-8A76-4256-BA49-5CA20E1529CB}\ [2010/06/20 17:43:42 | 000,000,000 | ---D | M]
  [2011/10/16 18:17:32 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
  [2011/10/16 18:17:19 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
  [2011/09/24 22:23:11 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Documents and Settings\Tammy Smith\Application Data\Mozilla\Firefox\Profiles\ok2jeig8.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
  [2011/07/30 21:06:18 | 000,001,467 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1349366828.xml
  O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Tammy Smith\Application Data\Complitly\Complitly.dll (SimplyGen)
  O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
  O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
  O3 - HKU\S-1-5-21-3729517373-780162555-934271568-1005\..\Toolbar\WebBrowser: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL File not found
  
  
  :Files
  C:\Program Files\StartNow Toolbar
  C:\Documents and Settings\Tammy Smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
  C:\Documents and Settings\Tammy Smith\Application Data\Complitly
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[tes015]

Here's the other logs. The malicious warning did not come up this time when I logged onto the internet.

[essexboy]

Could you surf around for a bit , then when you are happy run OTL and hit the cleanup button 

[tes015]

Okay thanks.