Non-stop Avast "Web Shield has blocked a harmful webpage or file" alerts

[REDACTED]

Thanks; some questions:

* Not sure when you say the OTL log looks like Chinese gobbly-gook. It seems legible to me, in English. However, I'm not familiar with this stuff, so I don't know what it's supposed to look like.
* Did you look at the Farbar logs I attached a little while ago? Did they provide any more info on what is going on?
* When I tried to download Combofix, Avast blocked it. Is this normal-- is this why you say to turn off the anti-virus program?

Thanks,

Allen

[essexboy]

Yes temporarily disable Avast whilst combofix is being downloaded and run

The attached screenshot shows what the OTL log looked like

[REDACTED]

Wow -- that's not at all what the text file I saved looks like!  Is there another way I can re-save the OTL log in it's original form for you? I've pasted in the opening part of the file below to show you it's not messed up.

Also, my problem is that I get Avast error messages that suggest some malware on my computer is trying to contact an unknown URL, which Avast is blocking. If I disable Avast to download and use Combofix, then I leave the door open for this (possible) malware to get through unblocked to its contact URL and cause more serious problems. So, I really do not want to disable Avast. Yet, I cannot download Combofix while Avast is working because Avast blocks it.

Allen

OTL logfile created on: 6/14/2014 3:12:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\The Foto Finisher\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.43 Gb Total Physical Memory | 8.72 Gb Available Physical Memory | 76.31% Memory free
22.86 Gb Paging File | 19.63 Gb Available in Paging File | 85.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1846.33 Gb Total Space | 834.91 Gb Free Space | 45.22% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.07 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
 
Computer Name: FOTOFINISHER | User Name: The Foto Finisher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/14 15:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Foto Finisher\Downloads\OTL.exe
PRC - [2014/06/10 12:01:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/06/06 09:37:05 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/19 17:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\The Foto Finisher\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/13 20:32:15 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/09 09:49:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/08 14:59:39 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/07 09:14:38 | 000,055,624 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/10/18 18:00:00 | 000,200,632 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\ZipSendService.exe
PRC - [2011/08/16 14:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2010/02/04 22:47:34 | 000,093,376 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 

[Pondus]

follow Essexboys instructions to the dot ..... he does this all day long so know how this stuff works....

[REDACTED]

Okay, I ran Combofix; I attached the file because when I paste it into this reply my message exceeds the maximum size allowed. I believe that Combofix deleted 1 file and 1 folder in my Temp and/or User/App Data/Local folders.

My computer seems to run fine; I am not aware of any problems that may have occurred due to malware. As mentioned, I was getting many alerts from Avast Webshield saying it blocked a dangerous file or website (with a specific URL), yet I don't know if there actually is something on my computer, or perhaps these were false alerts? Interestingly, after getting many alerts for 2 days, I have not seen any more since yesterday evening, but I've not been online that much.

What do you think? Am I okay, or do I need to do something more?

Also, as mentioned, my version of the OTL text file is not corrupted, so I can get that to you (perhaps as a Word file) if you want to see it.

Thank you,

Allen

[Pondus]

Also, as mentioned, my version of the OTL text file is not corrupted, so I can get that to you (perhaps as a Word file) if you want to see it.

you probably saved it as Unicode ..... it should have been saved as ANSI

Essexboy may not need it....

[essexboy]

Could you attach the entire OTL log please.  Once you have attached it could you open it and ensure that it has worked correctly . 

It may be related to the foto programme that you have but I am not yet sure 

[REDACTED]

Here is the OTL log saved as a .txt file, ANSI version.

Thnx,

Allen

[Pondus]

Here is the OTL log saved as a .txt file, ANSI version.

Thnx,

Allen

That did the trick   

Essexboy will be back online tomorrow ..... he is in bed, or watching Argentine - Bosnia now

[REDACTED]

Okay, thanks,

[essexboy]

How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[REDACTED]

Hi,

I ran the custom fix and attached (file too many characters to paste in) is the Quick Scan log after rebooting and running Quick Scan. As far as I can tell so far, the computer seems to be running okay except for Internet Explorer, which comes up with Yahoo home page, but then I cannot go to any other website page. Other URLs in the address bar don't go through, and the links on the home page won't take me anywhere. Should I uninstall and re-install IE?

The Avast "Webshield has blocked a harmful web page or file" warnings, which prompted this discussion, stopped appearing after Sat night. I'm not aware of anything else going on.

Thanks,

Allen

[REDACTED]

Sorry... attached is the OTL Quick Scan log, after the Fix.

[essexboy]

Go to control panel > internet options
Select the Advanced tab
Click reset
Click apply and OK out then try IE again

[REDACTED]

Okay, that fixed IE; thanks!

Do you think my computer is free of any malware problems now, or is there something else I should do?  As mentioned, I'm not aware of anything else going on with the computer right now.

Allen