avast problem with svchost.exe

[Merineins]

For the last couple of days I keep having these annoying pop ups from avasat, saying that a web page has been blocked. Could somebody help me ?

 

[TwinHeadedEagle]

Hello,

Can you make a picture how these warnings look like?

 

[Merineins]

it loooks like this

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Merineins]

It doen't aloud me to uploaded. Im gonna copy it here:


Zoek.exe v5.0.0.1 Updated 22-December-2015
Tool run by Martin on jue. 24/12/2015 at 11:46:42,46.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24/12/2015 11:49:03 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SharkTime Software deleted successfully
C:\PROGRA~3\simplitec deleted successfully
C:\Users\Martin\AppData\Local\ActiveSync deleted successfully
C:\Users\Martin\AppData\Local\CrashDumps deleted successfully
C:\Users\Martin\AppData\Local\EmieSiteList deleted successfully
C:\Users\Martin\AppData\Local\EmieUserList deleted successfully
C:\Users\Martin\AppData\Local\NetworkTiles deleted successfully
C:\Users\Martin\AppData\Local\Secunia PSI deleted successfully
C:\Users\Martin\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-541517907-739818035-363521432-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Avira not found
C:\Users\Martin\AppData\Roaming\QuickScan deleted
C:\Users\Martin\.android deleted
C:\install.exe deleted
C:\Users\Martin\ChromeExtensions deleted
C:\PROGRA~3\CyberlinkOutput.txt deleted
C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted
C:\Users\Martin\AppData\Local\node-webkit deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Martin\AppData\LocalLow\IObit Apps deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\Syswow64\REN5C91.tmp deleted
C:\WINDOWS\Syswow64\REN9267.tmp deleted
C:\WINDOWS\Syswow64\RENDAFD.tmp deleted
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hkvje0cd.default\jetpack deleted
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hkvje0cd.default\extensions\youtubeunblocker@unblocker.yt deleted
"C:\windows\Installer\142d5.msi" deleted
"C:\Users\Martin\AppData\Roaming\webex" deleted
"C:\PROGRA~3\Package Cache" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hkvje0cd.default
user_pref("browser.startup.homepage", "Restore Browser Settings
user_pref("browser.search.defaulturl", "{searchTerms} - Wolfram|Alpha");
user_pref("browser.search.defaultengine", "Wolfram|Alpha (avast!)");
user_pref("browser.search.defaultenginename", "Default");
user_pref("browser.search.defaultenginename.US", "DuckDuckGo");
user_pref("browser.search.selectedEngine", "Wolfram|Alpha (avast!)");
user_pref("keyword.URL", "{searchTerms} - Wolfram|Alpha");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14/12/2015 11:10]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hkvje0cd.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere@eff.org
- Results Hub - %ProfilePath%\extensions\{257e313e-9efd-4b27-b78e-ab33d3924e12}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hkvje0cd.default
30058F2746B25F60DCC7624E227357D1 - C:\Users\Martin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL - Microsoft Office 2013
88C9284589B5AEEF93AAF8016BA1290D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
88041A1D3DB193614C1DD264CDD7417E - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll - Shockwave for Director / Shockwave for Director
5DF56521E8985BFD8F21A3D97A4D4574 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash
322A74A2C9038BF07285C9F74F1828AF - C:\Users\Martin\AppData\Local\Hola\firefox\app\vlc\npvlc.dll - Hola VLC Web Plugin
7DA18C02BD866A2D99533912DE0E3FDB - C:\Users\Martin\AppData\Roaming\Mozilla\plugins\npatgpc.dll - ActiveTouch General Plugin Container


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[15/06/2015 19:04]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15/06/2015 19:04]

Avast SafePrice - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="Bing"
"First Home Page"="Bing"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - {searchTerms} - Google Search
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEEF40788A6AE7E41B42DB16226CE6C2 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e7c7c227-b742-4878-9425-f09bbf9951db} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FEEF40788A6AE7E41B42DB16226CE6C2 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=826 folders=873 1983625357 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on jue. 24/12/2015 at 13:47:45,65 ======================

 

[TwinHeadedEagle]

Good. How is your PC behaving now?

 

[Merineins]

The same way. I still keep getting the pop ups...

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Merineins]

Ok!

 

[TwinHeadedEagle]

When do you get these warnings?

 

[Merineins]

As soon as I turn on the computer. I don't do any specific action to get them. They just appeared

 

[TwinHeadedEagle]

I don't know why is this happening. I suggest to open topic on Avast forum:

Avast WEBforum - Index