I will be posting all the logs on this thread. I don’t think I need to give the URL of the websites. Please help.
follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
The logs are attached herewith this reply.
malware removers are notified. it may take many hours before one arrive so be patient
Hello,
I will be working on your Malware issues.
Step1
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Step2
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please attach the contents of that log in your next reply.
The ComboFix.txt is attached.
The TDSSKiller log is too large for the attachment bandwidth? It’s 250K.
Go to pastebin.com
Paste TDSSKiller txt there and click on Submit.
Paste here link. 
There you go.
Open notepad and copy/paste the text present inside the code box below:
DDS::
uStart Page = hxxp://search.babylon.com/home?AF=10588
ClearJavaCache::
RegNull::
[HKEY_USERS\S-1-5-21-87309666-732039932-1549713996-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3EC769D-3752-8846-286D-2E57131D0040}*]
"oahimfoafkhndhlilpideclfikaehf"=hex:64,61,65,63,70,70,69,62,00,fc
"oalhejnhleklimmcjmdnhdocdnaden"=hex:6a,61,68,63,6c,70,68,6f,67,63,66,66,67,70,
64,65,69,63,62,62,00,00
"naficnjbkehepfmjhdndidlffhbn"=hex:6a,61,68,63,6c,70,68,6f,67,63,66,66,67,70,
64,65,69,63,62,62,00,00
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
[*]Re-run TDSSKiller.exe and click on Change parametres.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the [b]C:[/b] directory.
Note: Please use pastebin.com as before if logs are to large…
Here is the new ComboFix.txt.
TDSSKiller Log 2
Looks good.
How’s your computer behaving now ?
It’s going as it was before the pop-ups. No problems. Thanks!
Sorry, but I dont understand. :-\ ;D
(English is not my main language)
Do you still have warnings from avast?
If you have them, then re-run OTL. Click RunScan button and attach here fresh OTL.txt
Sorry for not clarifying. No more pop-ups from Avast. The problems seem to have been fixed.
Nice. 8)
Then, few steps remains.
It is necessary to uninstall the ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Re-run OTL and click on CleanUp! button
I recommended to you to use MCShield if you will.
MyCity - Official download link
Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD