Avast web shield has blocked a harmful webpage or file. This is similar to another post http://forum.avast.com/index.php?topic=149180.msg1083816#msg1083816
I downloaded the OTl and did the first scan you asked for. I ran 3 scans as below. I was hearing commercials or something from speakers with no browser open but it stopped not sure what stopped it but that’s good.
With browser open or closed, Web Shield is giving pop-ups for 11 pages flagged as being harmful.
I’m running Windows 7 and I use google chrome
I have downloaded and ran the following in order as listed:

Malwarebytes found and fixed some.
Avast Free found none
Microsoft security essentials found none
I ran CCleaner and deleted browsing data in chrome
The file being found on mine are same as these from the other post with different last numbers. 2003 or 3034
URL: Mal
C:\Windows\System32\Svchost.exe
Object(s):

ruggersner8.net/task/3033
rrtunc-net.com/task/3033
h_rumlown-set8_net_task/3033
rozettol-step.com/task/3033 (found on VirusTotal)
robertollo-green.net/task/3033 (found on VirusTotal)
rancho-for-zomb 0.net/task/3033
certix-z3.com/online/820
rottover-end.net/task/3033
rumberger-fon.com/task/3033
rummerstain2.com/task/3033
r-ubmer5.com/task/3033
I attached the 2 text logs that came from my scan of the OTL, that you had the other person

Hi there, when we have finished could I ask you to upload the files that I am going to quarantine to a file sharing site for me to collect. As I still need to convince Avast that one of the system files has been patched.

You will continue to get the alerts until I run Combofix for the second time

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Commands
[CREATERESTOREPOINT]

:OTL
[2014/04/30 07:06:48 | 000,000,081 | ---- | M] () -- C:\Windows\SysNative\kkaev.obb
[2014/04/30 06:56:14 | 000,037,888 | ---- | M] () -- C:\Windows\SysNative\bnozbgx.igi
[2014/04/30 06:56:14 | 000,000,069 | ---- | M] () -- C:\Windows\SysNative\smniwxe.jfo
[2014/04/28 22:37:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\rmkvb.cmx
[2014/04/28 22:30:04 | 000,306,299 | --S- | M] () -- C:\Windows\SysNative\phhem.ixs

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

otl.txt log quick scan as requested

Attaching the log.txt as requested. As soon as i restarted avast blocked http://find-everything.info/?query=empire%20stats%20college%20online%20degree%20review same process nothing since then (2 mins)

This one will stop the alerts. You must reboot after Combofix has done its thing

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll|c:\windows\system32\rpcss.dll

File::
C:\Windows\system32\rmkvb.cmx
C:\Windows\system32\smniwxe.jfo
C:\Windows\system32\phhem.ixs

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

combofix.txt attached

Could you confirm that the alerts ceased after reboot ?

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Sorry I had to go run to the store. Yes it appears the warnings have stopped. Here is the report

I would like one final scan if I may to ensure the payloads have gone, as they are proving to be reluctant to go on some other systems

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select both shortcut and additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach all 3 logs generated.