I see this is a common topic here. I installed a free youtube downloader a while back and after it recently prompted me to update it snuck in a malware program I think.
I’m attaching the relevant logs. Can anyone help? I’m a novice at this stuff.
The URLS blocked so far are blackfight blackled epictory reduled and possibly more.
Could you let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4271798871-3564881711-3616368432-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 40634452; No ImagePath S3 49564931; No ImagePath 2014-05-20 17:14 - 2014-05-20 17:14 - 0000000 _____ () C:\Users\Chris\AppData\Local\{63DB4158-992F-4D23-AD92-CC3C1ABE7CCA} Task: {DE361B45-9475-4FEA-A7B2-83ADA33FCF1B} - System32\Tasks\{C29C2A99-A531-4B9E-B1D8-1E2B6710BC8A} => pcalua.exe -a C:\Users\Chris\AppData\Local\Temp\Temp1_eX500v2_03.zip\eX500v2_03.exe EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Essexboy:
I followed your directions exactly. Here is the content of the log file:
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
Task Deleted : RunAsStdUser Task
Task Deleted : IHSelfDeleteTASK
Task Deleted : IHUninstallTrackingTASK
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\AppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browsers ] *****
-\ Internet Explorer v11.0.9600.17496
-\ Mozilla Firefox v35.0.1 (x86 en-US)
-\ Google Chrome v40.0.2214.93
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
AdwCleaner[R0].txt - [1631 octets] - [27/01/2015 09:59:28]
AdwCleaner[S0].txt - [1572 octets] - [27/01/2015 10:02:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1632 octets] ##########
Could you post the fixlog please also are you still getting the alerts
Sorry forgot to post that log. Here it is:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Chris at 2015-01-27 09:51:08 Run:1
Running from D:\Users\Chris\Desktop
Loaded Profiles: Chris (Available profiles: Chris & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271798871-3564881711-3616368432-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 40634452; No ImagePath
S3 49564931; No ImagePath
2014-05-20 17:14 - 2014-05-20 17:14 - 0000000 _____ () C:\Users\Chris\AppData\Local{63DB4158-992F-4D23-AD92-CC3C1ABE7CCA}
Task: {DE361B45-9475-4FEA-A7B2-83ADA33FCF1B} - System32\Tasks{C29C2A99-A531-4B9E-B1D8-1E2B6710BC8A} => pcalua.exe -a C:\Users\Chris\AppData\Local\Temp\Temp1_eX500v2_03.zip\eX500v2_03.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
Restore point was successfully created.
“HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer” => Key deleted successfully.
“HKU\S-1-5-21-4271798871-3564881711-3616368432-1000\SOFTWARE\Policies\Microsoft\Internet Explorer” => Key deleted successfully.
40634452 => Service deleted successfully.
49564931 => Service deleted successfully.
C:\Users\Chris\AppData\Local{63DB4158-992F-4D23-AD92-CC3C1ABE7CCA} => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DE361B45-9475-4FEA-A7B2-83ADA33FCF1B}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DE361B45-9475-4FEA-A7B2-83ADA33FCF1B}” => Key deleted successfully.
C:\Windows\System32\Tasks{C29C2A99-A531-4B9E-B1D8-1E2B6710BC8A} => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{C29C2A99-A531-4B9E-B1D8-1E2B6710BC8A}” => Key deleted successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{C64A381F-03B4-46C2-8580-9B9C2954AC5C} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 508.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:52:29 ====
I am not getting any more alerts.
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
https://dl.dropboxusercontent.com/u/73555776/javara.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme 
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 
essexboy you are my hero. I hope you get paid very well because your efforts made my life a little easier today. ;D 8)
Glad to be of assistance