Malware removal help

I am getting the constant pop up: Avast - avast! Web Shield has blocked a harmful webpage or file.

It appears regardless of if I’m on the internet or not.

Various Objects have appeared: go.wvydeo.com/results . . ., and xmlka.com/click?app . . ., and cdn1.movieroomreview.com/themes . . ., among others

The infection is always URL:Mal

Process C:\Program Files.…\iexplorer.exe, and PID 11260,

I have updated and ran/full scanned several times this week with Avast and adaware - isn’t happening as often as it was 10/23/14 but it still does happen. How can I get rid of this?

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

I downloaded and ran Malwarebytes

I have Windows Home Premium 64 bit so downloaded 64 bit – when try to rt click and install get: …\Downloads\FRST64.exe is not a valid WIN32 application

So downloaded 32 bit and when rt click to install it get: “This version of FRST is not compatible with your OS. Please use FRST64

Also I can’t download in explorer – get a message saying settings won’t allow it – downloaded using chrome.

Attached file is after scan but before reboot - couldn’t figure out how to access log to export after reboot

For FRST when you download the 64bit version temporarily disable the Avast shields

ok - but I was able to download it - just won’t run

downloaded with shields off - same result

Malwarebytes pop ups saying Malicious Website blocked and Avast pop ups saying Web Shield has blocked harmful web page or file are popping up about every 5 seconds - which I don’t understand since I turned the shields off

tried again and got it - now will run farbar

farbar text files

computer is locked up now - took attached photo of aswMBR.exe scan

Stop AswMBR and reboot please.

I notice that you are also running Adaware anti virus this is not good policy and it should be uninstalled

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-1750282702-2339257603-2008339345-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! CHR HKLM-x32\...\Chrome\Extension: [ihogoofdaifgdkdilopkeahfcnifkajn] - C:\Users\Albaughs\AppData\Local\CRE\ihogoofdaifgdkdilopkeahfcnifkajn.crx [2013-09-08] 2014-10-25 22:08 - 2014-10-25 22:08 - 00070656 _____ () C:\Windows\system32\kpmbdq.dll 2014-10-25 22:08 - 2014-10-25 22:08 - 00003858 _____ () C:\Windows\System32\Tasks\{E9FDAAAE-4ACB-E8F1-880C-D5D7DF520FD7} 2014-10-25 22:08 - 2014-10-25 22:08 - 00000000 _____ () C:\Windows\system32\mhaxlrk.dll 2014-10-20 19:00 - 2014-10-20 19:00 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{D916FD19-F18F-461F-B888-2E090102842C} 2014-10-18 19:12 - 2014-10-18 19:12 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{DE556472-438D-47E9-80B8-FFA364519B1D} 2014-10-16 16:39 - 2014-10-16 16:39 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{68785AD5-61CE-4F0E-BC8F-5B044F6E0E18} 2014-10-12 15:39 - 2014-10-12 15:39 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{E1527873-88E2-4997-98DE-D64B54953156} 2014-10-11 15:49 - 2014-10-11 15:49 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{A3A5B97A-84BE-4286-B593-9D11CECED036} 2014-10-08 15:48 - 2014-10-08 15:48 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{C5441493-72F4-45D4-81BE-0375C901054F} 2014-10-07 15:34 - 2014-10-07 15:34 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{221CE38C-1C74-4E14-8B11-2CA61B2C1795} 2014-10-05 10:25 - 2014-10-05 10:25 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{AC7E8516-2431-477F-886F-D1DB9BC75AD0} 2014-10-04 11:29 - 2014-10-04 11:29 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{03E117F3-2FFB-4A97-9750-FF47686AEABD} 2014-10-03 16:52 - 2014-10-03 16:52 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{74DAF23E-EC0B-4EDB-B3C3-D8A32E5551BE} 2014-09-29 15:52 - 2014-09-29 15:52 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{A93C239B-40C4-47D2-9D58-F6FDD0CA218E} 2014-09-28 12:01 - 2014-09-28 12:01 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{2FA31DE9-171D-4588-81C2-668F47B4D2EC} 2014-09-27 16:57 - 2014-09-27 16:57 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{01427056-91D5-46CE-863F-A07347FA8485} 2014-09-25 15:25 - 2014-09-25 15:25 - 00000000 ____D () C:\Users\Albaughs\AppData\Local\{B1B51BF2-A192-4A39-A1BF-4E49BE56FA90} 2014-10-25 16:09 - 2014-04-18 17:12 - 00000000 ____D () C:\ProgramData\Search Protection 2014-10-25 16:06 - 2013-09-15 15:48 - 00000000 ____D () C:\ProgramData\Conduit 2014-10-25 13:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF CustomCLSID: HKU\S-1-5-21-1750282702-2339257603-2008339345-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? Task: {FFD0696D-8DFC-4367-B469-92F790B04955} - System32\Tasks\{E9FDAAAE-4ACB-E8F1-880C-D5D7DF520FD7} => C:\Windows\system32\kpmbdq.dll [2014-10-25] () EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

is it ok to download it again? I had several frst.exe files - the one that worked before disappeared when I went to run it - it’s not in my recycle bin either

Yes but ensure you save it to your desktop

farbar is “fixing” but malwarebytes is running - I forgot to stop it - will that be a problem? malwarebyte popups are occuring

Stop MBAM during the FRST fix as it will try to block the programme

how long should the frst fix take? it’s been over an hour so far

If it has generated a fix log then stop FRST we have been experiencing some problems with the emtytemp command hanging

fix log attached

After AdwCleaner has run could you let me know how the computer is behaving and any outstanding problems

ok

Adwcleaner generated 2 files - attached

How is the computer behaving now, what problems remain ?