i am also having a very hard time removing some malware that avast is blocking with the Web Shield, identified as URL:Mal being accessed by explorer.exe. the hosts accessed are all random, some just IP addresses, some just garbage domains like cvbksajdfhkl.com for example, and the files accessed seem random too, i have seen ads.php, and also something about blog_settings.php i think… not sure since Avast doesn’t seem to have a log of this activity.
i have run several tools including Spybot, AdwCleaner, HitMan Pro, and MBAM which have all removed some things. i also tried running Process Explorer but there aren’t any additional things popping up under the explorer.exe process when the avast popups happen.
other tools i’ve run are ComboFix and FRST but i’m not sure how to use those tools, think they are only informational?
when i tried to run aswMBR (with virtualization) for the first time, it got hung up on C:\Users\MEnriquez\AppData\LocalLow\Sun\Java\jre1.8.0_45\LZMA_EXE and after a few minutes the system itself froze and i had to do a hard reboot, but the second try it worked…
anyway i’ve attached some log files and i hope we could resolve this promptly as i am trying to clean up the computer for a friend.
thank you essexboy… i hadn’t noticed the popups yesterday after running MBAM, so maybe it removed the root of the problem? i ran FRST like you asked and attached is the log file… note that i currently have system restore disabled and that was the only error i noticed