Mine is doing the exact same thing. I have run multiple different marware & spyware removal scans and programs. Nothing seems to remove it. It only happens when I am connected to the internet. Seems as though it is a virus on the machine that is trying to reach back out to the web and is being blocked by Avast, but not removed.
This fix did not work for me, her is the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by Embries at 2014-10-29 13:00:18 Run:2
Running from C:\Users\Embries\Desktop
Loaded Profile: Embries (Available profiles: Embries & UpdatusUser)
Boot Mode: Normal
Content of fixlist:
HKU\S-1-5-21-1209427738-228762128-437975776-1000.…A8F59079A8D5}\localserver32: rundll32.exe javascript:"..\mshtml,RunHTMLApplication ";eval(“epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2014-10-26 07:29 - 2014-10-26 07:29 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-25 18:48 - 2014-10-25 18:48 - 00070656 _____ () C:\Windows\system32\ytoqq.dll
2014-10-25 18:48 - 2014-10-25 18:48 - 00003856 _____ () C:\Windows\System32\Tasks{5046DA1A-2B71-E004-6829-AAE803219D96}
2014-10-25 18:48 - 2014-10-25 18:48 - 00000000 _____ () C:\Windows\system32\jbdooj.dll
2014-10-25 06:01 - 2014-10-25 06:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\30469
CustomCLSID: HKU\S-1-5-21-1209427738-228762128-437975776-1000_Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 → rundll32.exe javascript:”..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {23BA297A-B003-46F8-8D02-133C6978AF79} - System32\Tasks{5046DA1A-2B71-E004-6829-AAE803219D96} => C:\Windows\system32\ytoqq.dll [2014-10-25] ()
CMD: bitsadmin /reset /allusers
“HKU\S-1-5-21-1209427738-228762128-437975776-1000\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32” => Key not found.
“HKU\S-1-5-21-1209427738-228762128-437975776-1000\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
“HKCR\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}” => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
“HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}” => Key not found.
“C:\Windows\SysWOW64\u” => File/Directory not found.
“C:\Windows\system32\ytoqq.dll” => File/Directory not found.
“C:\Windows\System32\Tasks{5046DA1A-2B71-E004-6829-AAE803219D96}” => File/Directory not found.
“C:\Windows\system32\jbdooj.dll” => File/Directory not found.
“C:\Users\Owner\AppData\Roaming\30469” => File/Directory not found.
“HKU\S-1-5-21-1209427738-228762128-437975776-1000_Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{23BA297A-B003-46F8-8D02-133C6978AF79}” => Key not found.
C:\Windows\System32\Tasks{5046DA1A-2B71-E004-6829-AAE803219D96} not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{5046DA1A-2B71-E004-6829-AAE803219D96}” => Key not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.