Getting " threat has been detected" continuously

[essexboy]

If all computers that connect to the same router are displaying the same redirect the router may well be infected

Could you confirm that all devices are seeing this

[REDACTED]

essexboy, just to let you know.  just got 12 "MLKA" threats in a row?.

[REDACTED]

I'll check on the other computers. I have one desktoop and 2 laptops.

[REDACTED]

Hey essexboy, the two laptops use the same router as the desk top. I'm not getting the threats on the laptops, only the desktop. Thanks

[REDACTED]

still getting threats this morning from" MLKA" and a new one from"88.214.194.199/71760552/MJAW...." thanks.

[essexboy]

Could you run a fresh FRST and additions for me please

[REDACTED]

essexboy, will do. Running it now. BTW, I'm being bombarded now by different url, such as MLKA, cdn1movieroomviews, cdn3's and also malware threats like searchnet.blinkxcore.com. Have probably gotten 20 or so threats while I was typing this message.

[REDACTED]

MBAM scan is still running, over 49 minutes and over 303,500 objects. Is that normal to take so long? Also I'm getting MANY threats from lots of different addresses, url's etc.. What does all this actually mean? Are all these addresses trying to access my computer or what is going on? Have any ideas? Thanks Mike

[REDACTED]

essexboy, logs attached. (hopefully) Thanks

[REDACTED]

essexboy, another file.

[REDACTED]

essexboy. Afraid I'm going to be off-line for the next few days and will have no internet access at all. Hopefully the logs I sent will help with the problem. Thanks again for all the help and hopefully we are making some progress on the on-going threats. I have never seen this many and so often as they are coming.

[essexboy]

Could you attach a screenshot of the popup from Avast please

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0CtAyByByBzz0FtAyEyDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=282692777&ir=
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D7DEF4F3-9615-4368-9584-C064086F3822} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=6F8ED790-8A56-49F3-BFC3-C24619E81BC8&apn_sauid=01C4F874-0F6F-4A71-93CD-235B187B2F11
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
2014-10-21 19:33 - 2014-10-27 21:38 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 20:55 - 2013-12-01 18:02 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\UpdaterEX
2014-10-21 20:55 - 2012-01-22 19:52 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
CustomCLSID: HKU\S-1-5-21-922291529-3929957773-1379027384-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\tapiui.dll (Microsoft)
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Hey essexboy, am back now and have received one threat since being back on-line.

[essexboy]

OK could you post the resultant log from the FRST fix please and let me know what the popup is that your getting

[REDACTED]

essexboy. These constant threats are coming in so fast that it is rendering the computer almost useless. I see many other messages from other members pertaining to the same threats. Is any progress being made? I have forwarded many of the logs and nothing seems to help. The only difference now is that it seems the threats object name is different. Every time that one object name is removed, another one comes right back. The latest names are is ledoborota and 5.45.73.129/aa/. Does anyone know what is going one with all these threats that everyone is getting? Thanks