00000004.@, 000000cb.@, 80000000.@, 80000032.@, 80000064.@

Every 5 minutes or so my avast AV is finding and quaratine-ing the following files

00000004.@, 000000cb.@, 80000000.@, 80000032.@, 80000064.@

attached is a screenshot of the avast log.

Im also running a full scan with malwarebytes as a quick scan did not find anything. Please help!

Windows 8 64bit

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Monitoring

So I started off with a full system scan using malwarebytes and it turned up 0 objects. Heres the log file attached.

Please advise

already given by DavidR

attach logs from OTL and aswMBR… you may run the programs from safe mode if any problems

if you reboot and scan with avast again… do you still get the same result?

attaching OTL logs.

aswMBR to follow

Ok so aswMBR kept closing unexpectedly during the scan.

I tried rebooting into safe mode to perform the scan but received the windows message “critical_process_died”

the computer then had to recover to an earlier restore point.

So as of right now I am unable to perform aswMBR scan. thanks for the help so far

hello please wait for DavidR he’ll give you what to do

@avastnewb

[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.

— — — — — — — — — — — —

aswMBR’s driver can’t load into Windows 8 kernel. In other words, aswMBR.exe ARK is incompatible with WIndows 8.

— — — — — — — — — — — —

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:Files
C:\Windows\Installer\{dae7ca06-7603-6558-de43-786b43b2592e}\@
C:\Windows\Installer\{dae7ca06-7603-6558-de43-786b43b2592e}\L
C:\Windows\Installer\{dae7ca06-7603-6558-de43-786b43b2592e}\U
C:\Windows\Installer\{dae7ca06-7603-6558-de43-786b43b2592e}\U\00000008.@
C:\Windows\Installer\{dae7ca06-7603-6558-de43-786b43b2592e}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

— — — — — — — — — — — —

THEN …

Please download Farbar Recovery Scan Tool and save it to your desktop.

[color=green]Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

No, that will be for those qualified malware removal specialists, I just started the ball rolling to get the logs posted, magna86 is now on the case.

Attaching OTL log

Moving on to the farbar recover scan tool.

Thank you all

FRST logs attached.

standing by thank you

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


MountPoints2: {27334c7b-2d19-11e2-be79-643150650b0d} - "F:\TL-Bootstrap.exe" 
MountPoints2: {e7f31e8b-91da-11e2-bf17-0002762e8640} - "F:\TL-Bootstrap.exe" 
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
cmd: ipconfig /flushdns

  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

— — — — — — — — — — — —

THEN …

Re-run FRST;

[*] Press Scan button.
[*] It will make a log (FRST.txt) in the same directory the tool is run.
Next
[*]Type Services.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
[*]Exit FRST.
[*]Close the command window.
[*]Boot back into normal mode and post me the FRST.txt and Search.txt logs please.

fixlog attached

FRST and search logs attached

Looks good. Let’s try to repair some damage ZA cause…

Download the ESET services repair tool, extract the file to your desktop.

[*]Double-click ServicesRepair.exe.
[*]If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
[*]Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
[*]A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

services repair log attached

Hm … a bit weird log. Let’s re-check that. Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:

[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center/Action Center
[*]Windows Update
[*]Windows Defender

[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[
]Please copy and paste the log to your reply.

fss attached

Can you run Windows Update ( WUP ) and WinDefend ? Please try that and let me know.