I am seeing these as well. A screenshot is attached and the next post has my log set.
So I decided to run all the tools in the order suggested by the sticky post. Go figure. Logs are attached.
After I do this post I will clean up the first one to remove the obsolete logs.
malware removers are notified
Hi can you delete all the browser shortcut links on your desktop and quick launch bar
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
[2013/02/11 22:35:01 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\CandyUpdater.job
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
The first log is what came up automatically after reboot. The second log is the result of the quick scan after reboot.
Are you still receiving the alerts ?
The popup/warnings happened pretty seldom (1-2 times per day) so it is too soon to tell, I have all the users of the machine primed to look for it.
I had found references to the ArcadeCandy thing with HijackThis and removed one, but it (or I) seemed to miss the task you and your tools found, thank you.
While we are waiting for the alert to not appear again, I will take the time to say the following:
I have been reading over the threads here since coming the other day, and the level of service, expertise, and assistance given here is astoundingly good. I’m a very experienced computer professional (in the embedded world) and you guys all deserve sorcerer’s hats.
That being said, indulge me the following and this not to put anyone or anything down: Is the work here used to make the Avast! product better? Obviously I somehow got this thing while under the protection of Avast! - which has to be of concern. Thanks for your attention!
Unfortunately that file comes under the heading of Potentially unwanted programme… As some people willingly install it and get miffed when I remove it
So if PUP’s are not enable within Avast then the installation will be allowed, but it will still alert when it tries to go to a bad site
OK, the popups have not occurred so everything looks good.
Thank you for the lesson on PUPs. I take it that there is a setting I can turn on in AVAST! to have it warn me about these. Is it easy to find - I have not looked yet.
Start Avast select Webshield > select settings
Then select PUP
That sucker is on, now. Thank you.
No re-occurance.
Run OTL and press the cleanup button to remove it, then run AdwCleaner and press uninstall