Heyall, first post in hopes of solving a recent problem. Avast has flawlessly kept my pc safe for a while, so I’m a little wary about installing something else to fix this issue. Though, my pc has started displaying these “update windows live” popups, and self creating desktop shortcuts along with it. I always exit them, and have run a few scans to root out the issue. Avast finds several infected files in my windows temp folder with similar titles and delets them. Furthermore, immediate post-scan boot time scans say things are clear, but the issue still persists. Any assistance is greatly appriciated, I’m a little out of my depth.
Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Clarification, when I said “the issue persists” the files and shortcut reapear and the popup keeps showing.
Here ya go
OK, now you’ve to wait a bit…
Do your thing guy, though its pretty late. I feel bad inconviencing the person trying to help me but I will probably havta check back tomorrow morning.
NP, it’ll take a while anyway.
Let me know how the computer is behaving after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-3551214056-4249579359-1551428642-1000 -> {439BA8E5-EFB8-4640-8540-98194D4F2337} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN22494047161817817&UM=2 SearchScopes: HKU\S-1-5-21-3551214056-4249579359-1551428642-1000 -> {6BF879B6-70CC-4A6A-BE2B-DB293B63CD50} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms} Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File S1 arwfbcqd; \??\C:\Windows\system32\drivers\arwfbcqd.sys [X] S1 gaoahoem; \??\C:\Windows\system32\drivers\gaoahoem.sys [X] 2014-11-27 17:23 - 2014-11-27 17:24 - 00000000 ____D () C:\Users\Bruce\Downloads\AutoSaverNV-35146 2014-11-27 17:23 - 2014-11-27 17:23 - 00000483 _____ () C:\Users\Bruce\Downloads\AutoSaverNV-35146.zip C:\ProgramData\hash.dat C:\Windows\system32\drivers\arwfbcqd.sys C:\Windows\system32\drivers\gaoahoem.sys EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Its been a bit and things seem back to normal. The infectious activity was sporadic so I’ll keep posting in case the issues persists, but so far it looks like the virus/malware/spooky stuff is gone. Here are the last logs, thanks for the assistance.
Looks a lot better after the removals
Let me know how it is over the next day or so then once you are happy I will tidy up