Getting the avast popups every 5 minutes. Having trouble removing them. Will post more logs as they finish.
Attached is the log from most recently where no action was taken. This was the log from earlier that I took action on.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.27.01
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bobby :: BOBBY-PC [administrator]
7/26/2012 7:47:40 PM
mbam-log-2012-07-26 (19-47-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208225
Time elapsed: 2 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\Installer{6354750e-80f6-3c77-8e80-26a738b9c333}\U\00000008.@ (Trojan.Dropper.BCMiner) → Quarantined and deleted successfully.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll (Trojan.FakeMS) → Quarantined and deleted successfully.
(end)
aswMBR logs
There may be a bit of a delay, due to time zones and availability of the malware removal specialists.
Hello 
I will be working on your Malware issues 
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:files
ipconfig /flushdns /c
C:\Windows\Installer\{6354750e-80f6-3c77-8e80-26a738b9c333}
C:\Users\Bobby\AppData\Local\{6354750e-80f6-3c77-8e80-26a738b9c333}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
:commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Thanks for joining the topic magna86.
Here are the logs magna
Turn Off avast following this guide:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Delete current Combofix.
Please download fresh one from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
!!!Do not run Combofix yet!!!
Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\program files (x86)\Conduit
c:\users\Bobby\AppData\Local\Conduit
KillAll::
FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe|c:\windows\system32\services.exe
Firefox::
FF - ProfilePath - c:\users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\9uqzjkpr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
Save this as CFScript.txt
http://img213.imageshack.us/img213/1218/cfscript1.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Here is the new log
How’s your computer behaving now ?
…and additional polishing.
Re- run OTL, hit QuickScan and attach here fresh OTL.txt & Extras.txt log.
Everything looks good. Not seeing the popups anymore when I take Avast off gaming mode. Will post logs in a moment.
Only opened the OTL.txt and no second window with extras.
Yes, my mistake, I forgot to tell you for the option Extra Registry. It does not matter.
Logs looking good.
It is necessary to uninstall Combofix
Start (
http://fotkica.com/thumbs2/117539_tmb_191855275_Windows_Logo_key.gif
) >> Run
Combofix /Uninstall
Enter
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15694
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\..\SearchScopes\{BF45665B-C2F3-4FC8-AF91-BF1767525188}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MDF&o=15691&src=crm&q={searchTerms}&locale=&apn_ptnrs=FY&apn_dtid=YYYYYYYYUS&apn_uid=28ade887-f2cc-4ffd-a82a-45b096348066&apn_sauid=0D67E06E-DAD4-4531-9894-35A2F8D7DB2B
FF - user.js - File not found
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:05EE1EEF
[*]Then click the Run Fix button at the top.
[/list]
[list][*] In the end, re-run OTL and hit CleanUp! button
I just used the shortcut (windows key + R) and it’s prompting me to go through the process again for Combofix, is this correct?
You may use Start Search [/b] field if Run is not available.
ComboFix / Uninstall
Note that there is a space between “x” and “/” .
then click OK (or press Enter ).
Wait for the uninstall process is complete.
If fails to uninstall, then please download & run Combofix Uninstaller from here:
http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE
Uninstaller worked thank you magna.
I had the same issues as posted in this thread. I’ve followed some of the steps posted here, and I may have had some success. Is anyone willing to guide me to double check that I’ve fixed my comp’s issues correctly, and not messed up anything else? Thank you!
@ TSRoger
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.
This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and start your own new topic and attach the logs there, not in the LOGS topic.
thanks will do.