Update Windows Live malicious popup

[REDACTED]

Heyall, first post in hopes of solving a recent problem. Avast has flawlessly kept my pc safe for a while, so I'm a little wary about installing something else to fix this issue. Though, my pc has started displaying these "update windows live" popups, and self creating desktop shortcuts along with it. I always exit them, and have run a few scans to root out the issue. Avast finds several infected files in my windows temp folder with similar titles and delets them. Furthermore, immediate post-scan boot time scans say things are clear, but the issue still persists. Any assistance is greatly appriciated, I'm a little out of my depth.

[Asyn]

Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

Clarification, when I said "the issue persists" the files and shortcut reapear and the popup keeps showing.

[REDACTED]

Here ya go

[Asyn]

OK, now you've to wait a bit...

[REDACTED]

Do your thing guy, though its pretty late. I feel bad inconviencing the person trying to help me but I will probably havta check back tomorrow morning.

[Asyn]

NP, it'll take a while anyway.

[essexboy]

Let me know how the computer is behaving after this


CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM-x32\...\Run: [] => [X] 
SearchScopes: HKU\S-1-5-21-3551214056-4249579359-1551428642-1000 -> {439BA8E5-EFB8-4640-8540-98194D4F2337} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN22494047161817817&UM=2
SearchScopes: HKU\S-1-5-21-3551214056-4249579359-1551428642-1000 -> {6BF879B6-70CC-4A6A-BE2B-DB293B63CD50} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S1 arwfbcqd; \??\C:\Windows\system32\drivers\arwfbcqd.sys [X]
S1 gaoahoem; \??\C:\Windows\system32\drivers\gaoahoem.sys [X]
2014-11-27 17:23 - 2014-11-27 17:24 - 00000000 ____D () C:\Users\Bruce\Downloads\AutoSaverNV-35146
2014-11-27 17:23 - 2014-11-27 17:23 - 00000483 _____ () C:\Users\Bruce\Downloads\AutoSaverNV-35146.zip
C:\ProgramData\hash.dat
C:\Windows\system32\drivers\arwfbcqd.sys
C:\Windows\system32\drivers\gaoahoem.sys
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

Its been a bit and things seem back to normal. The infectious activity was sporadic so I'll keep posting in case the issues persists, but so far it looks like the virus/malware/spooky stuff is gone. Here are the last logs, thanks for the assistance.

[essexboy]

Looks a lot better after the removals

Let me know how it is over the next day or so then once you are happy I will tidy up