Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Avast Free Antivirus & Malware will not open or run [Closed]

Started by ntk04 , Jul 02 2015 02:15 AM

Page 3 of 6
1
2
3
4
5

This topic is locked

#31
ntk04

Posted 07 July 2015 - 12:11 AM

Member

Topic Starter
Member
47 posts

waiting for further instructions

#32
Essexboy

Posted 07 July 2015 - 07:40 AM

GeekU Moderator

Retired Staff
69,964 posts

OK what I would like now is for you to go to safe mode and let me know if Malwarebytes will run there

#33
ntk04

Posted 08 July 2015 - 08:28 AM

Member

Topic Starter
Member
47 posts

i can't even install malwarebytes for me to run it in safe mode

Edited by ntk04, 08 July 2015 - 08:28 AM.

#34
Essexboy

Posted 08 July 2015 - 08:49 AM

GeekU Moderator

Retired Staff
69,964 posts

Do you have access to another computer and a USB drive ?

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
Launch drwebliveusb.exe.
The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
Files will be copied automatically.
Once the copying process is completed, press the Exit button to close the application.
Reboot the infected computer with the USB in the drive
Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
Use arrow keys to select DrWeb-LiveCD (Default)
Press select objects for scanning
When the system is loaded, check the disks or folders you want to scan, and click on Start.
The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
When it has completed
Select Open Report and copy to the USB
Once completed reboot to normal windows, and attach the report here

#35
ntk04

Posted 09 July 2015 - 04:04 AM

Member

Topic Starter
Member
47 posts

ok ill let u know once im done

#36
Essexboy

Posted 09 July 2015 - 07:13 AM

GeekU Moderator

Retired Staff
69,964 posts

Thanks

#37
ntk04

Posted 09 July 2015 - 11:27 PM

Member

Topic Starter
Member
47 posts

ok I've downloaded it connected the flash drive and nothing...... I've tried to launch the dr web but nothing... am i suppose to open it in the flash drive???

Edited by ntk04, 09 July 2015 - 11:31 PM.

#38
Essexboy

Posted 10 July 2015 - 02:39 AM

GeekU Moderator

Retired Staff
69,964 posts

•Reboot the infected computer with the USB in the drive
•Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions

Did you do this part ?

#39
ntk04

Posted 13 July 2015 - 02:21 AM

Member

Topic Starter
Member
47 posts

sorry for the delay...... attempting now.... will let u know how i go

#40
ntk04

Posted 13 July 2015 - 02:51 AM

Member

Topic Starter
Member
47 posts

ok i've tried but i can't even launch Dr web live USB..........

#41
ntk04

Posted 13 July 2015 - 02:56 AM

Member

Topic Starter
Member
47 posts

everything seems to be working fine..... its just that at the moment i don't have an anti virus thats on. internet works but real slow and i know its because i don't have an active anti virus. and the main problem is what we're trying to fix now, which is we can't run/install/uninstall avast,avast utility, malware & Dr Web Live USB......

Edited by ntk04, 13 July 2015 - 02:59 AM.

#42
Essexboy

Posted 13 July 2015 - 07:27 AM

GeekU Moderator

Retired Staff
69,964 posts

OK could you run a fresh FRST scan, I will remove Avast manually and then try AVG or Avira

#43
ntk04

Posted 14 July 2015 - 03:18 AM

Member

Topic Starter
Member
47 posts

ok here is that fresh FRST scan log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by Kavapalu (administrator) on KAVAPALU2015 on 14-07-2015 19:16:44

Running from C:\Users\Kavapalu\Downloads

Loaded Profiles: Kavapalu (Available Profiles: Kavapalu)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Oti) C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\MacKMLink.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\ExImg\ImageRoot\SKLoader.exe

() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\LEWD.exe

() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\LinkEngKM.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)

HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)

HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\...\Run: [CS Dispatch] => C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\MacKMLink.exe [268368 2012-11-12] (Oti)

HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_8CA6FDC19A04B78027F821A36FE40F4F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-06] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-06] (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{ACCFB76D-CDB2-4116-8FB1-C85880C6044D}: [DhcpNameServer] 10.143.147.147 10.143.147.148

Tcpip\..\Interfaces\{F962F92D-E743-4672-AB9B-832DB6AD6BB3}: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-06] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKU\S-1-5-21-2443050622-1473135098-2417645833-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-19] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-21] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-21] (Apple Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]

Chrome:

=======

CHR Profile: C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]

CHR Extension: (Google Docs) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]

CHR Extension: (Google Drive) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]

CHR Extension: (YouTube) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]

CHR Extension: (Google Search) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]

CHR Extension: (Google Sheets) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]

CHR Extension: (Avast Online Security) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]

CHR Extension: (Google Wallet) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]

CHR Extension: (Gmail) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)

S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-09-26] (Creative Labs) [File not signed]

S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-26] (Creative Labs) [File not signed]

S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-12-01] (Creative Technology Ltd) [File not signed]

S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-04-22] (Creative Technology Ltd)

S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-25] () [File not signed]

S4 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2011-10-12] (SA International) [File not signed]

S4 SAiDownloader; C:\Program Files (x86)\FlexiSTARTER 10.5 P-Cut Edition1\Program\SAiDownloaderVistaUI.exe [417792 2011-10-12] (SA International) [File not signed]

S4 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2011-10-12] (SA International) [File not signed]

S4 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) [File not signed]

S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-05-27] (SafeNet, Inc.)

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-05] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-03] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-03] (The OpenVPN Project)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()

R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-04-22] (Creative Technology Ltd)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)

S3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-23] (Qualcomm Atheros, Inc.)

R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)

S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

S3 motccgp; system32\DRIVERS\motccgp.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]

S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 19:16 - 2015-07-14 19:16 - 00000000 ____D C:\Users\Kavapalu\Downloads\FRST-OlderVersion

2015-07-10 00:44 - 2015-07-10 00:44 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-07-10 00:44 - 2015-07-10 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-07-10 00:44 - 2015-07-10 00:44 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-07-09 23:35 - 2015-07-09 23:35 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2015-07-09 23:35 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-07-09 23:35 - 2015-07-09 23:35 - 00000000 ____D C:\Program Files (x86)\QuickTime

2015-07-09 19:43 - 2015-07-09 22:50 - 629748864 _____ (Doctor Web, Ltd.) C:\Users\Kavapalu\Downloads\drweb-livedisk-900-usb.exe

2015-07-07 15:30 - 2015-07-07 15:30 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KAVAPALU2015-Windows-7-Ultimate-(64-bit).dat

2015-07-07 15:30 - 2015-07-07 15:30 - 00000000 ____D C:\RegBackup

2015-07-07 15:29 - 2015-07-07 15:29 - 00019884 _____ C:\Users\Kavapalu\Downloads\Tweaking.com - Windows Repair - Pre-Scan.txt

2015-07-07 15:26 - 2015-07-07 15:26 - 00003668 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

2015-07-07 15:26 - 2015-07-07 15:26 - 00002163 _____ C:\Users\Kavapalu\Desktop\Tweaking.com - Windows Repair.lnk

2015-07-07 15:26 - 2015-07-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2015-07-07 15:26 - 2015-07-07 15:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

2015-07-07 15:22 - 2015-07-07 15:25 - 12908872 _____ C:\Users\Kavapalu\Downloads\tweaking.com_windows_repair_aio_setup.exe

2015-07-06 20:36 - 2015-07-06 20:37 - 00000000 ____D C:\Users\Kavapalu\Documents\NFSTR

2015-07-06 16:19 - 2015-07-06 16:19 - 00025771 _____ C:\ComboFix.txt

2015-07-06 16:13 - 2015-07-06 16:20 - 00000000 ____D C:\Qoobox

2015-07-06 16:13 - 2015-07-06 16:19 - 00000000 ____D C:\Windows\erdnt

2015-07-06 16:13 - 2011-06-26 16:45 - 00256000 _____ C:\Windows\PEV.exe

2015-07-06 16:13 - 2010-11-08 03:20 - 00208896 _____ C:\Windows\MBR.exe

2015-07-06 16:13 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-07-06 16:13 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-07-06 16:13 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-07-06 16:13 - 2000-08-31 10:00 - 00098816 _____ C:\Windows\sed.exe

2015-07-06 16:13 - 2000-08-31 10:00 - 00080412 _____ C:\Windows\grep.exe

2015-07-06 16:13 - 2000-08-31 10:00 - 00068096 _____ C:\Windows\zip.exe

2015-07-06 16:08 - 2015-07-06 16:09 - 05631375 ____R (Swearware) C:\Users\Kavapalu\Downloads\ComboFix.exe

2015-07-05 00:54 - 2015-07-05 00:57 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Kavapalu\Downloads\tdsskiller.exe

2015-07-04 01:24 - 2015-07-04 01:31 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kavapalu\Downloads\mbam-setup-2.1.8.1057.exe

2015-07-04 01:11 - 2015-07-04 01:13 - 00000000 ____D C:\AdwCleaner

2015-07-04 01:10 - 2015-07-04 01:10 - 02244096 _____ C:\Users\Kavapalu\Downloads\AdwCleaner.exe

2015-07-04 01:05 - 2015-07-07 15:30 - 01132804 _____ C:\Windows\system32\CFG3294181778

2015-07-04 00:58 - 2015-07-04 00:58 - 00001155 _____ C:\Users\Kavapalu\Desktop\FRST64 - Shortcut.lnk

2015-07-03 16:32 - 2015-07-14 19:16 - 00020156 _____ C:\Users\Kavapalu\Downloads\FRST.txt

2015-07-03 16:32 - 2015-07-03 16:32 - 00041739 _____ C:\Users\Kavapalu\Downloads\Addition.txt

2015-07-03 16:31 - 2015-07-14 19:16 - 00000000 ____D C:\FRST

2015-07-03 16:30 - 2015-07-14 19:16 - 02133504 _____ (Farbar) C:\Users\Kavapalu\Downloads\FRST64.exe

2015-07-02 17:41 - 2015-07-02 17:41 - 00000017 _____ C:\Users\Kavapalu\AppData\Local\resmon.resmoncfg

2015-07-01 13:58 - 2015-07-01 14:05 - 05684904 _____ (Avast Software s.r.o.) C:\Users\Kavapalu\Desktop\avastclear.exe

2015-06-30 20:10 - 2015-06-30 21:23 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Kavapalu\Downloads\avast_free_antivirus_setup.exe

2015-06-29 22:18 - 2015-07-01 14:19 - 00000000 ____D C:\Windows\pss

2015-06-26 13:32 - 2015-06-29 18:02 - 00174080 _____ (drms media group) C:\Windows\Providernew.dll

2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx

2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 18:49 - 2013-02-03 08:27 - 01149481 _____ C:\Windows\WindowsUpdate.log

2015-07-14 18:23 - 2012-09-26 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-14 18:17 - 2015-06-08 14:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-14 16:15 - 2009-07-14 14:45 - 00025472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-14 16:15 - 2009-07-14 14:45 - 00025472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-14 14:17 - 2015-06-08 14:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-13 19:29 - 2015-06-06 13:18 - 00000000 ____D C:\Windows\Minidump

2015-07-13 18:53 - 2009-07-14 15:13 - 00006462 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-13 18:49 - 2015-02-05 15:21 - 00000512 _____ C:\LicenseBlock.dat

2015-07-13 18:46 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-10 00:44 - 2015-04-13 09:01 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-07-10 00:44 - 2014-11-10 13:44 - 00000000 ____D C:\Program Files\iTunes

2015-07-10 00:44 - 2014-11-10 13:44 - 00000000 ____D C:\Program Files\iPod

2015-07-10 00:44 - 2014-01-13 20:14 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-07-08 04:19 - 2015-06-08 14:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-07-07 16:07 - 2012-09-26 15:51 - 00118368 _____ C:\Users\Kavapalu\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-07 15:42 - 2009-07-14 14:45 - 05052720 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-06 18:11 - 2012-09-26 16:20 - 00000939 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-07-06 16:18 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini

2015-07-04 01:01 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-07-04 01:01 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2015-07-03 21:39 - 2015-02-05 15:33 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\GSMiscDownload

2015-07-03 12:37 - 2013-09-11 18:03 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Mp3tag

2015-07-01 14:19 - 2015-06-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-07-01 14:19 - 2015-06-06 12:31 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Rainmaker_Software_Group_

2015-07-01 14:19 - 2015-04-16 03:22 - 00000000 ____D C:\Windows\system32\appraiser

2015-07-01 14:19 - 2015-04-06 10:02 - 00000000 ___SD C:\Windows\system32\GWX

2015-07-01 14:19 - 2015-02-10 21:52 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Apps\2.0

2015-07-01 14:19 - 2014-09-11 03:45 - 00000000 ____D C:\Windows\rescache

2015-07-01 14:19 - 2014-05-13 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-07-01 14:19 - 2014-03-27 17:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2015-07-01 14:19 - 2014-03-08 13:35 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Skype

2015-07-01 14:19 - 2014-01-28 19:06 - 00000000 ____D C:\ProgramData\install_clap

2015-07-01 14:19 - 2013-09-05 15:40 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\vlc

2015-07-01 14:19 - 2012-12-16 17:05 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\dvdcss

2015-07-01 14:19 - 2012-10-15 13:46 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\DivX

2015-07-01 14:19 - 2012-10-05 18:01 - 00000000 ____D C:\Windows\System32\Tasks\Games

2015-07-01 14:19 - 2012-10-04 21:46 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\AVCWare

2015-07-01 14:19 - 2012-09-26 16:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2015-07-01 14:19 - 2012-09-26 16:29 - 00000000 ____D C:\Windows\system32\Macromed

2015-07-01 14:19 - 2012-09-26 15:08 - 00000000 ____D C:\Users\Kavapalu

2015-07-01 14:19 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\servicing

2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration

2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat

2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2015-06-30 19:41 - 2012-09-26 15:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-06-30 19:05 - 2014-11-23 22:25 - 00002170 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-06-29 22:37 - 2015-05-04 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-06-29 22:37 - 2015-04-06 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-06-29 22:37 - 2015-01-22 20:07 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite

2015-06-29 22:37 - 2015-01-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-06-29 22:37 - 2014-03-08 13:35 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-06-29 22:37 - 2014-03-08 13:35 - 00000000 ____D C:\ProgramData\Skype

2015-06-29 22:37 - 2013-07-04 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU

2015-06-29 22:37 - 2013-07-04 22:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2015-06-29 22:37 - 2013-01-09 20:07 - 00000000 ____D C:\Program Files (x86)\SoftQuick

2015-06-29 22:37 - 2012-10-31 19:06 - 00000000 ____D C:\Program Files\Bonjour

2015-06-29 22:37 - 2012-10-31 19:06 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-06-29 22:37 - 2012-09-27 10:41 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-29 22:37 - 2012-09-26 16:32 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-06-29 22:37 - 2010-11-21 17:16 - 00000000 ____D C:\Program Files\Windows Journal

2015-06-29 22:36 - 2015-04-09 15:25 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Apowersoft

2015-06-29 22:36 - 2015-04-06 10:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-06-29 22:36 - 2014-10-13 14:37 - 00000000 ____D C:\Users\Kavapalu\Downloads\ʻOfá-ko e ʻElito ʻo e Ongoongoleleí - Thomas S. Monson_files

2015-06-29 22:36 - 2014-01-28 19:10 - 00000000 ____D C:\Users\Public\CyberLink

2015-06-29 22:36 - 2013-07-04 22:13 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU

2015-06-29 22:36 - 2010-11-21 17:16 - 00000000 ____D C:\Windows\ShellNew

2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF

2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\Dism

2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers

2015-06-29 20:06 - 2012-11-12 19:55 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Unity

2015-06-29 20:05 - 2013-09-16 17:13 - 00000000 ____D C:\Program Files (x86)\MixMeister Fusion

2015-06-29 19:56 - 2014-01-28 19:06 - 00000000 ____D C:\Program Files\CyberLink

2015-06-29 19:54 - 2013-06-28 10:27 - 00000000 ____D C:\Program Files (x86)\GRID 2

2015-06-29 19:54 - 2013-04-03 15:32 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics

2015-06-25 04:27 - 2015-06-10 11:23 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-06-25 04:27 - 2012-09-26 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-25 04:27 - 2012-09-26 16:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-25 04:27 - 2012-09-26 16:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2012-06-25 18:58 - 2012-06-25 18:58 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll

2014-01-03 10:43 - 2014-03-31 23:24 - 0000178 _____ () C:\Users\Kavapalu\AppData\Roaming\WB.CFG

2013-09-21 14:05 - 2014-03-16 14:46 - 0020480 _____ () C:\Users\Kavapalu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-07-02 17:41 - 2015-07-02 17:41 - 0000017 _____ () C:\Users\Kavapalu\AppData\Local\resmon.resmoncfg

2008-02-06 07:28 - 2008-02-06 07:28 - 0000051 _____ () C:\Users\Kavapalu\AppData\Local\setup.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 00:48

==================== End of log ============================

#44
Essexboy

Posted 14 July 2015 - 07:53 AM

GeekU Moderator

Retired Staff
69,964 posts

This fix will need to be run from safe mode

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]
CHR Extension: (Avast Online Security) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-03] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Avast Uninstall Utility to your Desktop.

Run the uninstall tool and accept the reboot to safe mode
Once complete reboot your system

----------

THEN

Download and install Panda free antivirus from here http://www.pandasecu...free-antivirus/

Once done let me know how the computer is

#45
ntk04

Posted 14 July 2015 - 11:54 PM

Member

Topic Starter
Member
47 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Kavapalu at 2015-07-15 15:48:14 Run:2

Running from C:\Users\Kavapalu\Downloads

Loaded Profiles: Kavapalu (Available Profiles: Kavapalu)

Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:

*****************