Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Free Antivirus & Malware will not open or run [Closed]


  • This topic is locked This topic is locked

#31
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

waiting for further instructions


  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK what I would like now is for you to go to safe mode and let me know if Malwarebytes will run there
  • 0

#33
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

i can't even install malwarebytes for me to run it in safe mode


Edited by ntk04, 08 July 2015 - 08:28 AM.

  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have access to another computer and a USB drive ?

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    liveusb_ru.jpg
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Live%20boot%20screen.png
  • Use arrow keys to select DrWeb-LiveCD (Default)

    drwebselect.JPG
  • Press select objects for scanning

    drwebfolders.JPG
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    drwebscan.JPG
  • When it has completed

    drwebscancomplete.JPG
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

#35
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

ok ill let u know once im done


  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks
  • 0

#37
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

ok I've downloaded it connected the flash drive and nothing...... I've tried to launch the dr web but nothing... am i suppose to open it in the flash drive???


Edited by ntk04, 09 July 2015 - 11:31 PM.

  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

•Reboot the infected computer with the USB in the drive
•Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions

 

Did you do this part ?


  • 0

#39
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

sorry for the delay...... attempting now.... will let u know how i go


  • 0

#40
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

ok i've tried but i can't even launch Dr web live USB..........


  • 0

Advertisements


#41
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

everything seems to be working fine..... its just that at the moment i don't have an anti virus thats on. internet works but real slow and i know its because i don't have an active anti virus. and the main problem is what we're trying to fix now, which is we can't run/install/uninstall avast,avast utility, malware & Dr Web Live USB...... 


Edited by ntk04, 13 July 2015 - 02:59 AM.

  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run a fresh FRST scan, I will remove Avast manually and then try AVG or Avira
  • 0

#43
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

ok here is that fresh FRST scan log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by Kavapalu (administrator) on KAVAPALU2015 on 14-07-2015 19:16:44
Running from C:\Users\Kavapalu\Downloads
Loaded Profiles: Kavapalu (Available Profiles: Kavapalu)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oti) C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\MacKMLink.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\ExImg\ImageRoot\SKLoader.exe
() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\LEWD.exe
() C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\LinkEngKM.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\...\Run: [CS Dispatch] => C:\Users\Kavapalu\AppData\Roaming\OTi\MacKMLink1261\FunctModules\{8AEC7F86-B5F4-499b-9ACE-203F46E4469D}\MacKMLink.exe [268368 2012-11-12] (Oti)
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_8CA6FDC19A04B78027F821A36FE40F4F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-06] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ACCFB76D-CDB2-4116-8FB1-C85880C6044D}: [DhcpNameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{F962F92D-E743-4672-AB9B-832DB6AD6BB3}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-2443050622-1473135098-2417645833-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-21] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-08]
CHR Extension: (YouTube) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-08]
CHR Extension: (Google Search) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-08]
CHR Extension: (Google Sheets) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Avast Online Security) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR Extension: (Gmail) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-09-26] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-26] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-12-01] (Creative Technology Ltd) [File not signed]
S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-04-22] (Creative Technology Ltd)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-25] () [File not signed]
S4 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2011-10-12] (SA International) [File not signed]
S4 SAiDownloader; C:\Program Files (x86)\FlexiSTARTER 10.5 P-Cut Edition1\Program\SAiDownloaderVistaUI.exe [417792 2011-10-12] (SA International) [File not signed]
S4 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2011-10-12] (SA International) [File not signed]
S4 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) [File not signed]
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-05-27] (SafeNet, Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-05] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-03] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-04-22] (Creative Technology Ltd)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-23] (Qualcomm Atheros, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 19:16 - 2015-07-14 19:16 - 00000000 ____D C:\Users\Kavapalu\Downloads\FRST-OlderVersion
2015-07-10 00:44 - 2015-07-10 00:44 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-10 00:44 - 2015-07-10 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-10 00:44 - 2015-07-10 00:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-09 23:35 - 2015-07-09 23:35 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-09 23:35 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-09 23:35 - 2015-07-09 23:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-09 19:43 - 2015-07-09 22:50 - 629748864 _____ (Doctor Web, Ltd.) C:\Users\Kavapalu\Downloads\drweb-livedisk-900-usb.exe
2015-07-07 15:30 - 2015-07-07 15:30 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KAVAPALU2015-Windows-7-Ultimate-(64-bit).dat
2015-07-07 15:30 - 2015-07-07 15:30 - 00000000 ____D C:\RegBackup
2015-07-07 15:29 - 2015-07-07 15:29 - 00019884 _____ C:\Users\Kavapalu\Downloads\Tweaking.com - Windows Repair - Pre-Scan.txt
2015-07-07 15:26 - 2015-07-07 15:26 - 00003668 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-07-07 15:26 - 2015-07-07 15:26 - 00002163 _____ C:\Users\Kavapalu\Desktop\Tweaking.com - Windows Repair.lnk
2015-07-07 15:26 - 2015-07-07 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-07 15:26 - 2015-07-07 15:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-07 15:22 - 2015-07-07 15:25 - 12908872 _____ C:\Users\Kavapalu\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-07-06 20:36 - 2015-07-06 20:37 - 00000000 ____D C:\Users\Kavapalu\Documents\NFSTR
2015-07-06 16:19 - 2015-07-06 16:19 - 00025771 _____ C:\ComboFix.txt
2015-07-06 16:13 - 2015-07-06 16:20 - 00000000 ____D C:\Qoobox
2015-07-06 16:13 - 2015-07-06 16:19 - 00000000 ____D C:\Windows\erdnt
2015-07-06 16:13 - 2011-06-26 16:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-06 16:13 - 2010-11-08 03:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-06 16:13 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-06 16:13 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-06 16:13 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-06 16:13 - 2000-08-31 10:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-06 16:13 - 2000-08-31 10:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-06 16:13 - 2000-08-31 10:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-06 16:08 - 2015-07-06 16:09 - 05631375 ____R (Swearware) C:\Users\Kavapalu\Downloads\ComboFix.exe
2015-07-05 00:54 - 2015-07-05 00:57 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Kavapalu\Downloads\tdsskiller.exe
2015-07-04 01:24 - 2015-07-04 01:31 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Kavapalu\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-04 01:11 - 2015-07-04 01:13 - 00000000 ____D C:\AdwCleaner
2015-07-04 01:10 - 2015-07-04 01:10 - 02244096 _____ C:\Users\Kavapalu\Downloads\AdwCleaner.exe
2015-07-04 01:05 - 2015-07-07 15:30 - 01132804 _____ C:\Windows\system32\CFG3294181778
2015-07-04 00:58 - 2015-07-04 00:58 - 00001155 _____ C:\Users\Kavapalu\Desktop\FRST64 - Shortcut.lnk
2015-07-03 16:32 - 2015-07-14 19:16 - 00020156 _____ C:\Users\Kavapalu\Downloads\FRST.txt
2015-07-03 16:32 - 2015-07-03 16:32 - 00041739 _____ C:\Users\Kavapalu\Downloads\Addition.txt
2015-07-03 16:31 - 2015-07-14 19:16 - 00000000 ____D C:\FRST
2015-07-03 16:30 - 2015-07-14 19:16 - 02133504 _____ (Farbar) C:\Users\Kavapalu\Downloads\FRST64.exe
2015-07-02 17:41 - 2015-07-02 17:41 - 00000017 _____ C:\Users\Kavapalu\AppData\Local\resmon.resmoncfg
2015-07-01 13:58 - 2015-07-01 14:05 - 05684904 _____ (Avast Software s.r.o.) C:\Users\Kavapalu\Desktop\avastclear.exe
2015-06-30 20:10 - 2015-06-30 21:23 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Kavapalu\Downloads\avast_free_antivirus_setup.exe
2015-06-29 22:18 - 2015-07-01 14:19 - 00000000 ____D C:\Windows\pss
2015-06-26 13:32 - 2015-06-29 18:02 - 00174080 _____ (drms media group) C:\Windows\Providernew.dll
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 18:49 - 2013-02-03 08:27 - 01149481 _____ C:\Windows\WindowsUpdate.log
2015-07-14 18:23 - 2012-09-26 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 18:17 - 2015-06-08 14:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 16:15 - 2009-07-14 14:45 - 00025472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 16:15 - 2009-07-14 14:45 - 00025472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 14:17 - 2015-06-08 14:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 19:29 - 2015-06-06 13:18 - 00000000 ____D C:\Windows\Minidump
2015-07-13 18:53 - 2009-07-14 15:13 - 00006462 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 18:49 - 2015-02-05 15:21 - 00000512 _____ C:\LicenseBlock.dat
2015-07-13 18:46 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 00:44 - 2015-04-13 09:01 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-10 00:44 - 2014-11-10 13:44 - 00000000 ____D C:\Program Files\iTunes
2015-07-10 00:44 - 2014-11-10 13:44 - 00000000 ____D C:\Program Files\iPod
2015-07-10 00:44 - 2014-01-13 20:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-08 04:19 - 2015-06-08 14:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 16:07 - 2012-09-26 15:51 - 00118368 _____ C:\Users\Kavapalu\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-07 15:42 - 2009-07-14 14:45 - 05052720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-06 18:11 - 2012-09-26 16:20 - 00000939 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-06 16:18 - 2009-07-14 12:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 01:01 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-04 01:01 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-03 21:39 - 2015-02-05 15:33 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\GSMiscDownload
2015-07-03 12:37 - 2013-09-11 18:03 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Mp3tag
2015-07-01 14:19 - 2015-06-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 14:19 - 2015-06-06 12:31 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Rainmaker_Software_Group_
2015-07-01 14:19 - 2015-04-16 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-01 14:19 - 2015-04-06 10:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-01 14:19 - 2015-02-10 21:52 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Apps\2.0
2015-07-01 14:19 - 2014-09-11 03:45 - 00000000 ____D C:\Windows\rescache
2015-07-01 14:19 - 2014-05-13 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-01 14:19 - 2014-03-27 17:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-01 14:19 - 2014-03-08 13:35 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Skype
2015-07-01 14:19 - 2014-01-28 19:06 - 00000000 ____D C:\ProgramData\install_clap
2015-07-01 14:19 - 2013-09-05 15:40 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\vlc
2015-07-01 14:19 - 2012-12-16 17:05 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\dvdcss
2015-07-01 14:19 - 2012-10-15 13:46 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\DivX
2015-07-01 14:19 - 2012-10-05 18:01 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-07-01 14:19 - 2012-10-04 21:46 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\AVCWare
2015-07-01 14:19 - 2012-09-26 16:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-07-01 14:19 - 2012-09-26 16:29 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-01 14:19 - 2012-09-26 15:08 - 00000000 ____D C:\Users\Kavapalu
2015-07-01 14:19 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\servicing
2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-01 14:19 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-30 19:41 - 2012-09-26 15:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-30 19:05 - 2014-11-23 22:25 - 00002170 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-29 22:37 - 2015-05-04 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-06-29 22:37 - 2015-04-06 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-29 22:37 - 2015-01-22 20:07 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-06-29 22:37 - 2015-01-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-29 22:37 - 2014-03-08 13:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-29 22:37 - 2014-03-08 13:35 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 22:37 - 2013-07-04 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-06-29 22:37 - 2013-07-04 22:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2015-06-29 22:37 - 2013-01-09 20:07 - 00000000 ____D C:\Program Files (x86)\SoftQuick
2015-06-29 22:37 - 2012-10-31 19:06 - 00000000 ____D C:\Program Files\Bonjour
2015-06-29 22:37 - 2012-10-31 19:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-29 22:37 - 2012-09-27 10:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-29 22:37 - 2012-09-26 16:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-29 22:37 - 2010-11-21 17:16 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-29 22:36 - 2015-04-09 15:25 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Apowersoft
2015-06-29 22:36 - 2015-04-06 10:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-29 22:36 - 2014-10-13 14:37 - 00000000 ____D C:\Users\Kavapalu\Downloads\ʻOfá-ko e ʻElito ʻo e Ongoongoleleí - Thomas S. Monson_files
2015-06-29 22:36 - 2014-01-28 19:10 - 00000000 ____D C:\Users\Public\CyberLink
2015-06-29 22:36 - 2013-07-04 22:13 - 00000000 ____D C:\Users\Kavapalu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-06-29 22:36 - 2010-11-21 17:16 - 00000000 ____D C:\Windows\ShellNew
2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-29 22:36 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-29 20:06 - 2012-11-12 19:55 - 00000000 ____D C:\Users\Kavapalu\AppData\Local\Unity
2015-06-29 20:05 - 2013-09-16 17:13 - 00000000 ____D C:\Program Files (x86)\MixMeister Fusion
2015-06-29 19:56 - 2014-01-28 19:06 - 00000000 ____D C:\Program Files\CyberLink
2015-06-29 19:54 - 2013-06-28 10:27 - 00000000 ____D C:\Program Files (x86)\GRID 2
2015-06-29 19:54 - 2013-04-03 15:32 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-06-25 04:27 - 2015-06-10 11:23 - 18174128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-25 04:27 - 2012-09-26 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 04:27 - 2012-09-26 16:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 04:27 - 2012-09-26 16:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2012-06-25 18:58 - 2012-06-25 18:58 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-01-03 10:43 - 2014-03-31 23:24 - 0000178 _____ () C:\Users\Kavapalu\AppData\Roaming\WB.CFG
2013-09-21 14:05 - 2014-03-16 14:46 - 0020480 _____ () C:\Users\Kavapalu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-02 17:41 - 2015-07-02 17:41 - 0000017 _____ () C:\Users\Kavapalu\AppData\Local\resmon.resmoncfg
2008-02-06 07:28 - 2008-02-06 07:28 - 0000051 _____ () C:\Users\Kavapalu\AppData\Local\setup.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 00:48
 
==================== End of log ============================

  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This fix will need to be run from safe mode

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]
CHR Extension: (Avast Online Security) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-03] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Avast Uninstall Utility to your Desktop.
  • Run the uninstall tool and accept the reboot to safe mode
  • Once complete reboot your system
----------

THEN

Download and install Panda free antivirus from here http://www.pandasecu...free-antivirus/

Once done let me know how the computer is
  • 0

#45
ntk04

ntk04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Kavapalu at 2015-07-15 15:48:14 Run:2
Running from C:\Users\Kavapalu\Downloads
Loaded Profiles: Kavapalu (Available Profiles: Kavapalu)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26]
CHR Extension: (Avast Online Security) - C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-03] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2443050622-1473135098-2417645833-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
C:\Program Files\AVAST Software\Avast\WebRep\FF => moved successfully.
C:\Users\Kavapalu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
avast! Antivirus => Service removed successfully
aswHwid => Service removed successfully
aswKbd => Unable to stop service.
aswKbd => Service removed successfully
aswMonFlt => Service removed successfully
aswRdr => Service removed successfully
aswRvrt => Service removed successfully
aswSnx => Service removed successfully
aswSP => Service removed successfully
aswStm => Service removed successfully
aswTap => Service removed successfully
aswVmm => Service removed successfully
catchme => Service removed successfully
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.. 
 

 

==== End of Fixlog 15:48:19 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP