Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on March 08, 2015, 08:08:00 AM
-
I had some malware, and wanted to uninstall avast, then reinstall it since it was not working. If I try to reinstall I get:
"The stub cannot run installer/updater executable 'C\Program\Files\AVAST Software\Avast\Setup\Sfx\avast.setup' (code 0x3)
When I try to run avastclear I get the same exact message. Doesn't matter if I am in safe mode or not. I even tried running as admin in every mode.
I've been using different scans, I have ran malwarebytes, adwcleaner, ccleaner, Downloaded and installed Microsoft Security Essentials...I don't know what else to do.
I'm a long time user of avast, and I've never had any experience like this. I am at my wits end. Please help me.
-
Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0
-
Here are my logs.
-
We will clear the malware first and then try to re-install Avast
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM\...\Run: [3dbs_2] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1044276522-2504370285-3631023187-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:52794;https=127.0.0.1:52794
Toolbar: HKU\S-1-5-21-1044276522-2504370285-3631023187-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1044276522-2504370285-3631023187-1000 -> No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
CHR DefaultSearchKeyword: Default -> 2B11C41AFEA7816AD79344B43E0BDBBCA866291F1E4A28E03F2A196C7DA344EB
CHR DefaultSearchURL: Default -> 628C1A851E8EC782739B69FC37EF8BF20B3DA044EB5299657D18238E35BA8B52
S2 56f83cd8; "C:\windows\system32\rundll32.exe" "c:\Program Files\SoftwarePlus\SoftwarePlus.dll",serv
2015-03-07 23:54 - 2015-03-08 00:01 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-07 23:54 - 2015-03-07 23:54 - 00000000 ____D () C:\Users\zachary\AppData\Local\MFAData
2015-03-01 11:48 - 2015-03-01 11:48 - 00000000 ____D () C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e
2015-02-09 10:44 - 2015-03-07 23:12 - 00000000 ____D () C:\ProgramData\977e8aca43da14a
2015-03-07 23:07 - 2015-01-24 01:58 - 00000000 ____D () C:\ProgramData\NhYnHkd
2015-03-07 23:05 - 2014-11-09 17:07 - 00000000 ____D () C:\ProgramData\RuqiBvogo
2015-03-07 23:05 - 2014-11-09 17:07 - 00000000 ____D () C:\ProgramData\CeliGunc
2015-03-07 23:05 - 2014-11-09 01:28 - 00000000 ____D () C:\ProgramData\HidwEceku
2015-03-07 23:05 - 2014-11-09 01:28 - 00000000 ____D () C:\ProgramData\AatlIbnan
2015-03-07 23:05 - 2014-11-04 19:25 - 00000000 ____D () C:\ProgramData\FuhayTidgi
2015-03-07 23:05 - 2014-11-03 21:35 - 00000000 ____D () C:\ProgramData\WogeLbedu
2015-01-24 02:01 - 2015-01-24 02:01 - 0000088 _____ () C:\Users\zachary\AppData\Local\95d34e5026ed72a44508df2327358ee6
Task: {4DCA04A8-C46E-481F-AC33-D51E14AB644C} - System32\Tasks\RunTool => C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e\install_temp.exe [2015-03-01] ()
Task: {A22F325D-A559-41E4-939C-CB156F61042E} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe
Task: {BBCEF3D2-0175-45B2-9BD0-FD4148449E1D} - \DonutQuotes No Task File <==== ATTENTION
Task: {B440CFCA-CB04-4B0C-AD92-4396CE2FEB44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {B855AF0D-D76A-414D-877A-4F2249F708F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {795AB6E3-DB65-4D57-A208-6F5C85CA8F89} - System32\Tasks\{BE69F521-BA70-46A9-AAAA-68D9559857E3} => pcalua.exe -a "C:\Program Files\Mp3Tube Toolbar\uninstall.exe" -c bho /S
Task: {BBCEF3D2-0175-45B2-9BD0-FD4148449E1D} - \DonutQuotes No Task File <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X]
C:\$Recycle.Bin\S-1-5-18\$94d6765fa10d8d4f18832fea183a04a2
C:\Users\zachary\AppData\Local\Google\Chrome
c:\Program Files\SoftwarePlus
C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e
C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
C:\Program Files\Mp3Tube Toolbar
C:\Program Files\Free Ride Games
2014-11-09 01:29 - 2014-11-09 01:29 - 0000448 ____H () C:\Users\zachary\AppData\Roaming\麽鎒駓覜
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download and run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
Thank you very much, here are the logs that were completed after following the instructions. I've also included them as attachments.
fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 03
Ran by zachary at 2015-03-08 12:49:17 Run:1
Running from C:\Users\zachary\Downloads
Loaded Profiles: zachary (Available profiles: zachary)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [3dbs_2] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1044276522-2504370285-3631023187-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:52794;https=127.0.0.1:52794
Toolbar: HKU\S-1-5-21-1044276522-2504370285-3631023187-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1044276522-2504370285-3631023187-1000 -> No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File
CHR DefaultSearchKeyword: Default -> 2B11C41AFEA7816AD79344B43E0BDBBCA866291F1E4A28E03F2A196C7DA344EB
CHR DefaultSearchURL: Default -> 628C1A851E8EC782739B69FC37EF8BF20B3DA044EB5299657D18238E35BA8B52
S2 56f83cd8; "C:\windows\system32\rundll32.exe" "c:\Program Files\SoftwarePlus\SoftwarePlus.dll",serv
2015-03-07 23:54 - 2015-03-08 00:01 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-07 23:54 - 2015-03-07 23:54 - 00000000 ____D () C:\Users\zachary\AppData\Local\MFAData
2015-03-01 11:48 - 2015-03-01 11:48 - 00000000 ____D () C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e
2015-02-09 10:44 - 2015-03-07 23:12 - 00000000 ____D () C:\ProgramData\977e8aca43da14a
2015-03-07 23:07 - 2015-01-24 01:58 - 00000000 ____D () C:\ProgramData\NhYnHkd
2015-03-07 23:05 - 2014-11-09 17:07 - 00000000 ____D () C:\ProgramData\RuqiBvogo
2015-03-07 23:05 - 2014-11-09 17:07 - 00000000 ____D () C:\ProgramData\CeliGunc
2015-03-07 23:05 - 2014-11-09 01:28 - 00000000 ____D () C:\ProgramData\HidwEceku
2015-03-07 23:05 - 2014-11-09 01:28 - 00000000 ____D () C:\ProgramData\AatlIbnan
2015-03-07 23:05 - 2014-11-04 19:25 - 00000000 ____D () C:\ProgramData\FuhayTidgi
2015-03-07 23:05 - 2014-11-03 21:35 - 00000000 ____D () C:\ProgramData\WogeLbedu
2015-01-24 02:01 - 2015-01-24 02:01 - 0000088 _____ () C:\Users\zachary\AppData\Local\95d34e5026ed72a44508df2327358ee6
Task: {4DCA04A8-C46E-481F-AC33-D51E14AB644C} - System32\Tasks\RunTool => C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e\install_temp.exe [2015-03-01] ()
Task: {A22F325D-A559-41E4-939C-CB156F61042E} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe
Task: {BBCEF3D2-0175-45B2-9BD0-FD4148449E1D} - \DonutQuotes No Task File <==== ATTENTION
Task: {B440CFCA-CB04-4B0C-AD92-4396CE2FEB44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {B855AF0D-D76A-414D-877A-4F2249F708F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-13] (Google Inc.)
Task: {795AB6E3-DB65-4D57-A208-6F5C85CA8F89} - System32\Tasks\{BE69F521-BA70-46A9-AAAA-68D9559857E3} => pcalua.exe -a "C:\Program Files\Mp3Tube Toolbar\uninstall.exe" -c bho /S
Task: {BBCEF3D2-0175-45B2-9BD0-FD4148449E1D} - \DonutQuotes No Task File <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X]
C:\$Recycle.Bin\S-1-5-18\$94d6765fa10d8d4f18832fea183a04a2
C:\Users\zachary\AppData\Local\Google\Chrome
c:\Program Files\SoftwarePlus
C:\Users\zachary\AppData\Local\444676a2-7f7c-4eae-8faa-9ec93b841c4e
C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
C:\Program Files\Mp3Tube Toolbar
C:\Program Files\Free Ride Games
2014-11-09 01:29 - 2014-11-09 01:29 - 0000448 ____H () C:\Users\zachary\AppData\Roaming\????
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
FSS:
Farbar Service Scanner Version: 17-01-2015
Ran by zachary (administrator) on 08-03-2015 at 12:57:58
Running from "C:\Users\zachary\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\windows\system32\nsisvc.dll => File is digitally signed
C:\windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\windows\system32\dhcpcore.dll => File is digitally signed
C:\windows\system32\Drivers\afd.sys => File is digitally signed
C:\windows\system32\Drivers\tdx.sys => File is digitally signed
C:\windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\windows\system32\dnsrslvr.dll => File is digitally signed
C:\windows\system32\mpssvc.dll => File is digitally signed
C:\windows\system32\bfe.dll => File is digitally signed
C:\windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\windows\system32\SDRSVC.dll => File is digitally signed
C:\windows\system32\vssvc.exe => File is digitally signed
C:\windows\system32\wscsvc.dll => File is digitally signed
C:\windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\windows\system32\wuaueng.dll => File is digitally signed
C:\windows\system32\qmgr.dll => File is digitally signed
C:\windows\system32\es.dll => File is digitally signed
C:\windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\windows\system32\ipnathlp.dll => File is digitally signed
C:\windows\system32\iphlpsvc.dll => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
**** End of log ****
-
Could you manually delete this folder please :
C:\Users\zachary\AppData\Roaming\麽鎒駓覜
Follow these steps to display hidden files and folders.
1.Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2.Click the View tab.
3.Under Advanced settings, click Show hidden files and folders, and then click OK.
Once done we will go for a full clean install of Avast
Download Avast Uninstall Utility (http://www.avast.com/en-gb/uninstall-utility) to your Desktop.
Download the correct version of Avast
Avast Free (http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe)
Avast Pro (http://files.avast.com/iavs9x/avast_pro_antivirus_setup.exe)
Avast Internet Security (http://files.avast.com/iavs9x/avast_internet_security_setup.exe)
Avast Premier (http://files.avast.com/iavs9x/avast_premier_antivirus_setup.exe)
Disconnect from the net
Uninstall Avast via control panel
- Run the uninstall tool and accept the reboot to safe mode
- Once complete reboot your system
- Reinstall Avast
----------
-
I just tried that, and I am still receiving the same error messages as stated in the original post. I did right click, and run as admin.
-
Did you uninstall from the control panel and then run Avast uninstall utility ?
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
when I try to uninstall from the control panel, nothing happens. It the computer just sits there. I will try ComboFix now.
-
Ok, I've completed Combofix and restarted.
I tried to uninstall from Control Panel. Same thing happened.
When I click uninstall, nothing happens. Even if I wait 5 minutes, the screen never changes, no notifications of a uninstaller.
When I try Avastclear, I am still getting the same messages as in my original post.
I will include the log as an attachment, and post it below.
ComboFix 15-03-01.01 - zachary 03/08/2015 14:16:32.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1487 [GMT -4:00]
Running from: c:\users\zachary\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\@system3.att
c:\users\zachary\AppData\Local\dsisetup19813842.exe
c:\users\zachary\AppData\Local\nsyBE45.tmp
c:\users\zachary\AppData\Roaming\FrameworkUpdate7
c:\users\zachary\Documents\~WRL3391.tmp
c:\windows\msdownld.tmp
c:\windows\system32\Thumbs.db
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 18:30 . 2015-03-08 18:30 -------- d-----w- c:\users\zachary\AppData\Local\temp
2015-03-08 15:38 . 2015-02-16 09:21 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80982502-2A4B-4252-BCD8-B59DF613DD63}\mpengine.dll
2015-03-08 05:53 . 2014-09-10 20:30 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5DF79EB-A386-4E30-B4E6-5DB21CA583E0}\gapaengine.dll
2015-03-08 05:53 . 2015-02-16 09:21 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-08 05:50 . 2015-02-16 09:21 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40D967A5-AB1D-45DE-AC2B-4233D5192828}\mpengine.dll
2015-03-08 05:49 . 2015-03-08 06:08 -------- d-----w- c:\program files\Microsoft Security Client
2015-03-08 05:16 . 2015-03-08 05:24 -------- d-----w- C:\AdwCleaner
2015-03-08 04:56 . 2015-03-08 18:05 -------- d-----w- C:\FRST
2015-03-08 03:57 . 2015-03-08 03:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2015
2015-03-08 03:54 . 2015-03-08 03:54 -------- d--h--w- c:\programdata\Common Files
2015-03-08 02:33 . 2015-03-08 07:23 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 02:33 . 2015-03-08 15:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 02:33 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-08 02:33 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-04 13:24 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-03-04 13:24 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-03-04 13:24 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-03-01 15:59 . 2015-03-08 03:05 -------- d-----w- c:\program files\Screen Resolution Tester
2015-02-25 13:48 . 2015-03-08 03:05 -------- d-----w- c:\program files\Grooveshark Mediakeys Reloaded
2015-02-17 13:45 . 2015-01-23 03:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-17 13:45 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 20:01 . 2015-03-04 13:29 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-02-12 15:24 . 2015-01-12 01:22 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-12 15:24 . 2015-01-12 02:05 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-12 15:24 . 2015-01-12 01:36 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-02-12 15:24 . 2015-01-12 02:08 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-02-12 15:24 . 2015-01-12 02:16 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-02-12 15:21 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-02-12 15:21 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-12 15:19 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 15:18 . 2015-02-04 02:53 767488 ----a-w- c:\windows\system32\appraiser.dll
2015-02-12 15:18 . 2015-02-04 02:54 482304 ----a-w- c:\windows\system32\generaltel.dll
2015-02-12 15:18 . 2015-02-04 02:53 621056 ----a-w- c:\windows\system32\invagent.dll
2015-02-12 15:18 . 2015-02-04 02:53 325632 ----a-w- c:\windows\system32\devinv.dll
2015-02-12 15:18 . 2015-02-04 02:49 886784 ----a-w- c:\windows\system32\aeinv.dll
2015-02-12 15:18 . 2015-01-27 23:36 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-02-12 15:18 . 2015-02-04 02:53 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-02-12 15:18 . 2015-02-04 02:53 159744 ----a-w- c:\windows\system32\aepic.dll
2015-02-12 15:17 . 2015-01-10 06:27 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-02-12 15:17 . 2015-01-10 06:27 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-02-12 15:17 . 2015-01-10 06:27 248832 ----a-w- c:\windows\system32\schannel.dll
2015-02-12 15:17 . 2015-01-10 06:27 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-02-12 15:17 . 2015-01-10 06:27 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-02-12 15:17 . 2015-01-10 06:27 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-02-12 15:17 . 2015-01-10 06:27 17408 ----a-w- c:\windows\system32\credssp.dll
2015-02-12 15:17 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-12 15:17 . 2014-07-07 01:40 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-12 15:17 . 2014-07-07 01:40 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-12 15:16 . 2014-12-08 02:46 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-02-12 15:16 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-09 13:52 . 2015-03-08 05:38 20 ----a-w- c:\users\zachary\AppData\Roaming\appdataFr3.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 13:16 . 2010-05-09 01:28 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-01-24 07:09 . 2015-01-24 07:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 07:09 . 2015-01-24 07:09 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-19 02:43 . 2015-01-14 13:51 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 13:51 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 13:51 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE" [2011-11-02 246368]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBA.EXE" [2011-11-02 246368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-21 60712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 157480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
.
c:\users\zachary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-08-06 18944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\DRIVERS\PTDLBus.sys [2008-07-20 32256]
R3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\DRIVERS\PTDLMdm.sys [2008-07-20 41344]
R3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\DRIVERS\PTDLVsp.sys [2008-07-20 39936]
R3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\DRIVERS\PTDLWWAN.sys [2008-07-20 59776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 aswRvrt;aswRvrt;
S0 aswVmm;aswVmm;
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-06-28 14624]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-06-19 1646608]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-17 16:39 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{516ECC10-F0D2-49A0-BA93-F79F59E28DC3}\2556374716572716E647: NameServer = 208.69.150.250,208.69.150.252
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{25349513-852F-470D-AB31-9B42100C926B} - c:\users\zachary\AppData\Local\{66CE914E-73A3-43B0-A9AC-9EE69049D57A}\ALsetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1044276522-2504370285-3631023187-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1044276522-2504370285-3631023187-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-08 14:33:41
ComboFix-quarantined-files.txt 2015-03-08 18:33
.
Pre-Run: 178,950,209,536 bytes free
Post-Run: 178,459,508,736 bytes free
.
- - End Of File - - 4DF4187B0F5AA3FE59BF0611431F4E83
5B5E648D12FCADC244C1EC30318E1EB9
-
I just wanted to add, when I open the file location in windows explorer where it says the error is coming from:
The stub cannot run installer/updater executable 'C\Program\Files\AVAST Software\Avast\Setup\Sfx\avast.setup' (code 0x3)
In the Avast\Setup\ location, there is no Sfx folder, let alone a avast.setup file. I am guessing this is probably part of the issue as well??
I don't know, what else to do at this point.
-
Any other suggestions, or is there any information in the combofix log?
-
That got a few bits that I did not see..
Could you download and install a fresh copy from here and then install it.. Let me know what error you get
Avast Free (http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe)
-
Any other suggestions, or is there any information in the combofix log?
Please realize that essexboy is in GB. He may be off for the night.
He will be back to the thread as soon as he's able. Please be patient. :)
-
It did not install. I received the same error.
The stub cannot run installer/updater executable 'C:\Program Files\AVAST Software\setup\Sfx\avast.setup' (code 0x3)
-
Are you able to access Avast settings ?
If so then select settings > troubleshooting > disable self protection
Then reboot to safe mode and run the following fix
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 aswFsBlk; C:\windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\windows\system32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\windows\system32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [174664 2013-05-09] ()
C:\Program Files\AVAST Software
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Thank you, I was able to access settings. Completed steps, here is the log.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 03
Ran by zachary at 2015-03-08 17:22:51 Run:3
Running from C:\Users\zachary\Downloads
Loaded Profiles: zachary (Available profiles: zachary)
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 aswFsBlk; C:\windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\windows\system32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\windows\system32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [174664 2013-05-09] ()
C:\Program Files\AVAST Software
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\avast => value deleted successfully.
avast! Antivirus => Service deleted successfully.
aswFsBlk => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswTdi => Service deleted successfully.
aswVmm => Service deleted successfully.
C:\Program Files\AVAST Software => Moved successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
========= End of CMD: =========
EmptyTemp: => Removed 11.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:22:58 ====
-
OMG, THANK YOU SO MUCH!
I am not sure if it was the fixlist that you had me create, or if it was disabling the self protection, but this worked!! This Avast code 0x3 was giving me so much trouble. Thank you so much for the help!!!!
This fix worked like a charm!
-
OK if you are going to re-install first thing to do now is run the uninstall utility and then install
Once done let me know how the computer is behaving
-
It's all done, and reinstalled without any issues, no unusual behavior. :-) Thank you so much!!
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove Combofix
Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
Then click OK (or press Enter ).
Wait for the uninstall process to complete.
Remove tools
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
If you do need to keep Java then download JavaRa (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
(https://dl.dropboxusercontent.com/u/73555776/javara.JPG)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Unchecky (http://unchecky.com/)
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave:
-
Hi essexboy, your last post is recommending to either uninstall or the very minimum disable Java.
Java is not supposed to be a problem if running "NoScript" in Firefox browser.
FAQ LINK (https://noscript.net/faq#qa1_7)
1.7
Q: Have I got to disable JavaScript from Firefox options to browse safely with NoScript?
A: You must not disable JavaScript in Firefox! NoScript will allow/forbid scripts, but they have to be kept enabled by default, as it almost always is. On Firefox 24 or above this is an hidden about:config preference (javascript.enabled) which must preserve its default true value. On older Firefox versions only (23 or below) you may want to check that Tools|Options|Content|Enable JavaScript* option is still checked (JavaScript enabled), otherwise JavaScript is disabled everywhere even if allowed by NoScript.
*Under Preferences on Mac OS X, Edit|Preferences on Linux.
Are you familiar with NoScript for Firefox (https://noscript.net/), to LINK for ADD-ON (https://addons.mozilla.org/en-US/firefox/addon/noscript/)?
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
Have any opinions either way regarding this?
Welcome any feedback or alternative views as I'm assuming NoScript knows what their doing.
-
Hi essexboy, your last post is recommending to either uninstall or the very minimum disable Java.
Java is not supposed to be a problem if running "NoScript" in Firefox browser.
FAQ LINK (https://noscript.net/faq#qa1_7)
1.7
Q: Have I got to disable JavaScript from Firefox options to browse safely with NoScript?
A: You must not disable JavaScript in Firefox! NoScript will allow/forbid scripts, but they have to be kept enabled by default, as it almost always is. On Firefox 24 or above this is an hidden about:config preference (javascript.enabled) which must preserve its default true value. On older Firefox versions only (23 or below) you may want to check that Tools|Options|Content|Enable JavaScript* option is still checked (JavaScript enabled), otherwise JavaScript is disabled everywhere even if allowed by NoScript.
*Under Preferences on Mac OS X, Edit|Preferences on Linux.
Are you familiar with NoScript for Firefox (https://noscript.net/), to LINK for ADD-ON (https://addons.mozilla.org/en-US/firefox/addon/noscript/)?
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
Have any opinions either way regarding this?
Welcome any feedback or alternative views as I'm assuming NoScript knows what their doing.
No script does nothing to make Java any safer. It simply blocks Java and gives you the opportunity to either allow or continue to block it from executing.
In essence, it puts the responsibility of running Javas in your hands. It doesn't analyze the code simply blocks it.
-
A default install of current Java Runtime Editions will have the Java plug-in disabled in all browsers. It's not hard to enable, but requires the extra step.
-
I do not use FF or Chrome and probably never will do. I like my browser to be up and running with nothing to add on
-
Sun Java RTE is not the same as java script. Two entirely separate things.
-
Sun Java RTE is not the same as java script. Two entirely separate things.
I'm not sure of the context of your post, most of those responding in this topic will be aware of that.
If it relates comments to use NoScript - then it not only blocks javascript but also JAVA. - not to mention a slew of other options.