avast keeps blocking various apps

avast keeps telling me it is blocking these files, but every few minutes it is showing the message(been going on for about a week)…there are a few other error messsages, but this first one is shown the most:
http://go.wvydeo.com/results

http://fffsee.com/q

Thanks…

That may be Poweliks

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Ok I was able to scan it on the 64 bit…After the scan two different ‘NOTEPAD’ pages with alot of information of on it…So what do I do now with those two pages? Is there anything else I need to do to the computer?

Can you attack those logs here so Essex can confirm POWELIKS so he can remove it?

sure… attached both pages…

Essexboy is in bed now, check back tomorrow

Let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-923243145-2342273711-1742599971-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-923243145-2342273711-1742599971-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CustomCLSID: HKU\S-1-5-21-923243145-2342273711-1742599971-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by Nash at 2014-11-21 09:12:28 Run:1
Running from C:\Users\Nash\Downloads
Loaded Profile: Nash (Available profiles: Nash)
Boot Mode: Normal

Content of fixlist:



==== End of Fixlog ====

DIdn’t do anything. Did you follow Essex’s instructions?

Download the attached fixlist.txt.
Save it in the SAME location as FRST (Downloads Folder)
Open farbar and hit Fix.
Post that log.

obviously I am not understanding…I’ve run the scan a number of times…both FRST and FIXLIST.txt are saved on notepad, yet fixlist.txt is only in documents and FRST64 in downloads…You say the ‘same place’…My download page shows FRST but not Fixlist.txt…Fixlist is just in documents, and I can’t seem to get them to the same place…I’ve tried cutting and pasting, I’ve tried creating a shortcut file and them trying to combine them…obviously I’m overlooking a very obvious thing, but not sure how to combine them or get them in the SAME place…

Both must be in the same location

Ok i moved them to the desktop as u showed…Using the mouse, I manually drag the ‘short cut’ file icon of the ‘fixlist.txt’ over the ‘first64’ icon…when I do this it shows “+ open with farbar recovery scan tool”…So then I accept that, it brings up the farbar recovery scan tool…I hit ‘fix’, then it tells me what you are telling me, that the fixlist should be in the same folder/directory as tool is located…when i open the fixlist file it shows the information you presented to me to fix it in the first place, so the info is in there, so it’s not a blank file…so I don’t know what to do…

Both files must be together if the FRST icon or the fixlist.txt is a shortcut it will not work,

Move both to the desktop or download a fresh FRST to the desktop
Save the Fixlist to the desktop and then run

how long should a scan like this take…in your experience…

The fix should only take a few minutes unless you have a few Gb of junk files that need to be removed

well you can tell when a ‘scan’ is just kinda sitting there,even though it says ‘fixing is in progress’…the bar is moving very slowly and no information is populating(tried it twice for over half an hour each time)…when i did the initial SCAN at the beginning of this forum, it only took a few minutes and everything populated quickly… earlier today, when i was trying to figure out why things weren’t connecting, i did rescan the info and checkmarked all the optional scan boxes(list bcd, driversmd5, shortcut.txt, and addition.txt)…not sure if that would effect anything as i didn’t use it…

Is there a fixlog’txt on your desktop ? If so post that

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by Nash at 2014-11-21 13:02:18 Run:9
Running from C:\Users\Nash\Desktop
Loaded Profile: Nash (Available profiles: Nash)
Boot Mode: Normal

Content of fixlist:


HKU\S-1-5-21-923243145-2342273711-1742599971-1001.…A8F59079A8D5}\localserver32: rundll32.exe javascript:"..\mshtml,RunHTMLApplication ";eval(“epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-923243145-2342273711-1742599971-1001 → No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CustomCLSID: HKU\S-1-5-21-923243145-2342273711-1742599971-1001_Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 → rundll32.exe javascript:”..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp:
CMD: bitsadmin /reset /allusers


“HKU\S-1-5-21-923243145-2342273711-1742599971-1001\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32” => Key not found.
“HKU\S-1-5-21-923243145-2342273711-1742599971-1001\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key not found.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
“HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
“HKCR\Wow6432Node\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
“HKCR\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}” => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
“HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}” => Key not found.
HKU\S-1-5-21-923243145-2342273711-1742599971-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
“HKCR\CLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}” => Key not found.
“HKU\S-1-5-21-923243145-2342273711-1742599971-1001_Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

OK what that tells me is that there are a lot of junk files on the computer which is where FRST is hanging. All alerts should have ceased now, can you confirm that

I do appreciate your patience…there was a few earlier today, but nothing too recently…so you are saying there are alot of junk files…are you saying ‘frst’ would eventually clean those out with the current running scan, if left along?(perhaps taking hours and continuing to let it run all day if nec), or do i manually do something else…i did just delete the temporary int files…