Fix for gvnsandford

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL ={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL ={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir= SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = CHR StartupUrls: Default -> "hxxp://", "hxxp://" 2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\MFAData 2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\Avg2015 2014-11-01 23:36 - 2014-11-01 23:36 - 00375251 _____ () C:\Users\Gavin Sandford\AppData\Local\ypowqcnl.log 2014-11-01 23:36 - 2014-11-01 23:36 - 00002737 _____ () C:\Users\Gavin Sandford\AppData\Local\wwxaedji.log 2014-11-01 23:36 - 2014-11-01 23:36 - 00001143 _____ () C:\Users\Gavin Sandford\AppData\Local\djhtgxmf.log 2014-11-01 23:36 - 2014-11-01 23:36 - 00000217 _____ () C:\Users\Gavin Sandford\AppData\Local\dehmvlkj.log 2014-11-01 23:35 - 2014-11-02 12:42 - 00994364 _____ () C:\Users\Gavin Sandford\AppData\Local\uhcpcomo.log 2014-11-01 23:34 - 2014-11-02 12:47 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\qnlwdgpi 2014-11-01 23:34 - 2014-11-02 12:46 - 00000028 _____ () C:\Users\Gavin Sandford\AppData\Local\oigocxyl.log 2014-11-01 23:34 - 2014-11-02 12:23 - 00000000 ____D () C:\ProgramData\BuqunGehwe 2014-11-01 23:34 - 2014-11-01 23:34 - 00595440 _____ () C:\Users\Gavin Sandford\AppData\Local\qkmaehmu.log 2014-11-01 23:34 - 2014-11-01 23:34 - 00000064 _____ () C:\ProgramData\gunkgyjy.log 2014-11-01 23:34 - 2014-11-01 23:34 - 00000054 _____ () C:\Users\Gavin Sandford\AppData\Local\sqrtmgom.log 2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\qlnddcdt.log 2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\otilwhlu.log Task: {28CEE927-F6F7-4046-831D-E8E8FEFD9EAA} - System32\Tasks\UpdaterEX => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\ProgramData\hash.dat C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that


Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank you so much! Avast is now working again

Here’s the fixlist log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Gavin Sandford at 2014-11-02 16:24:22 Run:1
Running from C:\Users\Gavin Sandford\Downloads
Loaded Profile: Gavin Sandford (Available profiles: Gavin Sandford)
Boot Mode: Normal

Content of fixlist:

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL ={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL ={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
CHR StartupUrls: Default → “hxxp://”, “hxxp://”
2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\MFAData
2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\Avg2015
2014-11-01 23:36 - 2014-11-01 23:36 - 00375251 _____ () C:\Users\Gavin Sandford\AppData\Local\ypowqcnl.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00002737 _____ () C:\Users\Gavin Sandford\AppData\Local\wwxaedji.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00001143 _____ () C:\Users\Gavin Sandford\AppData\Local\djhtgxmf.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00000217 _____ () C:\Users\Gavin Sandford\AppData\Local\dehmvlkj.log
2014-11-01 23:35 - 2014-11-02 12:42 - 00994364 _____ () C:\Users\Gavin Sandford\AppData\Local\uhcpcomo.log
2014-11-01 23:34 - 2014-11-02 12:47 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\qnlwdgpi
2014-11-01 23:34 - 2014-11-02 12:46 - 00000028 _____ () C:\Users\Gavin Sandford\AppData\Local\oigocxyl.log
2014-11-01 23:34 - 2014-11-02 12:23 - 00000000 ____D () C:\ProgramData\BuqunGehwe
2014-11-01 23:34 - 2014-11-01 23:34 - 00595440 _____ () C:\Users\Gavin Sandford\AppData\Local\qkmaehmu.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000064 _____ () C:\ProgramData\gunkgyjy.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000054 _____ () C:\Users\Gavin Sandford\AppData\Local\sqrtmgom.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\qlnddcdt.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\otilwhlu.log
Task: {28CEE927-F6F7-4046-831D-E8E8FEFD9EAA} - System32\Tasks\UpdaterEX => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
CMD: bitsadmin /reset /allusers

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => Value was restored successfully.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key deleted successfully.
“HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Gavin Sandford\AppData\Local\MFAData => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\Avg2015 => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\ypowqcnl.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\wwxaedji.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\djhtgxmf.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\dehmvlkj.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\uhcpcomo.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qnlwdgpi => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\oigocxyl.log => Moved successfully.
C:\ProgramData\BuqunGehwe => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qkmaehmu.log => Moved successfully.
C:\ProgramData\gunkgyjy.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\sqrtmgom.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qlnddcdt.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\otilwhlu.log => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{28CEE927-F6F7-4046-831D-E8E8FEFD9EAA}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{28CEE927-F6F7-4046-831D-E8E8FEFD9EAA}” => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX” => Key deleted successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1 => Moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {E6CB0F73-6373-4550-BB44-F968A3D263D5}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Here’s the AdwCleaner log

AdwCleaner v3.311 - Report created 02/11/2014 at 16:31:27

Updated 30/09/2014 by Xplode

Operating System : Windows 7 Professional Service Pack 1 (64 bits)

Username : Gavin Sandford - GAVIN

Running from : C:\Users\Gavin Sandford\Downloads\AdwCleaner.exe

Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\UpdaterEX

***** [ Browsers ] *****

-\ Internet Explorer v11.0.9600.17344

-\ Google Chrome v38.0.2125.111

[ File : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://{searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://{searchTerms}
Deleted [Search Provider] : hxxp://{searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=

AdwCleaner[R0].txt - [2343 octets] - [02/11/2014 16:29:39]
AdwCleaner[S0].txt - [2667 octets] - [02/11/2014 16:31:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2727 octets] ##########

Are you experiencing any other problems ?

Going crazy with this so annoying! would be fab if could help

millie95 could you start your own topic please and I will help you there, also let me know what your problem is in that thread