Thank you so much! Avast is now working again
Here’s the fixlist log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Gavin Sandford at 2014-11-02 16:24:22 Run:1
Running from C:\Users\Gavin Sandford\Downloads
Loaded Profile: Gavin Sandford (Available profiles: Gavin Sandford)
Boot Mode: Normal
Content of fixlist:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
CHR StartupUrls: Default → “hxxp://i.imgur.com/R4zdXYh.gif”, “hxxp://start.mysearchdial.com/?f=1&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=”
2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\MFAData
2014-11-01 23:46 - 2014-11-01 23:46 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\Avg2015
2014-11-01 23:36 - 2014-11-01 23:36 - 00375251 _____ () C:\Users\Gavin Sandford\AppData\Local\ypowqcnl.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00002737 _____ () C:\Users\Gavin Sandford\AppData\Local\wwxaedji.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00001143 _____ () C:\Users\Gavin Sandford\AppData\Local\djhtgxmf.log
2014-11-01 23:36 - 2014-11-01 23:36 - 00000217 _____ () C:\Users\Gavin Sandford\AppData\Local\dehmvlkj.log
2014-11-01 23:35 - 2014-11-02 12:42 - 00994364 _____ () C:\Users\Gavin Sandford\AppData\Local\uhcpcomo.log
2014-11-01 23:34 - 2014-11-02 12:47 - 00000000 ____D () C:\Users\Gavin Sandford\AppData\Local\qnlwdgpi
2014-11-01 23:34 - 2014-11-02 12:46 - 00000028 _____ () C:\Users\Gavin Sandford\AppData\Local\oigocxyl.log
2014-11-01 23:34 - 2014-11-02 12:23 - 00000000 ____D () C:\ProgramData\BuqunGehwe
2014-11-01 23:34 - 2014-11-01 23:34 - 00595440 _____ () C:\Users\Gavin Sandford\AppData\Local\qkmaehmu.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000064 _____ () C:\ProgramData\gunkgyjy.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000054 _____ () C:\Users\Gavin Sandford\AppData\Local\sqrtmgom.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\qlnddcdt.log
2014-11-01 23:34 - 2014-11-01 23:34 - 00000000 _____ () C:\Users\Gavin Sandford\AppData\Local\otilwhlu.log
Task: {28CEE927-F6F7-4046-831D-E8E8FEFD9EAA} - System32\Tasks\UpdaterEX => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\ProgramData\hash.dat
C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1
EmptyTemp:
CMD: bitsadmin /reset /allusers
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => Value was restored successfully.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key deleted successfully.
“HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Gavin Sandford\AppData\Local\MFAData => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\Avg2015 => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\ypowqcnl.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\wwxaedji.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\djhtgxmf.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\dehmvlkj.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\uhcpcomo.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qnlwdgpi => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\oigocxyl.log => Moved successfully.
C:\ProgramData\BuqunGehwe => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qkmaehmu.log => Moved successfully.
C:\ProgramData\gunkgyjy.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\sqrtmgom.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\qlnddcdt.log => Moved successfully.
C:\Users\Gavin Sandford\AppData\Local\otilwhlu.log => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{28CEE927-F6F7-4046-831D-E8E8FEFD9EAA}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{28CEE927-F6F7-4046-831D-E8E8FEFD9EAA}” => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX” => Key deleted successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\GAVINS~1\AppData\Roaming\UPDATE~1 => Moved successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {E6CB0F73-6373-4550-BB44-F968A3D263D5}.
0 out of 1 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 2.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Here’s the AdwCleaner log
AdwCleaner v3.311 - Report created 02/11/2014 at 16:31:27
Updated 30/09/2014 by Xplode
Operating System : Windows 7 Professional Service Pack 1 (64 bits)
Username : Gavin Sandford - GAVIN
Running from : C:\Users\Gavin Sandford\Downloads\AdwCleaner.exe
Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\UpdaterEX
***** [ Browsers ] *****
-\ Internet Explorer v11.0.9600.17344
-\ Google Chrome v38.0.2125.111
[ File : C:\Users\Gavin Sandford\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=breaking+bad&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0202ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0EtA0DyBtDtD0BzzzytN0D0Tzu0SyBzytDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1495644922&ir=
AdwCleaner[R0].txt - [2343 octets] - [02/11/2014 16:29:39]
AdwCleaner[S0].txt - [2667 octets] - [02/11/2014 16:31:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2727 octets] ##########