I installed Avast (free version) yesterday for the first time. Now, when I receive an mp3 file in an email and try to play it with Windows Media Player, I receive the message, “Windows Media Player encountered a problem while playing the file.” I get several of these each day from my voice mail provider and didn’t have any trouble prior to installing Avast. Anyone have a similar problem? Anyone have any suggestions on fixing this problem? I’m using Windows 7 Professional. Plan to upgrade to Windows 10 at the end of the year.
I installed Avast (free version) yesterdayWhat AV did you use before installing avast? Did you remove it before installing avast? Did you follow vendors instructions using removal tool?
Uninstalling a third-party antivirus software https://www.avast.com/faq.php?article=AVKB11#artTitle
I had no antivirus prior to Avast. Yeah, I know…
Just found out that iTunes no longer works, either. Won’t even start playing an mp3 file.
Follow Instructions here https://forum.avast.com/index.php?topic=53253.0
Attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total
See below the box you write in … Attachments and other options
a expert will assist you tomorrow
Attached are four log files:
MBAM.txt from MalwareBytes
FRST.txt from Farbar Recovery Scan Tool
Addition.txt from Farbar Recovery Scan Tool
aswMBR.txt from aswMBR.exe
Let me know what problems remain after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:44445;https=127.0.0.1:44445 2015-11-04 09:52 - 2015-11-04 10:59 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-07-09 09:45 - 2015-07-09 09:45 - 0045463 _____ () C:\ProgramData\1436456690.bdinstall.bin 2015-07-09 09:47 - 2015-07-09 10:08 - 0043326 _____ () C:\ProgramData\1436456858.13964.bin 2015-07-09 09:47 - 2015-07-09 09:47 - 0002056 _____ () C:\ProgramData\1436456858.14092.bin 2015-07-09 10:08 - 2015-07-09 10:08 - 0001036 _____ () C:\ProgramData\1436456858.9060.bin 2015-07-09 10:20 - 2015-07-09 10:20 - 0197784 _____ () C:\ProgramData\1436458465.bdinstall.bin 2015-07-10 10:14 - 2015-07-10 10:14 - 0038047 _____ () C:\ProgramData\1436544865.bdinstall.bin 2015-07-10 10:15 - 2015-07-10 10:15 - 0098506 _____ () C:\ProgramData\1436544867.bdinstall.bin 2014-04-28 09:37 - 2015-11-06 10:12 - 0001108 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-04-28 18:00 - 2015-11-03 18:46 - 0003904 ____H () C:\ProgramData\nsActivation.act Task: {0ACF6356-C213-49E4-A6CE-EB6C84FA0268} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION Task: {36325E94-8FF7-4D13-B375-698CADF5421E} - \Zadpirve -> No File <==== ATTENTION Task: {373F085B-5D8B-4097-BD4E-11AAE93A71FF} - \64e37b53-1b9f-49d2-a252-51f3bd30c4ae-10_user -> No File <==== ATTENTION Task: {3AE0BF04-FB03-4453-ACB6-395B52A64E85} - System32\Tasks\{6D0E8D76-AC4A-4869-BC0D-CD81A5EEED80} => D:\FTW4416.EXE Task: {3E24483C-3ECB-43C3-B082-01C7664DFBA3} - \Tny_Cassiopesa -> No File <==== ATTENTION Task: {4AC5F9EA-06A9-4CA7-BBEB-088A9EF36F79} - \Selection Tools Update -> No File <==== ATTENTION Task: {6EAB2530-5AD7-4F48-8427-73EE000B5A68} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-5_user -> No File <==== ATTENTION Task: {94AC97A6-2C4E-41F4-8F30-6D6307217148} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {979A0C9A-C068-47AD-90BA-2D2E88709C40} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION Task: {A489CC9C-FC72-42D4-954F-0885AD48D5F5} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-1-6 -> No File <==== ATTENTION Task: {A7EFB7DC-67C3-4B7F-B3F4-09EC05975672} - \64e37b53-1b9f-49d2-a252-51f3bd30c4ae-5 -> No File <==== ATTENTION Task: {AF21ACF9-C474-472A-A6F1-B2ECF5DE31B0} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION Task: {D016CD54-1558-4F54-A416-91565B5E1181} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-1-7 -> No File <==== ATTENTION Task: {D800275C-1A76-4D88-B72D-7C11D3633C76} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-5 -> No File <==== ATTENTION Task: {E34A7EC1-2A46-4F26-AC17-C6ED006AFF86} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-10_user -> No File <==== ATTENTION Task: {E803970C-0B51-46EC-81C5-7526D51622E5} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {E8D57427-6B4C-4217-B7C5-D857F709647D} - \64e37b53-1b9f-49d2-a252-51f3bd30c4ae-5_user -> No File <==== ATTENTION Task: {EA3E9B46-661C-4A3D-A059-ECCAAF37BF03} - \c6cfb217-b07e-42b1-9825-b441a3b2d965-4 -> No File <==== ATTENTION Task: {EA8B8C21-A280-474F-B4EC-13343CF73BB8} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION Task: {F2C2E6DF-DF49-4821-8FBF-AF9F36862991} - \WindApp Update -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Have followed your instructions through running FRST. Seems to have run properly and then required me to reboot. Following reboot, I do not have Internet access. (Am writing this from a different computer.) The Network and Sharing Center indicates it’s identifying the network but the little circle has been spinning for over five minutes. Also, Windows is telling me it is not a genuine copy.
You had some malware that replaced two system files
Could you look at the fixlog and tell me what FRST says about these two lines
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
Found the two lines you cited. Further down in the log I found the following:
========= sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log
The system file repair changes will take effect after the next reboot.
========= End of CMD: =========
========= sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
There is a system repair pending which requires reboot to complete. Restart
Windows and run sfc again.
========= End of CMD: =========
Found CBS.log and attached it here.
OK it looks like only one file was replaced, they are both relevant to internet…
So run frst again with this one line fix, then reboot and try the net again
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Here’s the fixlog.txt file. Do you need the CBS log, too?
Internet still does not connect. Windows still claims it is not genuine.
OK do you need a proxy to access the internet ?
Can you run network troubleshooter and let me know what error it generates
So far as I know, I do not need a proxy. The trouble shooter took about a second to run and said it couldn’t identify the problem. Clicked on “Explore other options” but that didn’t give any clues, either. Should we go back to a recovery point and start over?
Yes go back to the FRST restore point and then run a fresh FRST scan for me please
Ran System Restore on “Restore Point Created by FRST.”
System Restore did not complete successfully. You computer’s system files and settings were not changed.
The data is invalid (0x8007000D)
When I click the button to run System Restore again, I receive:
There was an unexpected error.
Catastrophic failure0x8000FFFF)
Please close System Restore and try again.
The only other restore point is “Windows Modules Installer” dated 11/05/2015 at 04:58 PM.
Restore Point Created by FRST is dated 11/06/2015 at 03:27 PM.
I first began noticing problems on 11/04/2015.
Open Avast go to settings > troubleshooting
Remove the tick from Enable Avast self defence module
Then restore
If it still gives an error double check that the internet is still not working
Same error.
Rebooted.
Checked to be sure Avast self defense mode was still unchecked.
Tried to restore. Same error.
Internet is still not connected. Windows still says not genuine.
OK run this fix to reset the network
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Fixlog is attached. I noticed several lines that said a reboot was necessary. Did that. Still no Internet.
Thank you for all the help you’ve given so far! I would have given up long ago and started over with a clean install.
OK run Sfc /scannow as it may be that one of the files was not properly repaired
http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista