Tech Support Forum banner
Status
Not open for further replies.
21 - 40 of 40 Posts

·
Moderator , Security Team
Joined
·
1,571 Posts
Did you use the Tool I recommended to remove Avast ?

If not, download and run it now, then run another search using the instructions I gave in post #16

If you did, please let me know, because it's done a lousy job of cleaning out Avast, and it's going to take a very long time to write a removal script.
 

·
Moderator , Security Team
Joined
·
1,571 Posts
OK, here's the fix to remove the Avast remnants ...

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: ), you'll need to scroll down because there's a lot of it to copy .....
Code:
SystemRestore: On
CreateRestorePoint:
C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
C:\Windows\Prefetch\AVASTBROWSER.EXE-2240255F.pf
C:\Windows\Prefetch\AVASTBROWSER.EXE-22402560.pf
C:\Windows\Prefetch\AVASTBROWSER.EXE-22402561.pf
C:\Windows\Prefetch\AVASTBROWSER.EXE-22402567.pf
C:\Windows\Prefetch\AVASTBROWSERUPDATE.EXE-D0CC5D31.pf
C:\Windows\Prefetch\AVASTCLEAR (1).EXE-7C1DB5E8.pf
C:\Windows\Prefetch\AVASTCLEAR (2).EXE-E1902725.pf
C:\Windows\Prefetch\AVASTCLEAR.EXE-9C453CC6.pf
C:\Windows\Prefetch\AVASTUI.EXE-19622E36.pf
C:\Users\brent\Downloads\avastclear (1).exe
C:\Users\brent\Downloads\avastclear (2).exe
C:\Users\brent\Downloads\avastclear.exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online (1).exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online (2).exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online (3).exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online (4).exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online (5).exe
C:\Users\brent\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\brent\Documents\My Documents\My Desktop\avast_free_antivirus_setup_online.exe
C:\Users\brent\Documents\My Desktop\avast_free_antivirus_setup_online.exe
C:\Users\brent\Desktop\avast_free_antivirus_setup_online.exe
C:\Users\brent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
C:\Users\brent\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Avast SecureLine VPN
C:\Users\brent\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
C:\Users\brent\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Avast_Secure_Browser
C:\Users\brent\AppData\Local\Microsoft\Windows\ActionCenterCache\avast_secure_browser_4986_0.tmp
C:\Users\brent\AppData\Local\Microsoft\Windows\ActionCenterCache\avast_secure_browser_4987_0.tmp
C:\Users\brent\AppData\Local\Microsoft\Windows\ActionCenterCache\avast_secure_browser_4988_0.tmp
C:\Users\brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\21.0.68_1\scripts\contentAvast.js
C:\Users\brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\21.0.68_1\common\ui\icons\icon-avast128.png
C:\Users\brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\21.0.68_1\common\ui\icons\icon-avast32.png
C:\Users\brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\21.0.68_1\common\ui\icons\icon-avast64.png
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
C:\ProgramData\Intel\ShaderCache\AvastBrowser_0
C:\ProgramData\Intel\ShaderCache\AvastBrowser_1
C:\ProgramData\Intel\ShaderCache\AvastBrowser_2
C:\ProgramData\Intel\ShaderCache\AvastUI_0
C:\ProgramData\Intel\ShaderCache\AvastUI_1
C:\ProgramData\Intel\ShaderCache\AvastUI_2
C:\Windows\System32\Tasks_Migrated\Avast Software
C:\Users\brent\AppData\Local\AVAST Software
C:\ProgramData\Avast Software
C:\Program Files (x86)\AVAST Software

[-HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids|AvastHTML
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds|AvastHTML
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds|AvastHTML
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AvastBrowserUpdate.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5AB71627-A1C4-35E8-975E-327931339608}|LocalService
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{620A093F-79D3-4CAB-8CAD-EB1A39A8C0A2}|LocalService
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6D1FB6CD-9205-365A-907A-8AB76BC52400}|LocalService
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Avast.OneClickCtrl.9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Avast.Update3WebControl.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastHTML]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastQH]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoCreateAsync]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoCreateAsync.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoreClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoreClass.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoreMachineClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CoreMachineClass.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CredentialDialogMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.CredentialDialogMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.MiscUtils]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.MiscUtils.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassMachineFallback.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.OnDemandCOMClassSvc.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.ProcessLauncher]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.ProcessLauncher.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3COMClassService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3COMClassService.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebMachineFallback.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastUpdate.Update3WebSvc.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8E1092-E8DD-4257-A705-DA70C7BE6A08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F96D7DBC-D1EC-4A0E-BD3B-7FB88116072E}]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon|
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command|
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avastbrowser.com.oneclickctrl.9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.update.avastbrowser.com.update3webcontrol.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD12DA4E-0EDF-4193-9764-C4704AB9DEEE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{493E9335-D965-3F74-9338-05A59D304768}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5781D843-96CD-3DC4-8935-4CDE51C315E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5AB71627-A1C4-35E8-975E-327931339608}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85}]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D1FB6CD-9205-365A-907A-8AB76BC52400}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6E3A7FED-773C-3232-B213-43DD2C627B4C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE1DAAE-30B4-3140-9BE6-40A47E9D3588}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E069908-8F93-3597-B83F-9FEB9694421C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99F8769E-4FE9-3A40-9D6D-5424B8AC9F57}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D2A777F-793D-3683-8D01-62DB24DAC371}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDCF02F-B457-36D7-9215-FBE3FFC929BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2033652-2F07-34CC-9416-76BC5C9AD5F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8E1092-E8DD-4257-A705-DA70C7BE6A08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2BD612F-9EB6-4392-80D8-D54DE870EF42}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7EECC1B-3003-303A-B4DA-8E8F5A85F13C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6399AFB-987A-3571-BBAD-C388F0879754}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F96D7DBC-D1EC-4A0E-BD3B-7FB88116072E}]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet|
[-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Avast Secure Browser]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.avast.vpn]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8504530-742B-42BC-895D-2BAD6406F698}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\AvastBrowser.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AvastBrowser.exe]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|Avast SecureLine VPN.lnk
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2026CA5C-804B-4D5E-84F5-2BEA320F8210}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342A7A53-E5DB-422B-AD20-31CBF802EBA2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC043B3-4CB2-4C80-87F5-431A31A0B3BA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FCC3A9A-2FA7-413F-86FC-D8BAF8C90DF3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\com.avast.vpn]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications|Avast Secure Browser
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications|AvastQH
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.vpn]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4424021B-831C-4F50-A74F-1AF30ADA650C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62593C70-ACF0-44CC-8716-990919D46A85}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avast Secure Browser]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\com.avast.vpn]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\com.avast.vpn]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=9]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Tools]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswTap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswWintun]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avastm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvastSecureBrowserElevationService]
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2265311004-2890312936-1862091254-1001|\Device\HarddiskVolume3\Users\brent\Downloads\avastclear.exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2265311004-2890312936-1862091254-1001|\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2265311004-2890312936-1862091254-1001|\Device\HarddiskVolume3\Users\brent\Downloads\avastclear (1).exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2265311004-2890312936-1862091254-1001|\Device\HarddiskVolume3\Users\brent\Downloads\avastclear (2).exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Browser|CategoryMessageFile
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Browser|EventMessageFile
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Browser|ParameterMessageFile
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{19EEABA0-2AE5-4E67-8AD7-05632536DBA2}]
[-HKEY_USERS\.DEFAULT\Software\AVAST Software]
[-HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\AVAST Software]
DeleteValue: HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Clients\StartMenuInternet|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f02e94cd_0|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fa1f9138_0|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fa4001ca_0|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.htm
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.html
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.shtml
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xht
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xhtml
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastQH_microsoft-edge
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_mailto
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Avast_Secure_Browser
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch|Avast_Secure_Browser
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|avast! Antivirus
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|Avast_Secure_Browser
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{F38BF404-1D43-42F2-9305-67DE0B28FC23}]
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|Avast_Secure_Browser
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids|AvastHTML
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice|ProgId
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList|c
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids|AvastHTML
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice|ProgId
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids|AvastHTML
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice|ProgId
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList|c
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice|ProgId
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice|ProgId
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList|b
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zipx\OpenWithList|b
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_A062BD18D1922621829F5076553D62DF
[-HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Avast_Secure_Browser]
[-HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Avast_Secure_Browser]
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AvastBrowserAutoLaunch_A062BD18D1922621829F5076553D62DF
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\brent\Desktop\avast_free_antivirus_setup_online.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Sofware\Avast\setup\instup.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\Avast\AvastUI.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\.htm|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\.html|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\.shtml|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\.xht|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\.xhtml|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\http\DefaultIcon|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\http\shell\open\command|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\https\DefaultIcon|
DeleteValue:HKEY_USERS\S-1-5-21-2265311004-2890312936-1862091254-1001\SOFTWARE\Classes\https\shell\open\command|
Reboot:
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 

·
Moderator , Security Team
Joined
·
1,571 Posts
OK, all but one of the entries I scripted for removal have been removed, the one that wasn't was due to a scripting error on my part and is easily dealt with.

However I'd like you to run another search for me, to make sure that we've got everything, and that I didn't miss anything.

So ....
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    SearchAll:Avast
    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Please check the date of the Search.txt to make sure you're posting the results of the latest scan and not an earlier one.

By default when you run a new Search, FRST should delete the logs from any previous scan, but a manual check makes sure, so I generally advise people to check before posting.
 

·
Moderator , Security Team
Joined
·
1,571 Posts
OK, didn't miss too much just a couple of files and registry values to remove ....

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: ) .....
Code:
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
C:\Windows\Prefetch\AVASTBROWSER.EXE-22402566.pf
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D1FB6CD-9205-365A-907A-8AB76BC52400}\ProgID|
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D1FB6CD-9205-365A-907A-8AB76BC52400}\VersionIndependentProgID|
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 

·
Moderator , Security Team
Joined
·
1,571 Posts
OK, so it looks like whatever your problem's cause, it is not malware related, so I'm going to have to hand you over to some of my colleagues, who may be able to find a resolution to your problem. Removing malware is my area of expertise, and as far as I can see your machine is clear of infection.

Have you tried uninstalling Android Studio, rebooting your machine, and then re-installing it, because that often resolves problems with faulting programs and applications.

If not, please try it. If you've already tried it, then I suggest you open a new topic in the ... Windows 10 Support ... forum, explaining your problem, and that you've had your machine checked for malware and none appears to be present (please feel free to refer them to this topic).

To uninstall FRST and remove all its files, please do the following ...

  • Rename FRST64.exe to Uninstall.exe
  • Double click on Uninstall.exeto launch it.
    • Your computer will reboot, and on reboot will remove FRST and all its files.
 

·
Moderator , Security Team
Joined
·
1,571 Posts
You're welcome, sorry we didn't get a resolution to your problem, but at least you know it's not being caused by malware.

This topic is now closed.
 
21 - 40 of 40 Posts
Status
Not open for further replies.
Top