Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Conflicting Protection? [Closed]


  • This topic is locked This topic is locked

#61
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Do you have any removable disks plugged into the computer?  If so, unplug them and try again.

 

Let me know.


  • 0

Advertisements


#62
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

No sir. nothing connected but keyboard, mouse, router & headset.


  • 0

#63
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts
OK, please continue with the Second step of the instructions then. :)
  • 0

#64
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

im getting this with the avg remover tool.   the computer seem very responsive btw. im definitely connected to the internet by the way in case that could be the issue.

 

11hyufa.jpg


Edited by Jvescov1, 21 July 2015 - 09:53 PM.

  • 0

#65
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Is that before or after the AVG Remover tools has been run? 

 

And no issues with uninstalling AVG or the other items in Safe Mode?

 

I'll be back with more instructions here.  I'm happy to see we have made some progress.  :)

 

 


  • 0

#66
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, in addition to answering my last questions, we need to continue with those instructions and get you a functioning A/V installed  Then we'll disable it and try that FRST fix again.  I'll re-post the instructions here for now.  To begin with, I'd like you to delete any/all FRST files from your Desktop, such as: Search.txt, FRST.exe, fixlog.txt, fixlist.txt.  Then we'll grab a new copy of the fixlist file and a new copy of FRST to proceed.

 

Sound good?  :D

 

Now

When the AVG removal process is complete and you are no longer prompted to reboot, download Microsoft Security Essentials.
Run the program and complete the steps to install it.

 

 

Then
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   9.88KB   64 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

     
  • Disable your Anti-Virus/Anti-Spyware protection software.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST Fixlog.txt

 

Also:

  • Answer my questions from my last post, and
  • Tell me how the system is running. :)

 

 


  • 0

#67
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Sorry, I forgot to provide the download link for FRST.  It's the same as before but we're getting a fresh copy:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(http://www.bleepingc...very-scan-tool/)


  • 0

#68
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

hi bud get a pop up that says the mse program is not compatible check if you have a 32 or 64 bit. i have a 32 for reference also the computer seems to be running great :) here is the frst fixlog requested. oh and the pop up from the avg thing was about 2 mins after it started so as it was running that would pop up

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Joseph at 2015-07-23 12:42:19 Run:1
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Handler: javascript - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S2 adfs; No ImagePath
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

  • 0

#69
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

i can tell you that the avg pop up i was getting right on boot about the avgUI or what ever that was has not been popping up so im not sure if maybe that avg uninstaller worked maybe even tho i was getting that popup?


  • 0

#70
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Yes it may have worked, if only partially.  :)

 

Please answer the following questions:

  1. Do you have your Windows installation disk available? 
  2. What is your computer make and model (e.g. Dell Inspiron 6600, HP Pavilion 3120, etc.)?

  • 0

Advertisements


#71
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

The installation disc i have no clue where it is and i have the Dell xps410 (is what it says on the case if thats what your looking for)


  • 0

#72
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Did your system come with Windows Vista or was it an upgrade?  You can try entering your service tag on this Dell web page to see what your options are for getting installation media from them.  We can discuss these options later if needed.  :)

 

Now

 

Let's try a scan with System File Checker:

 

Run sfc in Windows Vista/7
 

  • Open an elevated command prompt. To do that:

    Click Start, click on All Programs then Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    1218d1239716938-elevated-command-prompt-
     
  • A command window will open like the image below:
    6618d1232213165t-elevated-command-prompt
     
  • Highlight the command below, right click and then click Copy
     
    sfc /scannow
     
  • Right click next to the blinking cursor in the Command window and click Paste. This will put the command in the window and the command window should look like the image below:
    sfc.jpg
     
  • Press the Enter key. The command window will look kike the image below:
    2881161.png

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
     
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Write down the message you got so you can post it in your next reply.
  • Type exit and press the ENTER key to close the command window.

 


  • 0

#73
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

this is the one i got.

 

 

  • Windows Resource Protection could not perform the requested operation.

  • 0

#74
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Now

Upload the following file to SendSpace and provide the link back here in your reply: C:\Windows\Logs\CBS\CBS.log.

 

Next

Let's try again to get you an Anti-Virus installed.

  • Download and install Avast! Home Edition
  • Allow the program to update.
  • Now click on Scan > Scan for Viruses > Settings...
  • In the window that opens, select Report file and check the box next to Generate report file. Under Reported items, check all items except OK items.
  • Click OK
  • Click the drop down list and select Full system scan, then click on the Start button to run it.  
  • Post the contents of the log it creates back here for review.

  • 0

#75
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

so the sendspace page isnt working it just sits at all zeros i left it there for about 4 hours with no movement. also no avast log was generated i dont know if it pops up after you apply fixes? i didnt want to proceed with out your permission on that.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP