[itsmesunny]

Hmmm...I thought I had. But here is a brand new one.

 

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\ToggleMark\updateToggleMark.exe -- (Update ToggleMark)
SRV - [2014/06/30 13:45:33 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/06/30 13:45:33 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/06/26 05:30:04 | 002,832,704 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2800;https=127.0.0.1:2800;
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...13714DE1F&SSPV=
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKU\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
O4 - HKLM..\Run: [fst_us_130]  File not found
O4 - HKLM..\Run: [t4pc_en_8]  File not found
O4 - HKLM..\Run: [upfst_us_130.exe] C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe ()
O4 - HKLM..\Run: [upt4pc_en_8.exe] C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130\upt4pc_en_8.exe -runhelper File not found
O4 - HKU\S-1-5-21-602162358-1275210071-725345543-1004..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\A8LMOTVO.4B3\RO0X0G3X.50N\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\New Folder [2013/03/26 17:31:22 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
[2014/06/30 14:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/06/30 13:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\freeSOFTtoday
[2014/06/30 13:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2308189059
[2014/06/30 13:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
[2014/06/30 13:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\globalUpdate
[2014/06/30 13:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2014/06/30 13:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/06/30 13:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Weather_Notifications,_LL
[2014/06/30 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/06/30 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\fst_us_130
[2014/06/30 13:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Severe Weather Alerts
[2014/06/30 13:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts
[2014/06/30 13:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
[2014/06/30 13:51:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/06/30 13:47:37 | 000,000,000 | ---- | M] () -- C:\END
[2014/06/30 13:41:45 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/30 13:41:44 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/06 08:18:18 | 000,000,000 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/06/30 13:41:45 | 000,002,227 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2014/06/30 13:41:44 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2014/06/30 13:41:01 | 000,000,000 | ---- | C] () -- C:\END
[2014/06/30 13:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2308189059
[2014/06/08 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection

:Files
C:\Program Files\SearchProtect
C:\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts
C:\Program Files\globalUpdate
C:\Program Files\ToggleMark

:Commands
[resethosts]
[emptytemp]
[Reboot]
 

[Advertisements]

Let me know if I ought to do AdwCleaner once more - ok?

 

I got the stupid Trovi browser search page when I started up this AM.

 

[itsmesunny]

Let me know if I ought to do AdwCleaner once more - ok?

 

I got the stupid Trovi browser search page when I started up this AM.

 

[Essexboy]

Yes if you run that fix with OTL it will clear trovi from all bar chrome



Then run AdwCleaner

[itsmesunny]

Ok.

 

Same checks?

 

Scan All Users

LOp

Purity

 

I UNinstalled Chrome. I don't want it.

 

I would LOVE to UNinstall Windows Internet Explorer too.

 

Another question too - In the Add/Remove window - how do I get rid of the bunch of stupid stuff when the option is Change?Remove

and it does nothing?

Edited by itsmesunny, 01 July 2014 - 07:35 AM.

[Essexboy]

Did you run the OTL fix ?

IE is unfortunately a part of windows so you cannot actually uninstall it, but you can ignore it.

What sort of things in add remove are you having problems with ?

[itsmesunny]

yup. here it is:

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "www.startpage.com" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8861423-0DAB-459E-A8D5-DB264E69E70C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8861423-0DAB-459E-A8D5-DB264E69E70C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_92 not found.
Registry value HKEY_USERS\S-1-5-21-602162358-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SB Audigy 2 Startup Menu not found.
Folder C:\Documents and Settings\All Users\Application Data\PC HealthFix\ not found.
Folder C:\Program Files\TotalSystemCare\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\PCHealth\ not found.
Folder C:\Documents and Settings\User\Local Settings\Application Data\com\ not found.
Folder C:\Documents and Settings\LocalService\Application Data\McAfee\ not found.
Folder C:\Documents and Settings\All Users\Application Data\McAfee\ not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert.job not found.
File C:\WINDOWS\tasks\SystemToolsDailyTest.job not found.
File C:\WINDOWS\tasks\PC HealthFix Malware Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Alert.job not found.
File C:\WINDOWS\PCHealthFix.INI not found.
File C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job not found.
File C:\WINDOWS\System32\drivers\avgtpx86.sys not found.
File C:\Documents and Settings\User\My Documents\fix.bat not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert 2.job not found.
File C:\WINDOWS\tasks\PC HealthFix Scan Results Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Malware Alert.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Warning.job not found.
File C:\WINDOWS\tasks\PC HealthFix Desktop Alert.job not found.
File C:\WINDOWS\PCHealthFix.INI not found.
File C:\WINDOWS\tasks\ParetoLogic Update Version3_triggeronce.job not found.
File C:\WINDOWS\tasks\Wise Turbo Checker.job not found.
File C:\WINDOWS\tasks\SparkTrust Update Version3_triggeronce.job not found.
File C:\WINDOWS\tasks\DTChk.job not found.
Folder C:\Documents and Settings\All Users\Application Data\PC HealthFix\ not found.
Folder C:\Documents and Settings\All Users\Application Data\PCDr\ not found.
Folder C:\Documents and Settings\All Users\Application Data\rse\ not found.
Folder C:\Documents and Settings\User\Application Data\ilividtoolbargaw\ not found.
Folder C:\Documents and Settings\User\Application Data\Individual Software\ not found.
Folder C:\Documents and Settings\User\Application Data\PCDr\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Description"|"Provides systems management information to and from drivers." /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"DisplayName"|"Windows Management Instrumentation Driver Extensions" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"ObjectName"|"LocalSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Start"|dword:00000003 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters\\"ServiceMain"|"WdmWmiServiceMain" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Security\\"Security"|hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 11695942 bytes
->Temporary Internet Files folder emptied: 1008052 bytes
->FireFox cache emptied: 115242502 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 830506 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 383162 bytes
 
Total Files Cleaned = 123.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07012014_094136

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[itsmesunny]

Not problems. Just garbage I'd like to get rid of...

 

AdwCleaner - Same as last time:

 

8 popups starting with "AutitCOM Test" come up

 

( File "C\ Documents and Settings\User\Desktop\AdwCleaner.exe )

 

 

Heading out for about an hour. Will check in when I return.

 

I hope we can get to the sound today.    

 

Like I wrote earlier in CP in Sound & Audio Devices Properties - the Volume tab is grey. I cannot do anything.

And there is a question next to the "X" to close it.

 

SB Audigy Audio

 

Device Volume

 

Speaker Settings

 

 

 

 

Speaker Settings.

Edited by itsmesunny, 01 July 2014 - 08:30 AM.

[Essexboy]

Would you have any objection if I remoted into your system using Avast ?

[itsmesunny]

Nope. At this point it would help you a lot - right?

 

But thanks for asking. I appreciate it.

 

I had been thinking about it. All my personal stuff is on the Mac.

 

This Dell is still registered etc. to BAM - the lady who passed away and her daughter asked me if I wanted it.

I said sure. For backup. But seriously - I am a Mac user. But I do want to get this straightened out as much as we can.

 

I'll be back in about an hour or so.

 

Thanks English! 

 

PS I just leave it running - right? Close this forum?

Edited by itsmesunny, 01 July 2014 - 08:38 AM.

[Essexboy]

OK using Avast it is very easy
Open Avast and select Help
A slider will come out with remote assistance
Click that and you will see the following :



Click Get assistance
A popup will come up displaying a code
Post that here but do not close the Avast window
This is a one time code and once used or you close Avast it will become null and void
Any time you wish to kick me off just close the Avast window

[itsmesunny]

PRHB MFDC

 

Do I leave the forum open?

Edited by itsmesunny, 01 July 2014 - 08:48 AM.

[Essexboy]

No you can close it if you wish or leave it open..

Unfortunately you appear to have closed Avast as the code was rejected

Could you do another one please but leave Avast open

[itsmesunny]

PRFC-9MKK

[Essexboy]

OK it appears that the text is getting changed once it is downloaded to your system

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.
• Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[itsmesunny]

Hi!

 

you mean disable Avast?