Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
This topic is locked
Member
Hey all,
My computer (Dell Studio XPS 435T, Intel Core i7 CPU 940 @ 2.93 GHz, 6.00 GB RAM, Service Pack 2) crashed today.
With alot of time & effort I got it up and running pretty smoothly. The only thing I can't resolve is getting rid of fbDownloader. It's hijacked my firefox and Internet Explorer browsers. Safari seems untouched but does now take forever to launch.
Please help!
Thanks,
Joe
Trusted Helper
to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
Member
OTL.txt
Trusted Helper
Please download Junkware Removal Tool to your Desktop.
Member
Hi Zep,
Thanks for your help 
An annoying twist has arisen after the reboot from the "Clean Button", An Avast Free Antivirus setup screen has appeared that I cannot get rid of. Thus, I'm hesitant to proceed with the Junkware Removal Tool without checking with you first.
Here's the AdwCleaner log;
# AdwCleaner v3.311 - Report created 03/10/2014 at 20:08:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Zoltan - ZOLTAN-PC
# Running from : C:\Users\Zoltan\Desktop\adwcleaner_3-1.311.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Zoltan\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Zoltan\AppData\Local\AVG Secure Search
[!] Folder Deleted : C:\Users\Zoltan\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Zoltan\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\Common\LuaRT
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\DataMgr
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\Intermediate
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\SCheck
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\Seventh
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\Sixth
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\Snz
[!] Folder Deleted : C:\Users\Zoltan\AppData\Roaming\SSync
File Deleted : C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\searchplugins\search.xml
File Deleted : C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Seventh]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\OfferMosquito
Key Deleted : HKCU\Software\Protector
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16563
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
[ File : C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\prefs.js ]
Line Deleted : user_pref("avg.install.Revert_HP", "hxxp://wisersearch.com/?channel=en");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://wisersearch.com/?channel=en");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://axisearch.com/search.php?channel=en&q=");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://axisearch.com/?channel=en");
Line Deleted : user_pref("keyword.URL", "hxxp://axisearch.com/search.php?channel=en&q=");
Line Deleted : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=en_nt");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [9513 octets] - [03/10/2014 20:05:37]
AdwCleaner[S0].txt - [8411 octets] - [03/10/2014 20:08:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8471 octets] ##########
Thanks,
Joe
Trusted Helper
Hello,
Can you reboot again and see if goes away. Then run JRT.
Thanks
Joe
Member
Hi,
After rebooting the Avast Free setup screen was still there, but this time it was minimized on the bottom tool bar.
I ran Junkware Removal. Here's the log.
Member
Additional note. After Junkware Removal Tool ran, the Adware Free setup has dissapeared.
Trusted Helper
to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
:COMMANDS
[CREATERESTOREPOINT]
:OTL
DRV:64bit: - [2014/08/11 15:12:35 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE - HKLM\..\SearchScopes,DefaultScope = {AAA0F296-5853-412B-9F19-D7C947FEAE78}
IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wisersearch.com/?channel=en
IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://wisersearch.c...q={searchTerms}
IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes\{AAA0F296-5853-412B-9F19-D7C947FEAE78}: "URL" = http://search.condui...3886905494&UM=2
FF - prefs.js..browser.search.defaulturl: "http://axisearch.com...?channel=en&q="
FF - prefs.js..browser.startup.homepage: "http://axisearch.com/?channel=en"
FF - prefs.js..extensions.enabledAddons: snt%40dotlabs.co:1.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.1.9.799
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://axisearch.com...?channel=en&q="
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
[2014/08/25 14:57:37 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\18.1.9.799[2014/07/23 11:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions
[2013/12/16 07:46:36 | 000,004,388 | ---- | M] () (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\[email protected]
[2014/07/23 10:27:19 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/02 21:06:48 | 000,002,411 | ---- | M] () -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\searchplugins\search.xml
CHR - default_search_provider: search_url = http:\/\/wisersearch.com\/search.php?channel=en&q={searchTerms}
CHR - homepage: http:\/\/wisersearch.com\/?channel=en
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [SCheck] C:\Users\Zoltan\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [Seventh] C:\Users\Zoltan\AppData\Roaming\Seventh\Seventh.exe ()O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O27:64bit: - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\stxmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\stxmenumgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\stxmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\stxmenumgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zoltan\Desktop\*.tmp files -> C:\Users\Zoltan\Desktop\*.tmp -> ]
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
:Commands
[emptytemp]
[resethosts]
Member
Hi Joe,
This might be important. As far as I know, Avast just showed up on my computer yesterday. I have no idea of where it came from. I've had Microsoft Security Essentials for quite a while. Also when I tried to get Avast working in place of Microsoft Security Essentials, it was not only totally unresponsive, it made the computer sluggish.
Before continuing on your recommended course, I thought it might be prudent to check with you first.
Thanks,
Joe
Member
Hey there,
In regard to the antivirus redundancy, I ended up staying with Microsoft Security Essentials. I originally got rid of Microsoft Security Essentials, using Avast in it's place as suggested, but could not get Avast to work. Every time I tried to open it I would get the Free Update window then "program not responding". I ended up uninstalling Avast and reinstalling Microsoft Security Essentials. The firewall is happy again, just one antivirus on my computer.
The logs;
OTL fix log;
All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[CREATERESTOREPOINT:OTL> in the current context!
Error: Unable to interpret <DRV:64bit: - [2014/08/11 15:12:35 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {AAA0F296-5853-412B-9F19-D7C947FEAE78}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wisersearch.com/?channel=en> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://wisersearch.c...q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\..\SearchScopes\{AAA0F296-5853-412B-9F19-D7C947FEAE78}: "URL" = http://search.condui...3886905494&UM=2> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "http://axisearch.com....?channel=en&q="> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://axisearch.com/?channel=en"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: snt%40dotlabs.co:1.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.1.9.799> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://axisearch.com....?channel=en&q="> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found> in the current context!
Error: Unable to interpret <[2014/08/25 14:57:37 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\18.1.9.799[2014/07/23 11:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions> in the current context!
Error: Unable to interpret <[2013/12/16 07:46:36 | 000,004,388 | ---- | M] () (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\[email protected]> in the current context!
Error: Unable to interpret <[2014/07/23 10:27:19 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi> in the current context!
Error: Unable to interpret <[2014/10/02 21:06:48 | 000,002,411 | ---- | M] () -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\searchplugins\search.xml> in the current context!
Error: Unable to interpret <CHR - default_search_provider: search_url = http:\/\/wisersearch.com\/search.php?channel=en&q={searchTerms}> in the current context!
Error: Unable to interpret <CHR - homepage: http:\/\/wisersearch.com\/?channel=en> in the current context!
Error: Unable to interpret <O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [SCheck] C:\Users\Zoltan\AppData\Roaming\SCheck\SCheck.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [Seventh] C:\Users\Zoltan\AppData\Roaming\Seventh\Seventh.exe ()O4 - HKU\S-1-5-21-2369233991-3672670390-1599020654-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\stxmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27:64bit: - HKLM IFEO\stxmenumgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\stxmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\stxmenumgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)> in the current context!
Error: Unable to interpret <[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Users\Zoltan\Desktop\*.tmp files -> C:\Users\Zoltan\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
========== FILES ==========
File\Folder C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe not found.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2002:ac1b:237a:1234:69b9:1eda:3992:8635
Temporary IPv6 Address. . . . . . : 2002:ac1b:237a:1234:f9d3:e247:bcfc:76ae
Link-local IPv6 Address . . . . . : fe80::69b9:1eda:3992:8635%11
Default Gateway . . . . . . . . . : fe80::21c:dfff:fed6:61f8%11
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
IPv6 Address. . . . . . . . . . . : 2002:ac1b:237a:1234:69b9:1eda:3992:8635
Temporary IPv6 Address. . . . . . : 2002:ac1b:237a:1234:f9d3:e247:bcfc:76ae
Link-local IPv6 Address . . . . . : fe80::69b9:1eda:3992:8635%11
IPv4 Address. . . . . . . . . . . : 192.168.2.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::21c:dfff:fed6:61f8%11
192.168.2.1
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Zoltan
->Temp folder emptied: 31060085 bytes
->Temporary Internet Files folder emptied: 7523542 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 368300886 bytes
->Google Chrome cache emptied: 12954908 bytes
->Apple Safari cache emptied: 55883776 bytes
->Flash cache emptied: 2200 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2186958 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10261891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1575866 bytes
RecycleBin emptied: 32988454 bytes
Total Files Cleaned = 499.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10062014_112752
Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET1599.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET18B7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET25F9.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET2679.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET2824.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET28C3.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET46A1.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET473F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETD930.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE5D0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL log post Quick Scan:
Trusted Helper
Member
Hey there,
Before re-running the OTL fix agin, the computer was running really well. Upon reboot after rerunning the OTL fix things have take a turn for the worse. The machine took 15 min to reboot. It's working very slowly. I only have the OTL fix log. When I hit quick scan I keep gettin Program not Responding. Below is the fix log.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2369233991-3672670390-1599020654-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AAA0F296-5853-412B-9F19-D7C947FEAE78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAA0F296-5853-412B-9F19-D7C947FEAE78}\ not found.
Prefs.js: "http://axisearch.com....?channel=en&q=" removed from browser.search.defaulturl
Prefs.js: "http://axisearch.com/?channel=en" removed from browser.startup.homepage
Prefs.js: snt%40dotlabs.co:1.0 removed from extensions.enabledAddons
Prefs.js: avg%40toolbar:18.1.9.799 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3 removed from extensions.enabledAddons
Prefs.js: "http://axisearch.com....?channel=en&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
Folder C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\18.1.9.799[2014/07/23 11:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\ not found.
File C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\[email protected] not found.
C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
File C:\Users\Zoltan\AppData\Roaming\Mozilla\Firefox\Profiles\pqdyurah.default-1399901081387\searchplugins\search.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
Registry value HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck not found.
File C:\Users\Zoltan\AppData\Roaming\SCheck\SCheck.exe not found.
Registry value HKEY_USERS\S-1-5-21-2369233991-3672670390-1599020654-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Seventh not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\googleupdater.exe\ deleted successfully.
C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop elements 7.0.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshopelementseditor.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshopelementsorganizer.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shell.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stxmanager.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stxmenumgr.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\googleupdater.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshop elements 7.0.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshopelementseditor.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photoshopelementsorganizer.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shell.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stxmanager.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stxmenumgr.exe\ deleted successfully.
File C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe not found.
File delete failed. C:\Windows\SysNative\SET1599.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET18B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET25F9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET2679.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET2824.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET28C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET46A1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET473F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETD930.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE5D0.tmp scheduled to be deleted on reboot.
C:\Users\Zoltan\Desktop\~WRL0005.tmp deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe not found.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2002:ac1b:237a:1234:69b9:1eda:3992:8635
Temporary IPv6 Address. . . . . . : 2002:ac1b:237a:1234:44d2:5c3d:f18d:e3e9
Link-local IPv6 Address . . . . . : fe80::69b9:1eda:3992:8635%11
Default Gateway . . . . . . . . . : fe80::21c:dfff:fed6:61f8%11
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
IPv6 Address. . . . . . . . . . . : 2002:ac1b:237a:1234:69b9:1eda:3992:8635
Temporary IPv6 Address. . . . . . : 2002:ac1b:237a:1234:44d2:5c3d:f18d:e3e9
Link-local IPv6 Address . . . . . : fe80::69b9:1eda:3992:8635%11
IPv4 Address. . . . . . . . . . . : 192.168.2.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::21c:dfff:fed6:61f8%11
192.168.2.1
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.bat deleted successfully.
C:\Users\Zoltan\Desktop\Geeks2Go\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Zoltan
->Temp folder emptied: 35227 bytes
->Temporary Internet Files folder emptied: 168320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40773690 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 5173248 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2186958 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1868 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 46.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10062014_215621
Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File move failed. C:\Windows\SysNative\SET1599.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET18B7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET25F9.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET2679.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET2824.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET28C3.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET46A1.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET473F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETD930.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE5D0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Joe 
Member
Hi Joe,
I restarted the computer. The slowness had disappeared. Machine is now as fast as ever. I got the OTL quick scan to work this time. Here's the log;
Trusted Helper
to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.:COMMANDS [CREATERESTOREPOINT] :OTL SRV:64bit: - [2014/07/14 06:26:06 | 000,042,808 | ---- | M] (AVG) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2014/07/14 06:26:10 | 002,253,112 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2014/07/14 06:26:06 | 000,035,640 | ---- | M] (AVG) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found [2014/10/03 11:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software :Files C:\Users\Zoltan\AppData\Roaming\AVG C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) C:\ProgramData\AVAST Software C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) :Commands [emptytemp]
icon to install.
 
|
Security →
Virus, Spyware, Malware Removal →
Requiring malware removal help - FB Downloader etc.Started by Totakeke , 07 Aug 2015  malware, fbdownloader, Genius
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Help with the removal of fbdownloader [Closed]Started by jamiewalters , 01 Sep 2014 fbdownloader
|
|
![Help with the removal of fbdownloader [Closed] - last post by pystryker](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-63328.jpg?_r=1423449705)
|
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
