Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan:Java/Bytverify [Solved]


  • This topic is locked This topic is locked
39 replies to this topic

#16 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 14 February 2014 - 12:09 PM

Hello blondygirl,
 

Should I keep the Hardware Acceleration unchecked?

you can enable it again.

1. Disable java script in Firefox and try how it works for you
Browser Security Settings for Chrome, Firefox and Internet Explorer
 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#17 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 15 February 2014 - 07:53 PM

Hello Jo :adios:

 

 

1. Disable java script in Firefox and try how it works for you

 

I don't have either of these

Disable javaScript: Deselect “Enable JavaScript” under the “Content” tab

Use secure protocols: Verify that “Use SSL 3.0” and “Use TLS 1.0” are selected in the “Encryption” tab under “Advanced.”

 

No “Encryption” tab and no Enable JavaScript :ph34r:

 

Here is my Malwarebytes Anti-Malware results

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blondy Girl :: BLONDYGIRL [administrator]

2/15/2014 2:24:26 PM
mbam-log-2014-02-15 (14-24-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273522
Time elapsed: 52 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Also here is my ESET Online Scanner results

 

C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc    multiple threats

 

 

How the computer is running now?

 

 

Hmm maybe a little unstable...not often but at times it freezes and the page goes white and the icons go white  on the desk top (no actual icons just squares)

 

:wavey: Thank you so much for your time...really appreciate it

blondy

 

 

 



#18 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 16 February 2014 - 05:31 AM

Hello blondygirl,

ESET Online Scanner detects a PC Tuneup file like Windows Defender did.
C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc multiple threats
My advice is to remove AVG-PC-Tuneup:
How to Uninstall AVG PC Tuneup
 

***


How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo

#19 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 16 February 2014 - 02:01 PM

Hello Jo

 

System Idle Process is using constant 50 CPU

 

Turned on computer and clicked on Firefox Icon to go online....CPU usage is 49% and I have frozen white page

Firefox is using 225,336 memory usage

I've never had this happen where I freeze before my page even opens and this seems to be since I changed all my settings as per that article link you gave me about security

I have been frozen here now for over 25 minutes so I am going to turn it off and try again

 

I had to use internet explorer to get her to let you know what's happening.

 

Of course I can delete PC Tuneup

 

So I am wondering should I use my system restore and go back to Friday? That was before I did all the tweeking...my computer seemed to run a lot better allowing cookies and saving history :whistling: 

 

Thank you so much

 

blondy

 

 



#20 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 16 February 2014 - 02:27 PM

Hello blondygirl,

if you mean Friday 7 th February ( = 9 days ago), then a system restore would make sense.
 

There are 2 ways you could go on:

A ) system restore back to Friday 7 th Feb
 

or

B ) Uninstall PC Tuneup and then we had to clean your pc = remove the tools we used.


Which one do you choose?


Graduate of the WTT Classroom
Cheers,
Jo

#21 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 16 February 2014 - 03:57 PM

 
Hi Jo

 

Well I opened the instructions to remove the TuneUp....I do not have any icon to click on. A AVG folder opens everytime I turn on my computer...when I click on the folder there is a Rescue Folder and a PC Tuneup 2011.

 

In the Rescue Folder is a Folder Called PC Tuneup 2011 with two RSC files

 

The PC Tuneup folder has a logs folder and inside that is a startup manager text and an uninstall manager text

 

I am really sorry about everything

 

 

**edit** when shutting down the computer last night I got the error nsAppShell:Event Window

 

Same as this topic

 

http://forums.whatth...=1


Edited by blondygirl, 16 February 2014 - 07:14 PM.


#22 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 17 February 2014 - 11:30 AM

Hello blondygirl,


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O4 - HKCU..\Run: [ROC_ROC_JAN2013_AV] C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe ()

:Files
C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011
C:\Document and Settings\All Users\Application Data\AVG PC Tuneup 2011 
C:\Documents and Settings\Blondy Girl\Application Data\AVG PC Tuneup 2011
c:\windows\Tasks\ROC_ROC_JAN2013_AV.job
c:\windows\Tasks\ROC_REG_JAN_DELETE.job
c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign
c:\documents and settings\Blondy Girl\Application Data\AVG January 2013 Campaign

:Commands
[purity]
[emptytemp]

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the Fix OTL log.
Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:folderfind 
*Tuneup*

:regfind
Tuneup

***

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

Scan with Windows Defender: Do you still get warnings?
Graduate of the WTT Classroom
Cheers,
Jo

#23 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 17 February 2014 - 12:05 PM

Hello Jo

 

I've run the OTL program the text is below

I've tried to download the SystemLook to my desktop but it says it is not a valid Win32 Application

 

Thank you very much

blondy

 

OTL

 

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JAN2013_AV deleted successfully.
C:\Documents and Settings\Blondy Girl\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
File\Folder C:\Document and Settings\All Users\Application Data\AVG PC Tuneup 2011 not found.
File\Folder C:\Documents and Settings\Blondy Girl\Application Data\AVG PC Tuneup 2011 not found.
c:\windows\Tasks\ROC_ROC_JAN2013_AV.job moved successfully.
c:\windows\Tasks\ROC_REG_JAN_DELETE.job moved successfully.
c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign folder moved successfully.
c:\documents and settings\Blondy Girl\Application Data\AVG January 2013 Campaign folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Blondy Girl
->Temp folder emptied: 5113 bytes
->Temporary Internet Files folder emptied: 21219996 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5994995 bytes
->Flash cache emptied: 592 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 2282 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5110 bytes
 
Total Files Cleaned = 26.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02172014_104828

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#24 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 17 February 2014 - 12:23 PM

Hello blondygirl,

sorry - here are the links for 32bit Windows:

Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:folderfind 
*Tuneup*

:regfind
Tuneup
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



***


Scan with Windows Defender: Do you still get warnings?
Graduate of the WTT Classroom
Cheers,
Jo

#25 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 17 February 2014 - 01:25 PM

That one worked better :)

 

Defender did not find anything

 

Here is the Look report

 

Thank you again

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:05 on 17/02/2014 by Blondy Girl
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Tuneup*"
C:\Documents and Settings\Blondy Girl\Application Data\AVG\PC Tuneup 2011 d------ [01:57 22/12/2010]
C:\Documents and Settings\Default User\Application Data\TuneUp Software d------ [16:22 12/12/2012]
C:\Program Files\AVG\AVG10\Tuneup d------ [16:22 12/12/2012]
C:\_OTL\MovedFiles\02172014_104828\C_Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011 d------ [01:33 22/12/2010]

========== regfind ==========

Searching for "Tuneup"
[HKEY_CURRENT_USER\Software\Avg\PC Tuneup 2011]
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\LanguageResources]
"LangTuneUp"="OfficeCompleted"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\LanguageResources]
"LangTuneUp"="OfficeCompleted"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="AVG Tuneup"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604]
"001"="C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rsc]
"a"="C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}]
"LocalizedString"="@C:\Program Files\AVG\AVG10\Tuneup\TUMicroScanner.exe,-31415"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\Elevation]
"IconReference"="@C:\Program Files\AVG\AVG10\Tuneup\TUMicroScanner.exe,-27182"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~1\AVG\AVG10\Tuneup\TUMICR~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}\LocalServer32]
@="C:\PROGRA~1\AVG\AVG10\PCTuneup\MICROS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"fea_TuneUp"="MainFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGczfea_TuneUp__QTune"="fea_lng_cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGdafea_TuneUp__QTune"="fea_lng_da"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGesfea_TuneUp__QTune"="fea_lng_es"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGfrfea_TuneUp__QTune"="fea_lng_fr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGgefea_TuneUp__QTune"="fea_lng_ge"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGhufea_TuneUp__QTune"="fea_lng_hu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGidfea_TuneUp__QTune"="fea_lng_id"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGinfea_TuneUp__QTune"="fea_lng_in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGitfea_TuneUp__QTune"="fea_lng_it"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGjpfea_TuneUp__QTune"="fea_lng_jp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGkofea_TuneUp__QTune"="fea_lng_ko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGmsfea_TuneUp__QTune"="fea_lng_ms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGnlfea_TuneUp__QTune"="fea_lng_nl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGpbfea_TuneUp__QTune"="fea_lng_pb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGplfea_TuneUp__QTune"="fea_lng_pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGptfea_TuneUp__QTune"="fea_lng_pt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGrufea_TuneUp__QTune"="fea_lng_ru"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGscfea_TuneUp__QTune"="fea_lng_sc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGskfea_TuneUp__QTune"="fea_lng_sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGspfea_TuneUp__QTune"="fea_lng_sp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGtrfea_TuneUp__QTune"="fea_lng_tr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGusfea_TuneUp__QTune"="fea_lng_us"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGzhfea_TuneUp__QTune"="fea_lng_zh"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"LNGztfea_TuneUp__QTune"="fea_lng_zt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\77C40565F9B82BE43BB35C9B5FB0D546]
"fea_TuneUp__QTune"="MainFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files\AVG\AVG10\Tuneup\TUMicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG10\Tuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\0\win32]
@="C:\Program Files\AVG\AVG10\PCTuneup\MicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C8}\1.0\HELPDIR]
@="C:\Program Files\AVG\AVG10\PCTuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\AVG\AVG10\Tuneup\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D90B220196A0B8468186204023F1240]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\ShortcutCleaner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24BFC7D4EAF5F1848982C2D223038678]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\GainDiskSpace.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EDD331677022C34290CE6B51F9BFAC7]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\TuneUpCore.bpl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34444A84796B83745A38E949012992A6]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\DriveDefrag32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A1FF32C4FEF68F40BD7104C6AA049E1]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\TUDiskCleaner.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7EC2FD49E08F7B0428097BFD626CD1D0]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\RegistryCleaner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83712C7FAEC116247936FA331914F5CF]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\TUMicroScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF01CB5CBD668504FAB2FA7FF176C197]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\TuneUpAPI32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F371F603F1C84874F8EB048EFCD57838]
"77C40565F9B82BE43BB35C9B5FB0D546"="C:\Program Files\AVG\AVG10\Tuneup\TUDiskCleanerLite.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"fea_TuneUp"="G`QE?Kzct=*U,jW_B8-J+ptu@H6B3?BC(T2{G2TS['$qW~S&m8!edup?NC6'+[7d!Y}mF?A(T]8bGuC$mYcLgGtZWArAa~g2%Go,ti1X3Jok}=Jst_sai6?R-gP^x!tJD9[B}[4WiT,zcktVhX`pb8U,O[xDO]wN!iO8Gq{)k9E9pHEU,A)PMainFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGczfea_TuneUp__QTune"="@A8xr%-26@_]{DjUJ3XVfea_lng_cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGdafea_TuneUp__QTune"="A~KE]}02D98inf(_Z!!.fea_lng_da"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGesfea_TuneUp__QTune"="P[cjJmsUv@R73dU@E[]&fea_lng_es"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGfrfea_TuneUp__QTune"="m(N?nSN$`@lYR]J!uJ(wfea_lng_fr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGgefea_TuneUp__QTune"="'Y7!)%xL%=Rp~Fyx[MG_fea_lng_ge"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGhufea_TuneUp__QTune"="t-r62Gdlc8Eywp'jIj_zfea_lng_hu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGidfea_TuneUp__QTune"="zrZlsjSzf@KPkiy{GMBEfea_lng_id"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGinfea_TuneUp__QTune"="$D)Fs`4RO@JA39Gee1NUfea_lng_in"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGitfea_TuneUp__QTune"="+(uHLM+j.@jjNM)97,*@fea_lng_it"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGjpfea_TuneUp__QTune"="!FBlrRzb.?e!=v76N]%0fea_lng_jp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGkofea_TuneUp__QTune"="fy}hg'&jN?v%!k+Ej_${fea_lng_ko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGmsfea_TuneUp__QTune"="68fw97!$U9FI).HJjff*fea_lng_ms"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGnlfea_TuneUp__QTune"="m?S8ru_wP?22d?ewxg.mfea_lng_nl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGpbfea_TuneUp__QTune"="'2Y(VcT+cAEI0FX,M)Vafea_lng_pb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGplfea_TuneUp__QTune"="9J_4t[?sW=jold.Y^N8dfea_lng_pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGptfea_TuneUp__QTune"="2ksM=hX@K@tV=N`u3'0Lfea_lng_pt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGrufea_TuneUp__QTune"="S]Ct(4b~DAEUZylT=~d,fea_lng_ru"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGscfea_TuneUp__QTune"="H7T.y6d8l9[ZTcGZ^$-?fea_lng_sc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGskfea_TuneUp__QTune"="D!2EL.84VAR9]V=VG$Khfea_lng_sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGspfea_TuneUp__QTune"="tFbFP%Zv^=6,gu6PIV,!fea_lng_sp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGtrfea_TuneUp__QTune"="1Ecq(@v3h@c5H=D3paXOfea_lng_tr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGusfea_TuneUp__QTune"="XJ3%1ddqZ86zXl8Dy=r'fea_lng_us"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGzhfea_TuneUp__QTune"="YC]E1U%6r=kqccI=,+PNfea_lng_zh"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"LNGztfea_TuneUp__QTune"="n!A-?9Y)6A6LJV6{EtfSfea_lng_zt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77C40565F9B82BE43BB35C9B5FB0D546\Features]
"fea_TuneUp__QTune"="G`QE?Kzct=*U,jW_B8-J+ptu@H6B3?BC(T2{G2TS['$qW~S&m8!edup?NC6'+[7d!Y}mF?A(T]8bGuC$mYcLgGtZWArAa~g2%Go,ti1X3Jok}=Jst_sai6?R-gP^x!tJD9[B}[4WiT,zcktVhX`pb8U,O[xDO]wN!iO8Gq{)k9E9pHEU,A)PMainFea"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\tuneup.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\tuneup.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\tuneup.exe]
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Avg\PC Tuneup 2011]
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Microsoft\Office\11.0\Common\LanguageResources]
"LangTuneUp"="OfficeCompleted"
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Microsoft\Office\12.0\Common\LanguageResources]
"LangTuneUp"="OfficeCompleted"
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="AVG Tuneup"
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Microsoft\Search Assistant\ACMru\5604]
"001"="C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421"
[HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rsc]
"a"="C:\Documents and Settings\Blondy Girl\Application Data\AVG\Rescue\PC Tuneup 2011\101221183343421.rsc"

-= EOF =-


    Advertisements

Register to Remove


#26 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 17 February 2014 - 01:53 PM

Hello blondygirl,


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


    :OTL
    
    :Files
    C:\Documents and Settings\Blondy Girl\Application Data\AVG\PC Tuneup 2011 
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Avg\PC Tuneup 2011]
    [-HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Avg\PC Tuneup 2011]
    
    :Commands
    [purity]
    

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the Fix OTL log.

***


Are there any remaining issues?


***


Graduate of the WTT Classroom
Cheers,
Jo

#27 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 17 February 2014 - 02:04 PM

Hi Jo

 

Thank you again for your assistance...at the moment the only issue is the one I mentioned yesterday...about the error when I close the computer and not being able to open FireFox...

 

The AVG file is no longer opening everytime I start the computer and I am not getting any reports from the Windows Defender anymore

 

Here is the report from the OTL text

 

========== OTL ==========
========== FILES ==========
C:\Documents and Settings\Blondy Girl\Application Data\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Documents and Settings\Blondy Girl\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Documents and Settings\Blondy Girl\Application Data\AVG\PC Tuneup 2011 folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Avg\PC Tuneup 2011\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-789336058-2025429265-725345543-1004\Software\Avg\PC Tuneup 2011\ not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 02172014_130032

 

Thank you !!

blondy
 



#28 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 17 February 2014 - 03:08 PM

...at the moment the only issue is the one I mentioned yesterday...about the error when I close the computer and not being able to open FireFox...


Hello blondygirl,

please check if a Firefox Addon causes that problem:
Link
Could be an AVG or PC tuneup addon?
Graduate of the WTT Classroom
Cheers,
Jo

#29 blondygirl

blondygirl

    Authentic Member

  • Authentic Member
  • PipPip
  • 49 posts

Posted 17 February 2014 - 05:55 PM

Hello Jo :adios:

 

No add ons for either....I only have the adaware add on and a yahho tool bar addon which is disable cause at the moment their latest update doesn't support it

 

It happened after the stuff I did in post #16. When I shut down the computer I got the "nsAppShell:Event Window" error.

 

I removed it and then reinstalled it but it doesn't seem to have fixed anything

 

Thanking you

blondy

 

**edit I attached a picture of the errorhungapp.JPG


Edited by blondygirl, 17 February 2014 - 06:16 PM.


#30 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 18 February 2014 - 07:21 AM

Hello blondygirl,

try to restore firefox settings:
Reset Firefox – easily fix most problems
Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users