Jump to content

AVG Toolbar log problem, cannot install Trend Micro Ti Security


Recommended Posts

Some how AVG installed a toolbar in my firefox brouser, (fat fingers or a family member no blame directed). Next thing I know my hard drive is full. Went online and found a fix, Delete the file (grown to greater than 4G!) then when it returns make it read only. Stopped using AVG and started using Trend Micro internet security with no further problems. My registration ran out when I tried to upgrade to TM Ti Maximum Security because the reg code was not compatible with internet security, worked with TM support and got no where. They said I had to remove AVG or their program would not install. I removed all AVG entries except a group which will not delete. (Cannot delete LEGACY_AVG_SECURITY_TOOLBAR_SERVICE: Error while deleting key.) HELP!

Link to post
Share on other sites

Welcome to the forum.

Have you run the uninstaller for AVG:

http://www.avg.com/ww-en/utilities

Then.......

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Thank you MrC, my problem was solved, just some notes/conformations. First I DL'd adwcleaner.exe from MalwareBytes and when I ran it nothing happened, it just put an entry in task Mgr process each time I ran the file. I then I ran RogueKiller which ran as expected but stopped adwcleaner, then I ran ComboFix twice, that looked to run correctly the second time. That was when your post came in, after reading it twice I used your link to adwcleaner, this time when I ran it a gui came up and I ran search and it produced a file (I'm attaching it here). Just for giggles I ran AVG uninstall for 2012 and 2013 again (I tried unsucessfully 2 weeks ago just got errors) now it ran all the way through with no errors. Since this all worked I tried trend install again sucessfully! should I uninstall adwcleaner files found during search? Also Why did ComboFix create an endless directory in C: drive?

 

 

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 17:52:43
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jim - STACYS_VAIO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jim\My Documents\Downloads\adwcleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Carol\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Jim\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\Stacy\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Stacy\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Stacy\Local Settings\Application Data\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Stacy\Application Data\Mozilla\Firefox\Profiles\wstljfy8.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\u6c1jzsa.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\1xjn7y62.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4606 octets] - [17/06/2013 17:52:43]

########## EOF - C:\AdwCleaner[R1].txt - [4666 octets] ##########AdwCleanerR1.txt

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner

Click on Delete button.

Confirm each time with OK if asked.

Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.


 

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

 

MrC

Link to post
Share on other sites

MrC,

Thanks again, ran ADWCleaner, search and delete (patience is important) here are the results.

Also can you reply to the questions I posted earlier?

 

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 21:13:06
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jim - STACYS_VAIO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Carol\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Stacy\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Stacy\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Stacy\Local Settings\Application Data\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Stacy\Application Data\Mozilla\Firefox\Profiles\wstljfy8.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\u6c1jzsa.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

File : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\1xjn7y62.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4735 octets] - [17/06/2013 17:52:43]
AdwCleaner[R2].txt - [4780 octets] - [19/06/2013 20:07:37]
AdwCleaner[s1].txt - [332 octets] - [19/06/2013 20:21:32]
AdwCleaner[s2].txt - [332 octets] - [19/06/2013 20:45:38]
AdwCleaner[R3].txt - [4958 octets] - [19/06/2013 21:00:13]
AdwCleaner[s3].txt - [4975 octets] - [19/06/2013 21:13:06]

########## EOF - C:\AdwCleaner[s3].txt - [5035 octets] ##########
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.