Bad Image Exe Problems

jcvarn · Dec 27, 2012

I first noticed a problem with my computer when I tried to download IE9 (beta). My IE would only close and open in a continuous loop. I also noticed around this time my Firefox search engine kept coming up as "Claro". Now, I have to go through a lot of bad image exe files to use the computer and they reappear any times I use an exe file.

I read your instructions and I am attaching my results
Sorry my files are on another computer. I apologize

jcvarn · Dec 27, 2012

Here are my attachments from running the malware programs as described in "Read and Run Me First."

I had no results from Malwarebytes scan. I had trouble running GMtools. It only gave me a file entitled Getunkey.txt. Thanks for any help yo can give me.

Kestrel13! · Dec 27, 2012

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Vista and Windows 7 users Right-click OTL and choose Run as Administrator)

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

jcvarn · Dec 28, 2012

Bad Image Exe problem

I could not get JRT program to work. When my exe error messages come up, it would not do anything. When I tried to close some of them, it would say backing up registry, but it would not do anything else. I let it run like that for two hours. When I tried to close the other exe error messages after it said running back up, it said something about Startup. When I continued to close other message errors, it would get to reg.exe error message and I could not get rid of this message.

I am sending you the logs from the OLT. I hope you can help me with these or other programs. Thanks for responding to my message.

jcvarn · Dec 28, 2012

I just realized what a bump is. I apologize for making a new post. I will not do it again

I could not get JRT program to work. When my exe error messages come up, it would not do anything. When I tried to close some of them, it would say backing up registry, but it would not do anything else. I let it run like that for two hours. When I tried to close the other exe error messages after it said running back up, it said something about Startup. When I continued to close other message errors, it would get to reg.exe error message and I could not get rid of this message.

I am sending you the logs from the OLT. I hope you can help me with these or other programs. Thanks for responding to my message.

chaslang · Dec 28, 2012

Look in Add/Remove Programs and uninstall any of the below if you see them:
Ad-Aware Antivirus
Babylon
DriverCure
OpenCandy
PCCleaner
RegistryCleanerFree
SpeedyPC Software

No matter what happens with the above, continue with the below.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:OTL
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [URL]http://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_6&babsrc=SP_clro&mntrId=7869163e0000000000000026c79aec11[/URL]
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..extensions.enabledAddons: hycbjasxzk%40hycbjasxzk.org:1.0
FF - prefs.js..keyword.URL: "[URL]http://www.claro-search.com/?affID=114508&tt=4412_6&babsrc=KW_clro&mntrId=7869163e0000000000000026c79aec11&q[/URL]="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/02 20:26:49 | 000,000,000 | ---D | M]
[2012/11/28 15:52:59 | 000,000,000 | ---D | M] (ShopToWin17) -- C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}
[2012/06/08 07:51:02 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\extensions\links@rivalgaming.com
[2012/12/28 10:40:09 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\extensions\superfish@superfish.com
[2012/08/10 12:08:23 | 000,001,678 | ---- | M] () (No name found) -- C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\extensions\hycbjasxzk@hycbjasxzk.org.xpi
[2012/11/02 20:26:49 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012/12/04 22:11:37 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/30 15:53:28 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: Settings Protector = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
O3:[B]64bit:[/B] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16:[B]64bit:[/B] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab[/URL] (Java Plug-in 10.4.0)
O16:[B]64bit:[/B] - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab[/URL] (Java Plug-in 1.6.0_21)
O16:[B]64bit:[/B] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab[/URL] (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[/URL] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab[/URL] (Java Plug-in 1.6.0_27)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\BROWSE~1.DLL ()
[2012/12/28 10:17:57 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\Desktop\New folder (2)
[2012/12/28 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\Desktop\New folder
[2012/12/04 13:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/11/29 16:19:28 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\Documents\New folder
[2012/08/17 08:45:43 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\Ad-Aware Antivirus
[2012/10/30 15:52:57 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\Babylon
[2010/02/01 16:11:02 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\DriverCure
[2012/10/31 15:28:06 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\OpenCandy
[2012/01/13 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\PCCleaner
[2012/02/03 16:04:48 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\RegistryCleanerFree
[2010/02/01 16:11:02 | 000,000,000 | ---D | M] -- C:\Users\jcvarn\AppData\Roaming\SpeedyPC Software
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:862BDB1A
:Files
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
C:\Users\jcvarn\AppData\LocalLow\Claro LTD
C:\Users\jcvarn\AppData\LocalLow\Claro LTD\claro\Microsoft\Windows\IETldCache
C:\Users\jcvarn\AppData\LocalLow\Claro LTD\claro\Microsoft\Windows\IETldCache\index.dat
C:\Users\jcvarn\AppData\Roaming\Babylon
C:\Users\jcvarn\AppData\Roaming\Babylon\log_file.txt
C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\bprotector_extensions.sqlite
C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\bprotector_prefs.js
C:\Users\jcvarn\AppData\Roaming\Babylon
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1000\Software\AppDataLow\AskToolbarInfo]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\DataMngr]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]
[-HKEY_USERS\S-1-5-21-2756754224-584251288-2562041517-1002\Software\Softonic]
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]

[REBOOT]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (See: How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the log from OTL
C:\MGlogs.zip

Make sure you tell me how things are working now!

jcvarn · Dec 29, 2012

Bad exe image file windows have stopped coming up. I ran both the OTL and the MGtools and am attaching the results. Batch file did not come up am retrying. It says getlogs.bat is an invalid file.

jcvarn · Dec 29, 2012

I realized I was looking for the wrong file. I am attaching MGlogs.zip.

chaslang · Dec 29, 2012

Okay we have a few more leftovers to remove.

Uninstall the below very old versions of software:
Java(TM) 6 Update 21 (64-bit)
Java(TM) 6 Update 27
Java(TM) 6 Update 3
Java(TM) 7 Update 4 (64-bit)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)

Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
Code:
:Files
C:\ProgramData\Babylon
C:\ProgramData\Browser Manager
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\Program Files (x86)\Norton Internet Security
C:\Program Files (x86)\NortonInstaller
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Common Files\Symantec Shared
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3CB8AE7-7320-41AC-82E3-786005664F5E}]
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]

[REBOOT]
Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.

If the fix needed a reboot please do it.

Click the OK button (upon reboot).

When OTL is finished, Notepad will open. Close Notepad.

A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Attach this log to your next message. (See: How to attach)

See if you can now run the JRT program Kestrel13! asked you to run.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the log from OTL

JRT.txt log if it ran.

C:\MGlogs.zip

Make sure you tell me how things are working now!

jcvarn · Dec 29, 2012

Here are the new scans I did.

chaslang · Dec 29, 2012

Looks better now.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 6 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

jcvarn · Dec 29, 2012

I followed all the direction you gave me, but some problems still remain. Maybe you can give me some advice.

1. Claro search still appears in Google Chrome along with AVG search
2. Was it right for me to choose C: drive for resimulation
3. Internet 9 was never installed properly and is still looping to claosing and opening
4. Cannot establish a wireless connection with my router
5. No audio device output

Thanks for all of the help.

Jim

chaslang · Dec 30, 2012

jcvarn said: ↑

I 1. Claro search still appears in Google Chrome along with AVG search
Click to expand...

Uninstall Chrome and then reboot your PC. After reboot delete the below folder:

C:\Users\jcvarn\AppData\Local\Google

You must delete this folder before reinstalling Chrome otherwise you will still have Claro problems. You can get the most recent stable Chrome from the below link:

Google Chrome 23.0.1271.97 Stable

jcvarn said: ↑

2. Was it right for me to choose C: drive for resimulation
Click to expand...

I don't know what you are referring to? What is resimulaion?

jcvarn said: ↑

3. Internet 9 was never installed properly and is still looping to claosing and opening
Click to expand...

Uninstall it. Issues like this should be worked in the Software Forum.

jcvarn said: ↑

4. Cannot establish a wireless connection with my router
Click to expand...

You last logs did not show any wireless drivers/interface. You will have to reinstall the software. However I double checked now and one MGtools log showed the below for your Wifi service
Code:
___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit  NETwNs64             Manual     Stopped 
which indicates it is stopped. But this may just be the result of the fact that other drivers are missing.

Again an issue for the Software Forum and potentially Networking Forum in this case.

jcvarn said: ↑

5. No audio device output
Click to expand...

Another issue for the Software Forum. You may have missing drivers that need to be reinstalled. Check Device Manager to see if there are any problems being shown for Sound devices as well as your above wireless networking issue.

chaslang · Dec 30, 2012

Here is something that may be worth a shot running though.

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)

Now select the Start Repairs tab.

The click the Start button.

Create a System Restore point if prompted.

On the next screen, click the Unselect All button to first deselect all repairs.

Now select the following repair options:

Reset Registry Permissions

Reset File Permissions

Register System Files

Repair WMI

Repair Windows Firewall

Remove Policies Set By Infections

Repair Winsock & DNS Cache

Repair Proxy Settings

Repair Windows Updates

Set Windows Services To Default Startup

Now on the lower right side check the box to Restart/Shutdown System When Finished

Then make sure the Restart System radio button is enabled.

Shutdown any other programs that you are running now before continuing.

Now click the Start button.

Be patient while the tool repairs the selected items.

It should reboot automatically when finished.

jcvarn · Jan 9, 2013

The problem I had with my computer has returned. I can use my internet but the programs are unable to update. Most of the programs would not update and would not run. Is there anything I can do to get started to begin to use the other programs. The RK prgram will not get beuond MBR.Malwarebytes will not update; it is 26 days old. It showed no infections.TDSKILLer showed no infections (I think this was the program.) The Hitman could not update so could not finish.
Jim

jcvarn · Jan 10, 2013

I was not able to run MGtools or Junk Ware Removal. I was able to run OTL. I am attaching the log.

jcvarn · Jan 10, 2013

I was able to get hitman pro to give me a log.
Jim

jcvarn · Jan 10, 2013

Here is a log from TDSKiller.

jcvarn · Jan 10, 2013

I don't know it this file will help but they were backups before my computer crashed. I had another one but it would not upload because it did not have a security token. :cry:cry

jcvarn · Jan 10, 2013

I unchecked MBR in RogueKiller and was able to get a scan and log. Here it is.

chaslang · Jan 12, 2013

Why do you have so many security programs installed including multiple antivirus programs which the READ & RUN ME FIRST clearly states not to do?????

Uninstall ALL of the below and then reboot your PC and tell me if you have internet access.
AVAST
AVG
IObit Malware Fighter
DAP
Privacyware << this is Privatefirewall 7.0
SpeedBit Video Accelerator

jcvarn · Jan 12, 2013

I have deleted alll the programs. I still cannot delete AVG 2011.

chaslang · Jan 12, 2013

I hope you meant "uninstall" and not "delete" which are not the same thing.

Please run this >> AVG Remover

And no matter what happens with the above, continue on to do the below.

Now try to run MGtools.exe by right clicking on it and selecting Run As Administrator. Look for the C:\MGlogs.zip file to see if one gets created and attach it.

If MGtools.exe does not run, tell me exactly what happens.

Did you ever run Windows Repair as requested back in December? Basically you never completed your last attempt at fixing problems since you never responded to the last two messages I posted.

jcvarn · Jan 12, 2013

I did run Windows repair. My machine was working fine until I used a flash drive that I did not realize had beeen used in the infected computer.

I don't think Gmtools finished but here is the zip file.

chaslang · Jan 12, 2013

jcvarn said: ↑

I don't think Gmtools finished but here is the zip file.
Click to expand...

Did you wait for it to tell you it was finished? See the image here >Using MGtools

Right click on C:\MGtools\ReZip.bat and select Run As Administrator, then look in the C:\MGtools folder for a slightly different zip file name MGlogsR.zip Attach it.

jcvarn · Jan 12, 2013

I tried to run it and it began to work but error messages started popping up and the program eventually closed out after I tried to get rid of the error messages since it would not work at all until I tried to get rid of them. I did not have enough time to see a finished message but I found the zip file and sent it in case it did finish.
Jim

jcvarn · Jan 12, 2013

I cannot find the file you are asking for and the C:/ directory. I do find to files on the C:/MGtools/ReZip.bat and C:/MGtools/ReZipp2.bat

jcvarn · Jan 12, 2013

Sorry, I misread your post. Here is the file you want.

chaslang · Jan 12, 2013

Okay something is still blocking MGtools from running properly so let's see if we can get started by using OTL which you already ran a scan with. Note that some items in the below fix are redundant just to make sure all the uninstalls I requested have worked.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

Double-click OTL.exe to run. (if running Vista, Win7, or Win8 use right-click and select Run as Administrator)
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:OTL
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Program Files (x86)\DAP\DAP.exe (Speedbit Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
MOD - C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll ()
MOD - C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll ()
MOD - C:\ProgramData\SpeedBit\DAP\Plugins\AddonsCondition.dll ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (PFNet) -- C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:[b]64bit:[/b] - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:[b]64bit:[/b] - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:[b]64bit:[/b] - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:[b]64bit:[/b] - (pwipf6) -- C:\Windows\SysNative\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:[b]64bit:[/b] - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
IE - HKLM\..\SearchScopes,DefaultScope = {B3CB8AE7-7320-41AC-82E3-786005664F5E}
IE - HKLM\..\SearchScopes\{B3CB8AE7-7320-41AC-82E3-786005664F5E}: "URL" = [URL]http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox[/URL]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0A05EA7F-0F7F-4E4A-97AD-E9044EBD5FC2}: "URL" = [URL]https://isearch.avg.com/search?cid={B9338601-8799-4B86-832C-3B2EFCAEA0CF}&mid=90698a651a6b47d6aa8269e52921b165-e75de8500841460d6c00e28779e1a259de7c9150&lang=en&ds=gm011&pr=sa&d=2012-05-29[/URL] 11:20:07&v=11.1.1.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [URL]http://search.babylon.com/?q={searchTerms}&affID=110801&tt=0113_8&babsrc=SP_ss&mntrId=7869163e0000000000000026c79aec11[/URL]
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/01/19 23:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2012/11/27 08:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2012/11/27 08:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2012/11/27 08:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/29 22:10:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012/11/27 08:31:59 | 000,000,000 | ---D | M]
[2013/01/04 08:18:49 | 000,002,432 | ---- | M] () -- C:\Users\jcvarn\AppData\Roaming\Mozilla\Firefox\Profiles\5ofi3ylr.default\searchplugins\babylon1.xml
[2013/01/04 08:18:32 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: DAP Link Checker = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: avast! WebRep = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\jcvarn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SPEEDbit)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (Speedbit Ltd.)
O8:[b]64bit:[/b] - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:[b]64bit:[/b] - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - c:\ProgramData\BROWSE~1\261040~1.25\{C16C1~1\BROWSE~1.DLL ()
[2013/01/04 08:18:16 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\AppData\Roaming\Babylon
[2013/01/04 08:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/12/29 22:56:50 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\AppData\Local\Privatefirewall
[2012/12/29 22:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2012/12/29 22:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2012/12/29 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Privacyware
[2012/12/29 22:10:41 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/12/29 22:10:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/12/29 22:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/12/29 22:10:40 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/12/29 22:10:40 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/12/29 22:10:39 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/12/29 22:10:39 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/12/29 22:10:39 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/12/29 22:10:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/12/29 22:10:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/29 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/12/29 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/12/26 15:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/12/26 14:53:15 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\AppData\Roaming\AVG
[2012/12/26 14:50:45 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\Desktop\AGV PC Tune Up
[2012/12/29 22:31:23 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/12/29 22:10:41 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/26 15:55:41 | 000,001,179 | ---- | M] () -- C:\Users\jcvarn\Desktop\AVG PC Tuneup 2011.lnk
[2012/12/29 22:10:41 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/12/26 15:55:41 | 000,001,179 | ---- | C] () -- C:\Users\jcvarn\Desktop\AVG PC Tuneup 2011.lnk
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (See: How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the log from OTL
C:\MGlogs.zip

Make sure you tell me how things are working now!

jcvarn · Jan 13, 2013

I did the run fix and it stopped responding when it got to some AVG scripts. I never was able to delete this program. What do I do now?

jcvarn · Jan 13, 2013

The OTL finsihed without a problem. I did the MGtools. I am attaching the logs.

chaslang · Jan 13, 2013

Okay something is still stopping MGtools from running completely. Let's run new followup scan with OTL with the below instructions.
Right-click and select Run as Administrator on the OTL icon on your desktop.

Check the "Scan All Users" checkbox.

Check the "Standard Output".

Change the setting of "Drivers" and "Services" to "All"
Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
Code:
activex
netsvcs
drives
%systemdrive%\*.*
%systemdrive%\MGtools\*.*
%systemroot%\*. /mp /s
%allusersprofile%\application data\*.exe
Now click the Run Scan button.

Two reports will be created:

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

Attach both OTL.txt and Extras.txt to your next message. (See how to attach)

jcvarn · Jan 13, 2013

I did not see Extras minimized. Could it be somewhere on the computer? There was a notepad minimized and Untitled with nothing in it

chaslang · Jan 13, 2013

It appears that the previous OTL fix did not fix everything. Let's try again but this time do the below OTL fix in safe boot mode. And if that still fails, we will use a different too.

At this point you should have no protection software installed anymore since we previously uninstall it.

Double-click OTL.exe to run. (if running Vista, Win7, or Win8 use right-click and select Run as Administrator)
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:OTL
PRC - [2012/09/06 11:06:42 | 001,607,552 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
IE:[B]64bit:[/B] - HKLM\..\SearchScopes,DefaultScope = {AAB65371-9C27-44E2-A976-4D92A1A6CB9C}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {B3CB8AE7-7320-41AC-82E3-786005664F5E}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {B3CB8AE7-7320-41AC-82E3-786005664F5E}
IE - HKU\S-1-5-21-2756754224-584251288-2562041517-1000\..\SearchScopes\{0A05EA7F-0F7F-4E4A-97AD-E9044EBD5FC2}: "URL" = [URL]https://isearch.avg.com/search?cid={B9338601-8799-4B86-832C-3B2EFCAEA0CF}&mid=90698a651a6b47d6aa8269e52921b165-e75de8500841460d6c00e28779e1a259de7c9150&lang=en&ds=gm011&pr=sa&d=2012-05-29[/URL] 11:20:07&v=11.1.1.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2756754224-584251288-2562041517-1002\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
O2:[B]64bit:[/B] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-2756754224-584251288-2562041517-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-2756754224-584251288-2562041517-1000..\Run: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-2756754224-584251288-2562041517-1000..\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP File not found
O4 - HKU\S-1-5-21-2756754224-584251288-2562041517-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SPEEDbit)
[2013/01/12 23:10:19 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\AppData\Roaming\AVG
[2013/01/12 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\jcvarn\AppData\Local\Avg2013
[2013/01/10 16:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/01/09 22:56:26 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/01/09 22:39:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/09 14:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BROWSE~1
[2012/12/26 19:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/12 23:12:42 | 000,091,511 | ---- | M] () -- C:\MGlogs.zip
[2013/01/12 16:30:20 | 001,079,082 | ---- | M] () -- C:\AVGInstLog.cab
[2013/01/09 22:55:59 | 001,897,963 | ---- | M] () -- C:\MGtools (2).exe
[2012/11/01 07:13:47 | 000,002,505 | ---- | M] () -- C:\aaw7boot.log
[2010/02/03 03:22:26 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
:Files
C:\Program Files (x86)\AVG
C:\Program Files (x86)\DAP
C:\Program Files (x86)\IObit
C:\Program Files (x86)\SpeedBit Video Accelerator
C:\MGtools
C:\MGtools (2).exe
C:\MGlogs.zip
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
 
 

[REBOOT]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (See: How to attach)

After rebooting back into normal boot mode, continue with the below.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

the log from OTL
C:\MGlogs.zip

Make sure you tell me how things are working now!

jcvarn · Jan 13, 2013

Here are the logs.

chaslang · Jan 13, 2013

And now that we finally have all the excess protection programs removed, MGtools finally runs all the way to the end.

Are you have any current problems?

jcvarn · Jan 13, 2013

No, everything seems to be running fine. No problems on start up, no error messages. Runs a little slow. Should I run the Windows tweaking program again?

Is there anything else I need to do? Can you recommend the antivirus, firewall, and spyware programs to use. I think I will renew my norton subscription for antivirus, use malwarebytes for malware, and windows? for firewall.

Thanks again for all your help. You provide a great service. jim

chaslang · Jan 14, 2013

jcvarn said: ↑

No, everything seems to be running fine. No problems on start up, no error messages. Runs a little slow. Should I run the Windows tweaking program again?n
Click to expand...

You can run it but it is not a performance tweak, it is a repair tool. When you say "runs a little slow" this basically has very little meaning to us. We need specifics like.

Please explain what operations are slow! For example answer the below:

Is boot up slow?

Is shutdown slow?

Is browsing/surfing slow? If yes, also answer the below sub-questions

What type of connection to the internet do you use ( DSL, Cable, FIOS,etc)?

What browser are you using? Have tried more than one?

Is downloading slow?

Is running any/every application?

Is it also slow in safe boot mode?

Also are any processes showing in Task Manager to be using a lot of CPU time?

Anything else slow?

jcvarn said: ↑

Is there anything else I need to do?
Click to expand...

The same Final instructions as in message # 11 since there is no malware to remove.

jcvarn said: ↑

Can you recommend the antivirus, firewall, and spyware programs to use. I think I will renew my norton subscription for antivirus, use malwarebytes for malware, and windows? for firewall.
Click to expand...

I would not be recommending Norton especially if you think your PC slow already. And what exactly was your subscription for?

Bad Image Exe Problems

jcvarn Private E-2

jcvarn Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

jcvarn Private E-2

Attached Files:

jcvarn Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

Attached Files:

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

jcvarn Private E-2

Attached Files:

jcvarn Private E-2

Attached Files:

jcvarn Private E-2

Attached Files:

jcvarn Private E-2

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

jcvarn Private E-2

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

jcvarn Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member