Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


AV Won't Start

  • Please log in to reply
4 replies to this topic

#1 mred27


  • Members
  • 56 posts
  • Gender:Male
  • Local time:01:11 PM

Posted 21 February 2014 - 05:46 PM

RE: Sony Vaio Laptop Running Win 7 Home Premium


Just replaced fan on laptop then Trend Titanium Internet Security would not start. Uninstalled Trend although clean boot left. Installed Avast Free 2014 with same issue, says protected then not protected. Cannot download even first update. Ran Malware Bytes Pro which detected two IOBIT slick savings. Said removed but Slick Savings BHO still in Firefox 27 drop down. Also, Yahoo tool bar myhsteriously installed and now Yahoo is default browser although it shows google in Firefox. Running Eset Online scan right now. Can you assist please? Thanks!

BC AdBot (Login to Remove)


#2 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:11 PM

Posted 21 February 2014 - 05:51 PM

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  •     Click on Change Parameters and click Detect TDLFS File System.
  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  •     Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  •     Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.
ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Please download MiniToolBox, and save it to your desktop and run it, and checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#3 mred27

  • Topic Starter

  • Members
  • 56 posts
  • Gender:Male
  • Local time:01:11 PM

Posted 21 February 2014 - 07:12 PM



TDSSKiller-Nothing Found



# AdwCleaner v3.019 - Report created 21/02/2014 at 18:40:57

# Updated 17/02/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : MY - MY-VAIO

# Running from : C:\Users\MY\Desktop\AdwCleaner.exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****


Folder Deleted : C:\ProgramData\TechSmith

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Windows\SysWOW64\hotspot shield

Folder Deleted : C:\Users\MY\AppData\Local\PackageAware

Folder Deleted : C:\Users\MY\AppData\Local\TechSmith

Folder Deleted : C:\Users\MY\AppData\Roaming\hotspot shield

Folder Deleted : C:\Users\MY\AppData\Roaming\TechSmith

Folder Deleted : C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\ww415is6.default\Extensions\anttoolbar@ant.com

File Deleted : C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\ww415is6.default\invalidprefs.js


***** [ Shortcuts ] *****


Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk


***** [ Registry ] *****


Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\Escolade

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\Software\NCH Software

Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.16518



-\\ Mozilla Firefox v27.0.1 (en-US)


[ File : C:\Users\MY\AppData\Roaming\Mozilla\Firefox\Profiles\ww415is6.default\prefs.js ]





AdwCleaner[R1].txt - [2700 octets] - [21/02/2014 18:39:38]

AdwCleaner[S0].txt - [2530 octets] - [21/02/2014 18:40:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2590 octets] ##########













Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows 7 Home Premium x64

Ran by MY on Fri 02/21/2014 at 18:48:16.13






~~~ Services




~~~ Registry Values




~~~ Registry Keys




~~~ Files




~~~ Folders




~~~ Event Viewer Logs were cleared







Scan was completed on Fri 02/21/2014 at 18:58:26.17

End of JRT log




Farbar Service Scanner Log File


Farbar Service Scanner Version: 16-02-2014

Ran by MY (administrator) on 21-02-2014 at 19:06:25

Running from "C:\Users\MY\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal



Internet Services:



Connection Status:


Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.



Windows Firewall:



Firewall Disabled Policy:




System Restore:



System Restore Disabled Policy:




Action Center:




Windows Update:



Windows Autoupdate Disabled Policy:




Windows Defender:



Other Services:




File Check:


C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit



**** End of log ****

#4 cryptodan


    Bleepin Madman

  • Members
  • 21,868 posts
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:11 PM

Posted 21 February 2014 - 10:00 PM

can you post the TDSS Log?

#5 mred27

  • Topic Starter

  • Members
  • 56 posts
  • Gender:Male
  • Local time:01:11 PM

Posted 21 February 2014 - 11:12 PM

Sorry but nothing found so didn't see a log.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users