1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2403144 2013-11-13] ()
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://avg.nation.com/avgtbavg/search/web?cid={5DDCC39A-1768-4A65-B1F6-1706368FDFA3}&mid=33a27b5c7da247d386f82104e470021e-6185edbb78741edceb805eebace7fc7d38e79f1a&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-11-12 13:58:55&v=17.0.0.12&pid=nation&sg=0&sap=dsp&q={searchTerms}
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1733448 2013-11-12] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-12] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
2013-12-06 10:41 - 2013-12-06 10:41 - 00000000 ____D C:\Users\User\AppData\Local\AVG Secure Search
2013-12-06 10:33 - 2013-12-06 10:33 - 04434976 _____ (AVG Technologies) C:\Users\User\Desktop\avg_isct_stb_all_2014_4161.exe
2013-11-12 13:58 - 2013-11-12 13:57 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-13 16:11 - 2013-11-12 13:58 - 00000000 ____D C:\Program Files (x86)\AVG Nation toolbar
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
File: c:\windows\system32\services.exe
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
********** Next **********
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”