Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me help my Mom


  • Please log in to reply
14 replies to this topic

#1 Helping Mom

Helping Mom

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 22 October 2013 - 05:59 PM

So I had my gallbladder out and my mom is graciously helping me with my children while I recover.  (Thanks Mom!)

 

She has been having "some trouble" with her computer, so I said I'd take a look at it... Famous last words...

 

This is a windows Vista HP laptop.  It is running slowly.  Firefox 24.0 appears to be hijacked, I ran Malwarebytes on it and it found and removed 176 things.  I can't download spybot search and destroy.  She is running Avast.

 

So basically, I am out of my legue here.  She spends lots of time in hotels on unsecured networks too.

 

I need some step by step assistance in cleaning up this machine to get her back on track.

 

Thanks so much for your help!



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 22 October 2013 - 07:01 PM

Hello Helping Mom and Welcome -

A few quick things first -

Please stop me and ask if I am jumping ahead at all, or you do not understand.

Most things I post should be basic and will require Copy / Paste responses to any scans -

 

You say Malwarebytes Anti-Malware is installed.

Please Update the program (top line / Update) now run a Quick scan (in normal mode) and remove, or tick any found items and post the log back here.

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
 

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt). from your desktop

 

Thank You -



#3 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 October 2013 - 08:19 PM

Thanks so much for helping me!

 

Malware Log-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
CW Brewer :: CWBREWER-PC [administrator]

10/23/2013 7:40:11 PM
mbam-log-2013-10-23 (19-40-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241766
Time elapsed: 30 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\CW Brewer\AppData\Local\Temp\GNOWjv2t.exe.part (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

(end)
 

---------------------------------------------------------------

 Results of screen317's Security Check version 0.99.74  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Mozilla Thunderbird (3.0.8) Thunderbird out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

 

------------------------------------------------------------------------------------

MiniToolBox by Farbar  Version: 13-07-2013
Ran by CW Brewer (administrator) on 23-10-2013 at 21:18:31
Running from "C:\Users\CW Brewer\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Disconnected)
Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : CWBrewer-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
   Physical Address. . . . . . . . . : 00-1A-73-BB-16-6E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c057:a987:b5d2:2526%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.35(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, October 23, 2013 8:41:09 AM
   Lease Expires . . . . . . . . . . : Thursday, October 24, 2013 8:41:08 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184556147
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-C1-26-C2-00-1B-24-CE-7A-03
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-1B-24-CE-7A-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{77A0B16D-AC07-4CEF-9EB0-0D3EB8D36E52}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:149a:f97:3f57:fedc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::149a:f97:3f57:fedc%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : isatap.westell.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter.westell.com
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:802::1009
      74.125.228.72
      74.125.228.66
      74.125.228.78
      74.125.228.73
      74.125.228.64
      74.125.228.70
      74.125.228.65
      74.125.228.71
      74.125.228.67
      74.125.228.69
      74.125.228.68



Pinging google.com [74.125.228.68] with 32 bytes of data:

Reply from 74.125.228.68: bytes=32 time=46ms TTL=57

Reply from 74.125.228.68: bytes=32 time=47ms TTL=57



Ping statistics for 74.125.228.68:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 46ms, Maximum = 47ms, Average = 46ms

Server:  dslrouter.westell.com
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=85ms TTL=52

Reply from 98.138.253.109: bytes=32 time=85ms TTL=51



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 85ms, Maximum = 85ms, Average = 85ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 1a 73 bb 16 6e ...... Broadcom 802.11b/g WLAN
  8 ...00 1b 24 ce 7a 03 ...... NVIDIA nForce 10/100 Mbps Ethernet
  1 ........................... Software Loopback Interface 1
 17 ...00 00 00 00 00 00 00 e0  isatap.{77A0B16D-AC07-4CEF-9EB0-0D3EB8D36E52}
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 19 ...00 00 00 00 00 00 00 e0  isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
 21 ...00 00 00 00 00 00 00 e0  isatap.westell.com
 20 ...00 00 00 00 00 00 00 e0  isatap.{3C4C231C-BD71-4AC7-A165-5023550969D3}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.35     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.35    281
     192.168.1.35  255.255.255.255         On-link      192.168.1.35    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.35    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.35    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.35    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:9d38:6abd:149a:f97:3f57:fedc/128
                                    On-link
  9    281 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::149a:f97:3f57:fedc/128
                                    On-link
  9    281 fe80::c057:a987:b5d2:2526/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2013 09:35:00 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (10/23/2013 09:35:00 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (10/23/2013 09:34:57 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/23/2013 09:34:56 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (10/23/2013 08:33:59 AM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).

Error: (10/22/2013 06:36:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {88df97be-e077-4870-b465-b9ba7d45124b}

Error: (10/22/2013 08:40:51 AM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).


System errors:
=============
Error: (10/23/2013 08:44:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/23/2013 08:41:29 AM) (Source: Service Control Manager) (User: )
Description: cdrom

Error: (10/23/2013 08:41:29 AM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%20

Error: (10/23/2013 08:41:29 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/23/2013 08:29:22 AM) (Source: PlugPlayManager) (User: )
Description: The device 'Optiarc DVD RW AD-7561A ATA Device' (IDE\CdRomOptiarc_DVD_RW_AD-7561A_________________GH09____\5&15fb8ba2&0&0.0.0) disappeared from the system without first being prepared for removal.

Error: (10/23/2013 08:29:19 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/23/2013 08:29:08 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/22/2013 06:46:14 PM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus

Error: (10/22/2013 08:35:54 AM) (Source: Service Control Manager) (User: )
Description: 30000IPBusEnum

Error: (10/22/2013 08:35:54 AM) (Source: Service Control Manager) (User: )
Description: HP Software Framework Service%%1053


Microsoft Office Sessions:
=========================
Error: (10/23/2013 09:35:00 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (10/23/2013 09:35:00 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\system32\Secur32.dll4

Error: (10/23/2013 09:34:58 AM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (10/23/2013 09:34:57 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/23/2013 09:34:56 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (10/23/2013 08:33:59 AM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006)

Error: (10/22/2013 06:36:08 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {88df97be-e077-4870-b465-b9ba7d45124b}

Error: (10/22/2013 08:40:51 AM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006)


CodeIntegrity Errors:
===================================
  Date: 2013-10-20 00:42:02.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:42:02.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:42:01.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:42:00.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:59.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:58.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:57.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:56.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:56.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-20 00:41:55.236
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
6300 (Version: 82.0.242.000)
6300_Help (Version: 82.0.242.000)
6300Trb (Version: 82.0.242.000)
8600_Help (Version: 1.00.0000)
8600_Readme (Version: 1.00.0000)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11 (Version: 11)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 90.0.222.000)
Amazon Kindle
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ASUS WL-330gE Wireless AP (Version: 1.4.2.1)
avast! Free Antivirus (Version: 9.0.2006)
Battle Group (Version: 2.2.0.98)
BitPim 1.0.7 (Version: 1.0.7)
Bonjour (Version: 3.0.0.2)
BPD_HPSU (Version: 1.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.10.38.26)
BufferChm (Version: 90.0.146.000)
Catalina Savings Printer (Version: 1.0.0)
Conexant HD Audio (Version: 4.36.7.61)
Copy (Version: 90.0.146.000)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.4)
CVS Photo Editor Plus (Version: 1.20.0000)
Dark Matter (Version: 2.2.0.95)
Defender of the Crown - Heroes Live Forever (Version: 2.2.0.95)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DHTML Editing Component (Version: 6.02.0001)
DJ_AIO_ProductContext (Version: 90.0.236.000)
DJ_AIO_Software (Version: 90.0.222.000)
DJ_AIO_Software_min (Version: 90.0.222.000)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
DVD Shrink 3.2
eReg (Version: 1.20.138.34)
e-Rewards Notify (Version: 1.1.0.83)
ESU for Microsoft Vista (Version: 2.0.11.1)
F4100 (Version: 90.0.222.000)
F4100_doccd (Version: 90.0.222.000)
F4100_Help (Version: 90.0.222.000)
FATE - The Traitor Soul (Version: 2.2.0.95)
FATE - Undiscovered Realms (Version: 2.2.0.97)
FATE: The Cursed King (Version: 2.2.0.97)
Fax (Version: 82.0.188.000)
FlightGear 2.4.0
GameTreat Player
Google Chrome (Version: 30.0.1599.101)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)
Guerrilla Bob (Version: 2.2.0.97)
HDAUDIO Soft Data Fax Modem with SmartCP
Heavy Weapon (Version: 2.2.0.95)
HL-2270DW (Version: 1.0.6.0)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Customer Experience Enhancements (Version: 5.1.0.2278)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Deskjet All-In-One Software 9.0 (Version: 9.0)
HP Doc Viewer (Version: 1.01.0005)
HP Easy Setup - Frontend (Version: 5.1.0.2279)
HP Games (Version: 1.0.3.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8600 Help (Version: 28.0.0)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0)
HP Officejet Pro K8600 Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 10.7.4.0)
HP Product Detection (Version: 11.14.0006)
HP Quick Launch Buttons (Version: 6.50.14.1)
HP Smart Print 2.1 (Version: 2.1.0.235)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 5.005.000.002)
HP User Guides 0057 (Version: 1.03.0000)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
iTunes (Version: 10.4.1.10)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
K8600 (Version: 50.0.165.000)
LEGO Digital Designer
LightScribe  1.6.43.1 (Version: 1.6.43.1)
Logitech SetPoint 6.52 (Version: 6.52.74)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 90.0.146.000)
Massive Assault (Version: 2.2.0.95)
Massive Assault: Phantom Renaissance (Version: 2.2.0.95)
McAfee Security Scan Plus (Version: 3.8.130.8)
MemoLink
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mozilla Thunderbird (3.0.8) (Version: 3.0.8 (en-US))
MPM (Version: 1.00.0000)
MSCU for Microsoft Vista (Version: 1.0.1.3)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPLAP0503)
MyPoints Point Finder (Version: 1.658)
Netflix Movie Viewer (Version: 1.2.211)
NVIDIA Drivers (Version: 1.4)
NX Client for Windows 3.5.0-7 (Version: 3.5.0-7)
OpenAL
OpenOffice.org 2.4 (Version: 2.4.9286)
Palm Desktop by ACCESS (Version: 6.4.0.0)
ParetoLogic PC Health Advisor (Version: 3.1.4.0)
Penguins Arena (Version: 2.2.0.95)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.01.0000)
PuTTY version 0.60 (Version: 0.60)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.73.80.64)
RealArcade
Red Faction 2 (Version: 2.2.0.95)
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Samsung ML-4500 Series
Scan (Version: 9.0.0.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 90.0.146.000)
Splash
Status (Version: 110.0.180.000)
Sun VirtualBox (Version: 3.1.2)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
SySaver (Version: 2)
Tank-o-Box (Version: 2.2.0.98)
thinkorswim
Toolbox (Version: 82.0.173.000)
Toolbox (Version: 90.0.146.000)
Tornado Jockey (Version: 2.2.0.95)
Tradewinds 2 (Version: 2.2.0.95)
TrayApp (Version: 110.0.180.000)
Turbo Lister 2 (Version: 2.0.0)
Turbo Lister 2 (Version: 2.00.0000)
TurboTax Audit Support Center 3.0
Unity Web Player (Version: 2.6.1f3_31223)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update Installer for WildTangent Games App
VideoToolkit01 (Version: 90.0.146.000)
WD Diagnostics (Version: 1.07.0000)
WebEx
WebReg (Version: 90.0.146.000)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (HP Games) (Version: 4.0.10.15)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3070.49 MB
Available physical RAM: 1437.6 MB
Total Pagefile: 6367.45 MB
Available Pagefile: 4577.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:140.62 GB) (Free:26.43 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.79 GB) NTFS

========================= Users: ========================================

User accounts for \\CWBREWER-PC

Administrator            CW Brewer                Guest                    

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini012412-01.dmp
C:\Windows\Minidump\Mini020713-01.dmp
C:\Windows\Minidump\Mini060212-01.dmp
C:\Windows\Minidump\Mini110311-01.dmp
C:\Windows\Minidump\Mini111808-01.dmp

**** End of log ****
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 23 October 2013 - 10:35 PM

Hello -

It is nice to see a "generally clean" system like this one, without many problems.

The main note is that you have 2 Antivirus programs installed. You should only ever run 1 at a time -

Malwarebytes Anti-Malware is not an Antivirus, so keep it and Update it with your weekly scans.

 

Microsoft Security Essentials {You can only keep 1 Antivirus program}

I have left Uninstall instructions for avast! but please tell me if you want to keep avast! and remove M.S.E. instead.

 

Uninstall avast! Free Antivirus (Version: 9.0.2006) => Directions -
To Remove this First uninstall from Control Panel > Programs and Features
NEXT - How to uninstall avast! software using avastclear:
1.Download avastclear.exe on your desktop
2.Start Windows in Safe Mode (tapping F8 at start up)
3.Open (execute) the uninstall utility
4.If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5.Click REMOVE
6.Restart your computer

 

Java 7 Update 45 is currently updated (ignore the note)

 

Update Mozilla Thunderbird <=Follow the link

 

The internet seems a bit slow at the moment, I can see no reason ?

 

e-Rewards Notify (Version: 1.1.0.83) Just be aware that this program will track "some" of your internet activity, as you must agree to this when you sign up to them

 

 

Please download AdwCleaner by Xplode to your desktop.
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on Scan. (Only Once)
* Check the listed items and untick any you do not want removed.
* Click on Clean (Only Once) and confirm with OK if asked
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

 

Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

No log is produced from TFC, so leave it there -

Keep this program and run it weekly to remove Temp Files that are not needed.

 

Thank You -



#5 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 24 October 2013 - 07:34 PM

I think she would rather keep Avast, so I will need to uninstall MSE.

 

I ran the Temp File Cleaner without problems.

 

How do I know which of the files the ADWCleaner finds to keep?  I am including the log below, I haven't checked or unchecked anything yet.

 

And it seems like the browsers may be hijacked?  Or she just doesn't have any popup blocking installed on firefox (can you recommend some firefox extensions that might make her more secure?)

 

Thanks!

______________________

# AdwCleaner v3.010 - Report created 24/10/2013 at 20:29:23
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : CW Brewer - CWBREWER-PC
# Running from : C:\Users\CW Brewer\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\searchplugins\Conduit.xml
File Found : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\user.js
File Found : C:\Windows\System32\Tasks\paretologic registration3
File Found : C:\Windows\System32\Tasks\paretologic update version3
File Found : C:\Windows\System32\Tasks\PC Health Advisor
File Found : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Found : C:\Windows\Tasks\paretologic registration3.job
File Found : C:\Windows\Tasks\paretologic update version3.job
File Found : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Found : C:\Windows\Tasks\PC Health Advisor.job
Folder Found : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Found : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}(57)
Folder Found : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}(99)
Folder Found C:\Program Files\Common Files\ParetoLogic
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ParetoLogic
Folder Found C:\Program Files\Search Toolbar
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\Yontoo
Folder Found C:\ProgramData\Alawar Stargaze
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\CW Brewer\AppData\Local\Conduit
Folder Found C:\Users\CW Brewer\AppData\LocalLow\Billeo
Folder Found C:\Users\CW Brewer\AppData\LocalLow\Conduit
Folder Found C:\Users\CW Brewer\AppData\Roaming\24x7 help
Folder Found C:\Users\CW Brewer\AppData\Roaming\DriverCure
Folder Found C:\Users\CW Brewer\AppData\Roaming\iWin
Folder Found C:\Users\CW Brewer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Found C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\ConduitCommon
Folder Found C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\CT2260173
Folder Found C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\CT2260173
Folder Found C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Smartbar
Folder Found C:\Users\CW Brewer\AppData\Roaming\ParetoLogic
Folder Found C:\Users\CW Brewer\AppData\Roaming\Searchprotect
Folder Found C:\Users\CW Brewer\AppData\Roaming\Yontoo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\CompeteInc
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\CompeteInc
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.FCTB000100723Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.FCTB000100723Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100723.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\paretologic registration3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\paretologic update version3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\PC Health Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\PC Health Advisor Defrag
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\paretologic registration3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\paretologic update version3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\PC Health Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\PC Health Advisor Defrag
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic registration3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic update version3
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor Defrag
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SearchProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [14177 octets] - [24/10/2013 17:37:08]
AdwCleaner[R1].txt - [13875 octets] - [24/10/2013 20:29:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [13936 octets] ##########


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 24 October 2013 - 10:26 PM

I think she would rather keep Avast, so I will need to uninstall MSE.
No problem -

Go to Control Panel > Programs and Features and Right click on Microsoft Security Essentials and select Delete.
Use this FixIt to be sure it is removed => http://go.microsoft.com/?linkid=9775235

 

For AdwCleaner
Click on Clean (Only Once) and confirm with OK if asked
The computer may be Auto shut down and Rebooted to clean up.
Post a log back here -

 

Please read these 3 pop up blockers for Firefox (I do not use F/fox so I am limited)
Link 1 Learn what pop-up windows are and what settings Firefox has for blocking or allowing them.
Link 2 Adblock Plus Pop-up Addon :: Add-ons for Firefox - Mozilla Add-ons
Link 3 Adblock Plus :: Add-ons for Firefox - Mozilla Add-ons

 

Thanks



#7 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 25 October 2013 - 07:04 PM

Ok-  Here is the ADW cleaner log-

 

And I am uninstalling MSE, and getting her a pop up blocker.  THe machine seems to be running much better already, though the browser still is having problems.

 

_________________

 

# AdwCleaner v3.010 - Report created 25/10/2013 at 11:16:49
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : CW Brewer - CWBREWER-PC
# Running from : C:\Users\CW Brewer\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\ParetoLogic
[x] Not Deleted : C:\ProgramData\Alawar Stargaze
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
[x] Not Deleted : C:\Program Files\Conduit
[x] Not Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Yontoo
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
[x] Not Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\CW Brewer\AppData\Local\Conduit
Folder Deleted : C:\Users\CW Brewer\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\CW Brewer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\iWin
[x] Not Deleted : C:\Users\CW Brewer\AppData\Roaming\ParetoLogic
[x] Not Deleted : C:\Users\CW Brewer\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Yontoo
[x] Not Deleted : C:\Users\CW Brewer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\ConduitCommon
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Smartbar
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\CT2260173
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}(57)
Folder Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}(99)
Folder Deleted : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\searchplugins\Conduit.xml
File Deleted : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\user.js
File Deleted : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[x] Not Deleted : C:\Windows\Tasks\paretologic registration3.job
[x] Not Deleted : C:\Windows\System32\Tasks\paretologic registration3
[x] Not Deleted : C:\Windows\Tasks\paretologic update version3.job
[x] Not Deleted : C:\Windows\System32\Tasks\paretologic update version3
File Deleted : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Deleted : C:\Windows\Tasks\PC Health Advisor.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic registration3
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1C23C84-5FF8-4625-9C8F-5971DD0E3E8B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1C23C84-5FF8-4625-9C8F-5971DD0E3E8B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic update version3
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0AD06FF-2877-4FD8-AAC0-DB92ABBFBB97}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0AD06FF-2877-4FD8-AAC0-DB92ABBFBB97}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor Defrag
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7105A592-6C85-4001-9B9B-14AD859E9AD4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7105A592-6C85-4001-9B9B-14AD859E9AD4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Advisor
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DCBE1B9-5D33-4414-A4A4-8014FFE4F940}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DCBE1B9-5D33-4414-A4A4-8014FFE4F940}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.FCTB000100723Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.FCTB000100723Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100723.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
[x] Not Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
[x] Not Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\CW Brewer\AppData\Roaming\Mozilla\Firefox\Profiles\4o3439md.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\CW Brewer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14177 octets] - [24/10/2013 17:37:08]
AdwCleaner[R1].txt - [14017 octets] - [24/10/2013 20:29:23]
AdwCleaner[S0].txt - [14322 octets] - [25/10/2013 11:16:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14383 octets] ##########
 


Edited by Helping Mom, 25 October 2013 - 07:24 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 25 October 2013 - 07:30 PM

Sounds OK -

Re-open AdwCleaner and hit Uninstall to finally clear the program and all contents.

You are not able to Update it, so you just reinstall if needed again and it will be updated.

 

 

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection A/virus software now just to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a short while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

Go - Programs > Accessories > System tools and run Disk Cleanup (tick all boxes)

This will compress and sort out any remaining Temp files (may seem stuck at times as it can be slow)

Agree to the next box - You will go to your normal screen when finished

 

Also go back and run Defragmenter while there.

If there are quite a few RED lines, this may take a while, but if it is mainly BLUE it may finish in 10 to 15 minutes.

Note that you can cancel out at any time, and come back later.

 

The above 2 items are weekly tasks to run at any spare time with Temp File Cleaner program

 

Almost done with looking after MOM .......

 

Thank You -



#9 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 26 October 2013 - 09:19 AM

JRT Log, didn;t run as administrator, will run again and post new log too.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by CW Brewer on Sat 10/26/2013 at 10:12:14.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8d625101-ab80-4aa8-ac62-bfc51eef91a5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8d625101-ab80-4aa8-ac62-bfc51eef91a5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\CW Brewer\AppData\LocalLow\FCTB000060497
Successfully deleted: [Folder] C:\Users\CW Brewer\AppData\LocalLow\FCTB000100723
Successfully deleted: [Folder] "C:\Users\CW Brewer\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\CW Brewer\AppData\Roaming\mozilla\firefox\profiles\4o3439md.default\searchplugins\bing-zugo.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org"
Successfully deleted: [Folder] C:\Users\CW Brewer\AppData\Roaming\mozilla\firefox\profiles\4o3439md.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
Successfully deleted: [Folder] C:\Users\CW Brewer\AppData\Roaming\mozilla\firefox\profiles\4o3439md.default\extensions\staged
Emptied folder: C:\Users\CW Brewer\AppData\Roaming\mozilla\firefox\profiles\4o3439md.default\minidumps [541 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\CW Brewer\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Successfully deleted: [Folder] C:\Users\CW Brewer\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/26/2013 at 10:16:24.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 26 October 2013 - 09:27 AM

I ran JRT as administrator and it didn't find anything else.  I am running disk clean up now and will defrag the hard drive when it gets finished.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 26 October 2013 - 03:27 PM

Thank you for the updates -

 

You have done very well, and I am glad you stayed with me (us)  :hug:



#12 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 26 October 2013 - 09:21 PM

So does this mean we have come to the end?  How can I thank you for all of your help?



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 26 October 2013 - 10:45 PM

If you finished Post #10 then I would just like you to tell me if things are a bit better.

You can give me a wave and say thanks (thats all we ask) .............

 

The problem is Vista on HP laptops (always a bummer) but that was not your choice.

Right click > Delete any other tools (ask if you want to keep any)

 

I hope you are better as well as the computer -

 

Regards -



#14 Helping Mom

Helping Mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 28 October 2013 - 09:01 AM

I have finished all of the steps, and Mom says the computer hasn't run this well in years!

 

So I am better, and now my mom can get back to her couponing.

 

Thanks so much! 



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:48 AM

Posted 28 October 2013 - 02:24 PM

So I am better, and now my mom can get back to her couponing.

OOps - I may have removed the Coupon program, but you can always reinstall if I did

This is just part of some Clean ups - Your  choice to reinstall if I did.

 

I will watch here for a couple of days if there are other problems ....

 

Good bye -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users