Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser and anti virus programs become disabled


  • Please log in to reply
25 replies to this topic

#1 MitziNadine

MitziNadine

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 03 May 2014 - 03:26 PM

Hello,

 

I am trying to help solve problems with my husbands laptop.

 

It is an Asus with Windows 7 Home Premium, SP 1 64 bit.

 

Recently something has gone wrong anytime we try to watch a video from places like Xfinity or MSN main pages.  The news videos (I think they are mainly youtube videos), cause the browser and the Norton Anti virus programs to become disabled.

 

The system has crashed twice, but not since I restored it to a previous date to this problem.

 

There may be other programs which become disabled as well, and we may just not be aware of them yet.

 

I don't really know where to look for the solution.  The troubleshooter in the Control Panel cannot identify the problem.

 

I did look in the Device Manager in hopes of finding a clue. I did see a problem in the area for Network Adapters.  There is one with a yellow warning.  It is called "Teredo Tunneling Pseudo Interface.  No idea what this is for.

 

I clicked on it and at the General tab > Device Status it indicates "This device cannot start." (Code 10)

In the Driver tab, it appears as "Disabled", so it should not be causing a problem ....unless it needs to be enabled. 

 

The problem only became evident when I clicked on a video.  There was some scripting at the bottom of the page, and I remember seeing the word "Debug" but I just got out of the video.  It had already disabled the browser and I could not get to any sites.  I restarted, but still the browser was not working and there was a warning that Norton had been turned off (but I had not turned it off).

 

The only way to get onto the Internet was to go to the Control Panel and Restore to an earlier date.  That seemed to work.  But I still had to download Norton Suite again.  As soon as I clicked on another video, the same thing happened again, and this time before I could get it restored, the computer had crashed with a blue screen twice.

 

Right now everything seems to work.  I re-downloaded Norton Suite from our ISP (Comcast) and ran the Windows update.  The browser works for the moment, but I will not try to watch anymore video clips.

 

Thank you much,

 

Mitzi



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:56 AM

Posted 03 May 2014 - 10:00 PM

Hello Mitzi -

Please start with a few diagnostic tools and then a few clean-up tools.

Download all programs to Desktop, Temporarily Disable Your Anti-virus if needed, and Copy and Paste any logs.

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

 

Next -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the small log back here

 

Important: Do not reboot your computer until you complete the next step.

 

Now:  Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button. (only once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
Now -  If you're ready to clean it all up.....click the Clean button. (only once)

Click OK and OK again to agree to the clean and reboot ........
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

After those logs are posted, please tell us how the computer is now running -



#3 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 08:28 AM

Hi Aussie,

 

Here is a copy of the Security Check.

 

I think I will need to send a new email for each task since I am not sure how to get back to this post after going to the next step of your message.

 

Thanks,

 

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Security Suite  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Maybe if I can minimize the post for later.  I will see.

  No, I think I have to close the browser before downloading the Mini Tool Box.

 



#4 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 08:35 AM

This is the Result from Mini Tool Box.

MiniToolBox by Farbar Version: 23-01-2014
Ran by Bob Schultz (administrator) on 04-05-2014 at 08:31:33
Running from "C:\Users\Bob Schultz\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================




127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/01/2014 01:39:21 PM) (Source: Garmin Core Update Service) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (04/23/2014 04:04:23 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 03:41:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 03:24:44 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 02:42:52 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 00:57:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: qw.exe, version: 21.1.7.18, time stamp: 0x4f8f4b45
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00033fcb
Faulting process id: 0x1704
Faulting application start time: 0xqw.exe0
Faulting application path: qw.exe1
Faulting module path: qw.exe2
Report Id: qw.exe3

Error: (04/22/2014 10:12:21 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/21/2014 00:16:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4071dde7-5a12-46fa-9b5e-04e2dbe41fd4}

Error: (04/19/2014 00:20:35 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/18/2014 00:20:56 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (05/04/2014 07:21:37 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (05/03/2014 01:20:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (05/03/2014 00:03:23 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (05/03/2014 11:39:17 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (05/03/2014 07:15:48 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (05/03/2014 05:59:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (05/03/2014 04:31:14 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (05/02/2014 10:26:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (05/02/2014 06:06:24 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (05/02/2014 06:00:33 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Microsoft Office Sessions:
=========================
Error: (05/01/2014 01:39:21 PM) (Source: Garmin Core Update Service)(User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (04/23/2014 04:04:23 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 03:41:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 03:24:44 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 02:42:52 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/23/2014 00:57:39 PM) (Source: Application Error)(User: )
Description: qw.exe21.1.7.184f8f4b45ntdll.dll6.1.7601.18247521ea8e7c000000500033fcb170401cf5f13a64b25c4C:\Program Files (x86)\Quicken\qw.exeC:\Windows\SysWOW64\ntdll.dllc1d5bc2b-cb10-11e3-8936-3085a910b15a

Error: (04/22/2014 10:12:21 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/21/2014 00:16:22 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4071dde7-5a12-46fa-9b5e-04e2dbe41fd4}

Error: (04/19/2014 00:20:35 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/18/2014 00:20:56 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


=========================== Installed Programs ============================

Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)
Adobe Reader X (10.1.9) MUI (Version: 10.1.9)
Alcor Micro USB Card Reader (Version: 1.4.42.69356)
Amazon Kindle
ASUS AI Recovery (Version: 1.0.23)
ASUS Fan Filter Checker (Version: 1.0.0001)
ASUS LifeFrame3 (Version: 3.0.29)
ASUS Live Update (Version: 3.1.7)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0040)
ASUS USB Charger Plus (Version: 2.0.9)
ASUS Virtual Camera (Version: 1.0.25)
AsusScr_G75 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.7.142)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.8.8)
Atheros Driver Installation Program (Version: 9.2)
ATK Package (Version: 1.0.0016)
Best Buy pc app (Version: 3.3.0.0)
Bing Bar (Version: 7.3.126.0)
Calendar Creator
Coupon Printer for Windows (Version: 5.0.0.3)
D3DX10 (Version: 15.4.2368.0902)
DirectX 9 Runtime (Version: 1.00.0000)
Elevated Installer (Version: 2.3.14.0)
GameFast.exe (Version: 1.0.0.1)
Garmin Express (Version: 2.3.14.0)
Garmin Express Tray (Version: 2.3.14.0)
InstantOn for NB (Version: 2.2.0)
Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35342)
Intel® Management Engine Components (Version: 8.0.1.1399)
Intel® Turbo Boost Technology Monitor 2.5 (Version: 2.5.1.0)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 16.4.3528.0331)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Digital Image Library 9 (Version: 9.00.0000)
Microsoft Digital Image Pro 9 (Version: 9.0.0.0000)
Microsoft OneDrive (Version: 17.0.4035.0328)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Streets and Trips 2004 (Version: 11.00.18.1900)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40820)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825)
Microsoft Word 2000 (Version: 9.00.2720)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2000 (Version: 1.0.0.0000)
Microsoft Works 2003 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Monopoly Here & Now Edition
Movie Maker (Version: 16.4.3508.0205)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Security Suite (Version: 21.2.0.38)
NVIDIA 3D Vision Driver 334.89 (Version: 334.89)
NVIDIA Control Panel 334.89 (Version: 334.89)
NVIDIA GeForce Experience 2.0 (Version: 2.0)
NVIDIA Graphics Driver 334.89 (Version: 334.89)
NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1)
NVIDIA Install Application (Version: 2.1002.151.1095)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (Version: 9.13.1220)
NVIDIA PhysX System Software 9.13.1220 (Version: 9.13.1220)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3489)
NVIDIA Update 12.4.55 (Version: 12.4.55)
NVIDIA Update Core (Version: 12.4.55)
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22)
Photo Gallery (Version: 16.4.3508.0205)
Platform (Version: 1.39)
Quicken 2012 (Version: 21.1.7.18)
Rotation Desktop for G Series.exe (Version: 1.1.2.0)
Roxio AACS Certificate (Version: 1.0.0)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer (Version: 5.8.58233.4)
Sammsoft Toolbar (Version: 12.10.6.5279)
SavingsBull (Version: 1.0.0.0)
SHIELD Streaming (Version: 1.8.323)
Skype™ 6.3 (Version: 6.3.105)
Synaptics Pointing Device Driver (Version: 15.3.43.0)
Windows Live Communications Platform (Version: 16.4.3528.0331)
Windows Live Essentials (Version: 16.4.3528.0331)
Windows Live Family Safety (Version: 16.4.3528.0331)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3528.0331)
Windows Live Mail (Version: 16.4.3528.0331)
Windows Live Messenger (Version: 16.4.3528.0331)
Windows Live MIME IFilter (Version: 16.4.3528.0331)
Windows Live Photo Common (Version: 16.4.3528.0331)
Windows Live PIMT Platform (Version: 16.4.3528.0331)
Windows Live SOXE (Version: 16.4.3528.0331)
Windows Live SOXE Definitions (Version: 16.4.3528.0331)
Windows Live UX Platform (Version: 16.4.3528.0331)
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331)
Windows Live Writer (Version: 16.4.3528.0331)
Windows Live Writer Resources (Version: 16.4.3528.0331)
WinFlash (Version: 2.41.0)
Wireless Console 3 (Version: 3.0.27)
WiseConvert B2 Toolbar (Version: 6.13.50.5)
Word in Works Suite add-in (Version: 1.0.0.0000)
Works Suite OS Pack (Version: 3.0.0.0000)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 8151.91 MB
Available physical RAM: 6408.66 MB
Total Pagefile: 16301.99 MB
Available Pagefile: 14366.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.62 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:400 GB) (Free:337.73 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:506.51 GB) (Free:506.22 GB) NTFS
3 Drive e: (Monopoly HNE) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
4 Drive g: (VERBATIM) (Removable) (Total:7.38 GB) (Free:6.95 GB) FAT32

========================= Users: ========================================

User accounts for \\BOBSCHULTZ-PC

Administrator Bob Schultz Guest


**** End of log ****

#5 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 08:40 AM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/04/2014 08:37:45 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Bob Schultz\Desktop\rkill\rkill-05-04-2014-08-37-49.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/04/2014 08:38:06 AM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

#6 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 08:52 AM

This is the list from Adw/cleaner, but I am not sure what to keep if any of the files and folders. 

 

# AdwCleaner v3.205 - Report created 04/05/2014 at 08:45:32
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob Schultz - BOBSCHULTZ-PC
# Running from : C:\Users\Bob Schultz\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : qknfd
Service Found : vToolbarUpdater18.0.0

***** [ Files / Folders ] *****

File Found : C:\Users\Bob Schultz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\HiDefMedia
Folder Found : C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Found : C:\Program Files (x86)\WiseConvert_B2
Folder Found : C:\Program Files\SavingsbullFilter
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Bob Schultz\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Bob Schultz\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Bob Schultz\AppData\Local\Conduit
Folder Found : C:\Users\Bob Schultz\AppData\Local\emaze
Folder Found : C:\Users\Bob Schultz\AppData\Local\SearchProtect
Folder Found : C:\Users\Bob Schultz\AppData\Local\Temp\apn
Folder Found : C:\Users\Bob Schultz\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bob Schultz\AppData\LocalLow\Goobzo
Folder Found : C:\Users\Bob Schultz\AppData\LocalLow\IminentToolbar
Folder Found : C:\Users\Bob Schultz\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Bob Schultz\AppData\LocalLow\WiseConvert_B2
Folder Found : C:\Users\Bob Schultz\AppData\Roaming\DriverCure
Folder Found : C:\Users\Bob Schultz\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Bob Schultz\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Bob Schultz\AppData\Roaming\Systweak
Folder Found : C:\Users\Bob Schultz\Documents\PC Health Kit
Folder Found : C:\Users\Public\Documents\Goobzo
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Adorika
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WiseConvert_B2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Adorika
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FAFD1A2-F1EB-438D-AEE4-E358B659135C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA2D4471-874A-44E5-B321-61C242967FB9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\TotalRecipeSearch_14EI
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\visualbee
Key Found : HKLM\Software\WiseConvert_B2
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\Bob Schultz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN42612559191825514&UM=2&SSPV=TB_T5
Found [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EB2M%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.1.0.251&o=APN10969&tpid=XSD-V7&apn_uid=7B579C90-C761-45BB-B549-D6861E12ADA7&apn_ptnrs=%5EB2M&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=iexplore.exe_6_10.0.9200.16635&doi=2013-07-24&trgb=IE&q={searchTerms}&psv=

*************************

AdwCleaner[R0].txt - [14114 octets] - [04/05/2014 08:45:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14175 octets] ##########



#7 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 09:26 AM

Hi Aussie,

I am posting from my husbands desktop computer, because I have lost Internet connectivity on the laptop we are trying to fix.

I don't think I should turn it off from your instructions. It may be ok to turn it off since the AdwCleaner has run, but I think that program is still in process until I tell it what to clean.

Thank you for your patience. I am so computer illiterate, and scared I will make some huge mistake with my husband's computer. I will leave that one on even though there is no internet access right now.

Mitzi

#8 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 10:44 AM

Hello  Noknojon,

 

I see that I have not been using your proper name.  I am sorry for not seeing that.

 

I just read over your instructions regarding the AdwCleaner, and I think I could go ahead and clean all the list.  There is the option to restore a program from quarantine if I should wipe out something useful.  I saw Google Chrome on the list, and I know he didn't want that.  He must have allowed it to download with something else.

 

I will go finish the clean up, and see what happens.

 

Thanks,

 

Mitzi



#9 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 11:00 AM

Amazing!!

 

The Internet connection returned!  As soon as I cleaned the list, the program restarted the computer, and now I can connect to the internet from this laptop.

 

I think I shall go to the MSN home page again and see if I can click on a news video.  Hopefully that will work.  I'll be back as soon as I try that.

 

Mitzi



#10 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 11:42 AM

Not so good.

The box with the scripting is still at the bottom of the screen. It says, "Debugger"

Under that is a section with a list of numbers. Some of the numbers in the list contain some script.

To the far left beside the box containing the list is another dark box. Inside this box are options to choose from. The first one is F12 and under it are other icons and arrows to choose from.

At the top of the browser, I used the back arrow to leave the video and return to the MSN main page. The box with the scripting remains at the bottom of the browser screen.

I closed Internet Explorer, planning to restart it, but again, it will not start.

So it looks like we are back to square one. I am using the desktop again.

Thank you,

Mitzi

#11 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 11:47 AM

Oh no!

 

I just realized that I forgot to post the results of the AdwCleaner after it finished the cleanup and restarted the machine.  Since I cannot use the browser in the laptop, I will have to wait until we can get that going again before I can send the results.

 

Mitzi



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:56 AM

Posted 04 May 2014 - 08:59 PM

How do I remove Quiknowledge?

Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware Free version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.

Is there anything else I need to do to get rid of Quiknowledge?

  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Quiknowledge 1.9.0.1 listing. Then confirm removal.

 

You may need to uninstall Chrome, as this is the main program that gets hit -

Directions are very simple, or just Google the various methods -

 

 

qknfd is in many of your Errors, and this relates to Quicknowlege program.

 

 

If you had installed AdwCleaner, please re-run it again (being on-line makes no change to clean program)

 

The list below is full of Scam and Unwanted programs .......

PerformerSoft
ParetoLogic
DriverCure
WiseConvert_B2
PriceGong
IminentToolbar

Sammsoft Toolbar (Version: 12.10.6.5279)
SavingsBull (Version: 1.0.0.0)

We must remove ALL of these first to give it a clean run.



#13 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 09:36 PM

Thank you, Noknojon, for giving me this instruction.

The problem I will have is that I cannot get to the internet from Bob's laptop. The way I had remedied the situation before was to restore to an earlier date. Doing that again would undo all that we have done so far. I could do that though, and then go through all of your previous instruction so that I might have the browser back again.

Or possibly you know a better way to get back online.

I shall wait to see what you think is best.

Thank you,

Mitzi

#14 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 11:36 PM

Hi,

 

I decided to just restore and rerun all of the programs you had sent me.

 

I got the browser back and was able to download the free version of Malwarebytes Anti-Malware.

 

Here is the log provided.  Since it didn't find any malware, I am not sure what to try next.  I didn't quite understand where the "Settings" > extensions that you mentioned is located.  I will reread what you sent, and I may be able to understand it better then. 

 

Thank you for your help.

***********************

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/4/2014
Scan Time: 11:23:12 PM
Logfile: MalwarebytesAnti Malware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.05.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob Schultz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256123
Time Elapsed: 9 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#15 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 May 2014 - 11:50 PM

Hi again,

I just remembered the AdwCleaner log.

***********
# AdwCleaner v3.205 - Report created 04/05/2014 at 10:45:38
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob Schultz - BOBSCHULTZ-PC
# Running from : C:\Users\Bob Schultz\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : qknfd
Service Deleted : vToolbarUpdater18.0.0

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\TotalRecipeSearch_14EI
Folder Deleted : C:\Program Files (x86)\WiseConvert_B2
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\SavingsbullFilter
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\Conduit
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\emaze
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\WiseConvert_B2
Folder Deleted : C:\Users\Bob Schultz\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Bob Schultz\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Bob Schultz\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Bob Schultz\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Bob Schultz\Documents\PC Health Kit
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Bob Schultz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA2D4471-874A-44E5-B321-61C242967FB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FAFD1A2-F1EB-438D-AEE4-E358B659135C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Adorika
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert_B2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\WiseConvert_B2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ File : C:\Users\Bob Schultz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297951&CUI=UN42612559191825514&UM=2&SSPV=TB_T5
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EB2M%5EYYYYYY%5EYY%5EUS&gct=&itbv=12.1.0.251&o=APN10969&tpid=XSD-V7&apn_uid=7B579C90-C761-45BB-B549-D6861E12ADA7&apn_ptnrs=%5EB2M&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=iexplore.exe_6_10.0.9200.16635&doi=2013-07-24&trgb=IE&q={searchTerms}&psv=

*************************

AdwCleaner[R0].txt - [14336 octets] - [04/05/2014 08:45:32]
AdwCleaner[S0].txt - [14277 octets] - [04/05/2014 10:45:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14338 octets] ##########
# AdwCleaner v3.207 - Report created 04/05/2014 at 22:37:21
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob Schultz - BOBSCHULTZ-PC
# Running from : C:\Users\Bob Schultz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11T8FA0V\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : qknfd
Service Deleted : vToolbarUpdater18.0.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Goobzo
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\WiseConvert_B2
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\Program Files\SavingsbullFilter
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\emaze
Folder Deleted : C:\Users\Bob Schultz\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bob Schultz\AppData\LocalLow\WiseConvert_B2
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7A20CF-BEF4-4342-AD78-0240FDF87055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE1081C-9762-416D-8552-F892A9B10314}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA2D4471-874A-44E5-B321-61C242967FB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FAFD1A2-F1EB-438D-AEE4-E358B659135C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DA7A20CF-BEF4-4342-AD78-0240FDF87055}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Adorika
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert_B2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\WiseConvert_B2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_B2 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ File : C:\Users\Bob Schultz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27227 octets] - [04/05/2014 08:45:32]
AdwCleaner[S0].txt - [27212 octets] - [04/05/2014 10:45:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27273 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users