Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

looking to do some spring cleaning.


  • Please log in to reply

#16
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

Still got that aut2exe stopped working window 

 

# AdwCleaner v3.303 - Report created 07/08/2014 at 21:26:50
# Updated 06/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : April - CAROL-PC
# Running from : C:\Users\April\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2631 octets] - [07/08/2014 00:15:54]
AdwCleaner[R1].txt - [2691 octets] - [07/08/2014 00:17:48]
AdwCleaner[R2].txt - [986 octets] - [07/08/2014 00:20:33]
AdwCleaner[R3].txt - [1105 octets] - [07/08/2014 00:37:31]
AdwCleaner[R4].txt - [1224 octets] - [07/08/2014 01:02:47]
AdwCleaner[R5].txt - [1284 octets] - [07/08/2014 01:05:18]
AdwCleaner[R6].txt - [1027 octets] - [07/08/2014 21:26:50]
AdwCleaner[S0].txt - [2503 octets] - [07/08/2014 00:19:30]
AdwCleaner[S1].txt - [638 octets] - [07/08/2014 00:22:07]
AdwCleaner[S2].txt - [638 octets] - [07/08/2014 00:38:07]
AdwCleaner[S3].txt - [638 octets] - [07/08/2014 01:06:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1324 octets] ##########
 
 
# AdwCleaner v3.303 - Report created 07/08/2014 at 21:27:27
# Updated 06/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : April - CAROL-PC
# Running from : C:\Users\April\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

  • 0

Advertisements


#17
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

Still got that aut2exe stopped working window

Hm? I don't recall you mentioning that before. What exactly is displayed in that window. Is there a way that you can use you snipping tool to capture an image of the windows that pops up and maybe attach to a post?

The AdwCleaner log looks good. I'm going to have you run an online scan with ESET. This will take some time to run, so your patience will be necessary.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#18
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

 here's the error message after i run adwcleaner

the latest scan is still running.(eset)

this is actually the  error message but from my pc not my mom's but the errors is basically the same.

i get the same error at the end of cleaning process with both computers.

Attached Thumbnails

  • Aut2Exe-2.jpg

Edited by jeffcaissie, 07 August 2014 - 11:00 PM.

  • 0

#19
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts
here's list of found threats from last online scan.
i think i deleted the original log sorry
,there wasn't much to read there ,2 lines and it ended in ok
 
C:\Users\April\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\April\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C0FAV7Z\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCEYK2R5\SPSetup[1].exe probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsk8FEA.tmp\StubUtils.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

  • 0

#20
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Good morning Jeff! :)

The issue that you are experiencing with the Aut2exe message is related to the AdwCleaner program not your computers. We're looking into that now.

That log look really good! There is just a couple of things I would like to remove with OTL and I also want to reset the hosts file. I'll also have you install a program that will the software to make sure the software is up to date.

Please do the following:
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {FE90E80C-EAE4-4BF3-B6D3-C2062BCC80A8}
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\Shell\Auto\command - "" = F:\launcher.exe
    O33 - MountPoints2\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe
    O33 - MountPoints2\{bebf60f0-2f95-11df-92eb-0016d4e1d6a4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe
    [2009/09/18 23:44:12 | 000,010,240 | ---- | C] () -- C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/24 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\IObit

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Next:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
Please post the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt
checkup.txt


Thank you,
Donna :)
  • 0

#21
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\ not found.
File F:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fd69c15-3f35-11df-968c-0016d4e1d6a4}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bebf60f0-2f95-11df-92eb-0016d4e1d6a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bebf60f0-2f95-11df-92eb-0016d4e1d6a4}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe not found.
C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\April\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\April\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\April\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\April\Desktop\cmd.bat deleted successfully.
C:\Users\April\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: April
->Temp folder emptied: 22428380 bytes
->Temporary Internet Files folder emptied: 1400650 bytes
->Google Chrome cache emptied: 17481282 bytes
->Flash cache emptied: 41484 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16455 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 40.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08082014_150709
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

OTL logfile created on: 8/8/2014 3:10:48 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\April\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 63.13% Memory free
3.74 Gb Paging File | 3.13 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 36.06 Gb Free Space | 51.68% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 46.33 Gb Free Space | 66.65% Space Free | Partition Type: NTFS
 
Computer Name: CAROL-PC | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/06 21:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\April\Desktop\OTL.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/05/12 11:03:38 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 04:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/10/25 14:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 14:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 14:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9F925468-E6ED-4F40-9919-1F7255D8DF0D}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{FE90E80C-EAE4-4BF3-B6D3-C2062BCC80A8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/08/08 15:07:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A274A1C-569B-49DA-8B24-F2B71CA50DB1}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AABFC337-DA88-49BE-BBCA-419DD459CB1D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\April\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\April\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/08 15:07:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/07 02:30:09 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
[2014/08/07 00:15:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/07 00:05:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/07 00:04:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\April\Desktop\JRT.exe
[2014/08/06 21:21:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\April\Desktop\OTL.exe
[2014/08/06 20:13:02 | 000,401,920 | ---- | C] (Farbar) -- C:\Users\April\Desktop\MiniToolBox.exe
[2014/08/06 16:17:13 | 000,000,000 | ---D | C] -- C:\REG-BACKUP
[2014/08/04 14:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2014/08/04 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2014/07/19 12:48:24 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/19 12:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/19 12:47:52 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/19 12:47:52 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/07/19 12:47:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/07/19 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/19 12:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/08 15:09:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/08 15:09:12 | 000,003,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/08 15:09:12 | 000,003,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/08 15:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/08 15:07:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/08/08 15:06:35 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/08 15:06:35 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/08 02:31:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/08 00:36:38 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/08/07 00:15:13 | 001,475,072 | ---- | M] () -- C:\Users\April\Desktop\AdwCleaner.exe
[2014/08/07 00:04:48 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\April\Desktop\JRT.exe
[2014/08/06 21:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\April\Desktop\OTL.exe
[2014/08/04 14:07:47 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2014/08/03 21:28:32 | 000,270,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/03 20:10:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/08/03 20:10:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/07/22 15:01:25 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/19 12:48:09 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/18 16:27:08 | 000,401,920 | ---- | M] (Farbar) -- C:\Users\April\Desktop\MiniToolBox.exe
 
========== Files Created - No Company Name ==========
 
[2014/08/07 00:15:01 | 001,475,072 | ---- | C] () -- C:\Users\April\Desktop\AdwCleaner.exe
[2014/08/04 14:07:47 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2014/08/03 20:10:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/08/03 20:10:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/07/19 12:48:09 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/20 14:32:58 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2014/04/24 17:26:52 | 000,001,356 | ---- | C] () -- C:\Users\April\AppData\Local\d3d9caps.dat
[2010/01/21 13:16:00 | 000,024,206 | ---- | C] () -- C:\Users\April\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006/11/02 09:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 10:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 03:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 03:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
< End of report >
 

 Results of screen317's Security Check version 0.99.86  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG update module               
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 
 

  • 0

#22
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

I would like to change user account name in file manager(windows explorer)

and remove the old owners signature from pc.

or at least that it don't show up in logs anymore.

is that do-able?


  • 0

#23
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
As soon as we are sure that you are free and clear of infection, I'll have you return to your other thread in the Windows help forum and ruggie_uk said he would be more than happy to clean up the names of those accounts for you.

For now, you do have some out of date Adobe software that needs to be updated. They are an invitation for infections.

You can get the update for Adobe Flash Player from >>here<<. Make sure to pay very close attention as you install and uncheck the little box under Optional offer: to prevent from installing the McAfee Security Plus scanner. You don't want that.

Next:

Out of date Adobe Reader installed!

Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here.

As a side note: I'd suggest uninstalling it and using FoxIt or Sumatra Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt or Sumatra Reader. The "footprints" for Foxit and Sumatra Reader is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things those readers cannot do compared to Adobe, but I haven't come across and users complaining.

If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.

If you'd like, you can download Foxit Reader from here.

Or if you choose, you could install Sumatra from here, though make sure to uninstall Adobe Reader if you choose to install either of the above readers.

You may want to discuss this with your Mom.

Next:

I see that Cleaner is installed. Click on your Start VISTAORB.jpg and type CCleaner into your Start Search field.
  • Right click on the ccleanericon.jpg icon to open the program, then click on the Applications tab.
  • Under Firefox and Chrome, make sure there is a checkmark placed in the box to the left of Download History.
  • Click on the Windows tab then click the Analyze at the bottom left.
  • When the initial scan for files is complete, click the Run Cleaner button on the bottom right.
PLEASE NOTE:
Ccleaner includes a Registry cleaner, and we advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

Next:

Check for Windows Updates:
  • Click on your Start VISTAORB.jpg and type in Windows Udates.
  • Click on Check for Windows Udates
  • In the left panel, click on Check for Windows Udates again. Allow all Windows Updates to download and install.
  • Let me know if the update for IE 10 has been found and installed, then let know the results.

    How is the computer running?

  • 0

#24
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

I'l discuss the readers with my mom.

about the flash player when i go to the link it sais because i use chrome it should be up to date.

do i need to download the  the plug-in?

adobe reader is downloaded and installed.

ccleaner is run.

that thing about the registry cleaner,that might have been what caused the problem in the first place.

checking for updates now.

 

 

no important updates available

i usual use chrome lately could that be why it dos not update ie

 

 

pc seems to be running smoothly.

thanks for sharing all those free programs.

awesome work donna


Edited by jeffcaissie, 08 August 2014 - 10:11 PM.

  • 0

#25
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Thank you, Jeff! You're doing an awesome job yourself!

Beings that I am not a faithful Chrome user, I discussed the results you received when trying to update Adobe Flash. Chrome has Pepper Flash that is built in and does not need to be updated. IE uses the Adobe Flash and Firefox uses the plugin. I would suggest that you start IE and click on the link to update Adobe Flash in IE and then Firefox. Even if you do not use those browser leaving the outdated Adobe software open to vulnerabilities could be an invitation to infection.
 

no important updates available
i usual use chrome lately could that be why it dos not update ie

Good! Windows is up to date then. It's been awhile since I have worked with a Vista system and IE9 is the appropriate version for Windows Vista with SP2 installed. That was my mistake. Sorry about that. :( ;)

Do click on the Start VISTAORB.jpg then type Windows Updates into the Start Search field again and click on Change Settings this time. Make sure that Install important updates (recommended) is selected under where it says ]Important Updates, if it is not, you can click on the down arrow to the right and choose that from the list.

I'm going to have your run a chkdsk to make sure all is A-ok. Please do the following:
  • Click on Start > Run and type in cmd
  • Press Enter
  • In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>
  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.

Thank you,

Donna :)
  • 0

Advertisements


#26
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

i got all the adobe stuff in

win.update is good.

the link to site said i need a update for quick time player . then it said something about apple not servicing any more or some thing.

would it be easy to get an update or if my mom dos'ent use it would it be easier just to delete quick time all together.

witch would be the most secure.

 

runing checkdisk now

will soon post results


Edited by jeffcaissie, 09 August 2014 - 07:01 PM.

  • 0

#27
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts
currently cant get my mom's pc connected!
 
 
 
 
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 8/9/2014 10:18:18 PM >------
Category: 0
Computer Name: Carol-PC
Event Code: 1001
Record Number: 16504
Source Name: Microsoft-Windows-Wininit
Time Written: 08-10-2014 @ 01:13:11
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
  274432 file records processed.                                  
 
  653 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  44 reparse records processed.                               
 
  316152 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  274432 security descriptors processed.                          
 
Cleaning up 11369 unused index entries from index $SII of file 0x9.
Cleaning up 11369 unused index entries from index $SDH of file 0x9.
Cleaning up 11369 unused security descriptors.
CHKDSK is compacting the security descriptor stream...
  20861 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  35042392 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  274416 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  11537901 free clusters processed.                                 
 
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
  73168042 KB total disk space.
  26565464 KB in 85799 files.
     67884 KB in 20864 indexes.
         0 KB in bad sectors.
    383086 KB in use by the system.
     65536 KB occupied by the log file.
  46151608 KB available on disk.
 
      4096 bytes in each allocation unit.
  18292010 total allocation units on disk.
  11537902 allocation units available on disk.
 
Internal Info:
00 30 04 00 b1 a0 01 00 99 01 03 00 00 00 00 00  .0..............
28 46 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  (F..,...........
42 00 00 00 e2 73 0b 77 50 86 32 00 50 7e 32 00  B....s.wP.2.P~2.
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------

  • 0

#28
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

just downloded and ran the update of adw hope thats ok?

# AdwCleaner v3.304 - Report created 11/08/2014 at 04:30:52
# Updated 08/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : April - CAROL-PC
# Running from : C:\Users\April\Desktop\Cleaning Tools\adwcleaner_3.304.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={9E2975A7-73E2-40FF-9C85-BB17F9A55F03}&mid=d68c7bb19d424aa4ec418c5742cbf724-ddbc713caede3c958698f95de02eb7a770a3fa3b&lang=us&ds=AVG&coid=&cmpid=&pr=&d=2014-04-23%2014:20:52&v=18.1.0.443&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
 
*************************
 
AdwCleaner[R0].txt - [2631 octets] - [07/08/2014 00:15:54]
AdwCleaner[R1].txt - [2691 octets] - [07/08/2014 00:17:48]
AdwCleaner[R2].txt - [986 octets] - [07/08/2014 00:20:33]
AdwCleaner[R3].txt - [1105 octets] - [07/08/2014 00:37:31]
AdwCleaner[R4].txt - [1224 octets] - [07/08/2014 01:02:47]
AdwCleaner[R5].txt - [1284 octets] - [07/08/2014 01:05:18]
AdwCleaner[R6].txt - [1404 octets] - [07/08/2014 21:26:50]
AdwCleaner[R7].txt - [2067 octets] - [11/08/2014 04:30:00]
AdwCleaner[S0].txt - [2503 octets] - [07/08/2014 00:19:30]
AdwCleaner[S1].txt - [638 octets] - [07/08/2014 00:22:07]
AdwCleaner[S2].txt - [638 octets] - [07/08/2014 00:38:07]
AdwCleaner[S3].txt - [638 octets] - [07/08/2014 01:06:17]
AdwCleaner[S4].txt - [638 octets] - [07/08/2014 21:27:27]
AdwCleaner[S5].txt - [1996 octets] - [11/08/2014 04:30:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2056 octets] ##########

  • 0

#29
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

just downloded and ran the update of adw hope thats ok?

That's fine. We were recently informed that an update would correct that error that you received earlier.
I am assuming that you have succeeded in connecting your Mom's computer, correct?

Let's remove our tools and send you back to your other thread so ruggie_uk can help you get those accounts straightened out.

Right click on the AdwCleaner.exe icon and choose Run as administrator to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Next:

OTL Clean-Up

Right click on the OTLicon.jpg icon on your desktop and choose Run as administrator to open the main window.
Next click on the CleanUpButtonOTL.jpg button.
Once clean up is complete you will be prompted to reboot your computer. Please do so.
This will remove most of the programs we have used including OTL itself.

Next:

Go to Start > Control Panel > Programs and Features and uninstall the following, if found:

Magical Jelly Bean Keyfinder
ESET Online Scanner


Next:

On the desktop right click and choose Delete for the following programs/setup files, if found:

Security Check
Magical Jelly Bean Keyfinder
AdwCleaner.exe
JRT
List Check Disk
esetsmartinstaller_enu (ESET)


Next:

Follow the path below and delete the folder(s), if found:
C:\AdwCleaner
C:\_OTL
C:\Program Files (x86)\ESET
C:\Program Files (x86)\Magical Jelly Bean

If there are any left over tools or logs on your computer please delete them now.

Next:

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press System Restore and Shadow Copies Cleanup button
disc%20clean.JPG

The above will flush out all the old Restore Points and keep the latest one we created. <--Very important

I like to recommend a program by OldTimer called TFC (Temporary File Cleaner).

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Instructions to install TFC:

Download TFC by Old Timer from here:
  • First, save any files as TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete cleaning.
Keep MBAM version 2 installed and run that program at least once every two weeks. Once a week if the laptop is used heavily every day. Less if rarely used. Same with TFC above ab]nd Ccleaner, though do refrain from using the registry cleaner that is included.

For basic maintenance:

Depending on how much you use your computer you should keep it in tip top shape by performing basic maintenance on a daily/weekly/monthly basis.

1.) TFC
2.) Disk cleanup which is included in Windows.
3.) Windows Defrag, which is included with Windows as well.
4.) Malwarebytes Anti-malware (MBAM)

And just to add, the Windows Operating Systems of today are a far cry from the ones of the past. Windows is more robust, HDD's are bigger and better and most computer systems have more and better RAM as well as faster processors. Windows handles temp files much more efficiently and doesn't store as many temp files that aren't needed like it used to. Disk cleaners have their place and are needed on occasion, just not as frequently as they once were needed.

And finally! Some more of my very own tips for safe computing:
  • Make sure Realtime AV scanning is enabled.
  • Don't trust pop-ups that tell you that you may have spyware on your machine. Most of these are money making schemes designed to get you to buy their removal product, which in some cases also contain malware.
  • Make back-ups of your most personal files frequently by whatever means you have available, i.e. Tape, CD, DVD, USB Drives, Ghost programs, etc. You never know when you'll have to reformat and start from scratch and without current backups of your personal files, you're basically at a lose. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
  • Be careful where you "surf". If you know you are going to click a site that is questionable, then at least be intelligent enough to disable javascript, java, ActiveX installations, etc... You "surf" these sites at your own risk.
  • Uninstall and quit using P2P networking programs like uTorrent, Kazaa, BearShare, eMule and Limewire. These are your most likely weakest links if you're using them. Primarily most stuff transferred is illegally obtained and if you won't give it up you eventually pay the consequences.
  • Don't give access to your computer to friends or family who appear to be clueless about what they are doing. Otherwise you'll come home from school/work one day and your computer will be trashed.
  • In my opinion, a PC is just that, a PC (Personal Computer). Don't allow your children to talk you into any Windows cracks, hacks, or tweaks that could turn your computer into an expensive doorstop.
  • When in doubt -- don't download it and don't install it until you've researched it.
Here is a link that you might find interesting that will educate and enhance your online surfing abilities by Tony Klein and kept updated by our very own Corrine:

"So how did I get infected in the first place?"

If you have any questions or concerns please don't hesitate to ask! Any member on this site will be more then happy to guide you in your quest for safe surfing and to prevent infection. It's been a pleasure helping you.

Happy and safe computing!

Donna :)
  • 1

#30
jeffcaissie

jeffcaissie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 160 posts

thanks, moms computer is ok now.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP