Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

On boot System problem with Admin Profile User


  • Please log in to reply

#31
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,552 posts
Hi,
 
I see some things on the log that should be removed...
 
Farbar Recovery Scan Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
  • Highlight the contents of the box below, right click on it and select Copy

    Start::
    CreateRestorePoint:
    CloseProcesses:
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
    HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
    C:\Program Files\AVG
    S1 UimBus; C:\Windows\System32\DRIVERS\uimbus.sys [80792 2017-04-25] (Paragon Software GmbH)
    C:\Windows\System32\DRIVERS\uimbus.sys
    S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uimdevim.sys [20376 2017-04-25] (Paragon Software GmbH)
    C:\Windows\System32\DRIVERS\uimdevim.sys
    S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
    2018-04-18 12:16 - 2018-04-18 12:16 - 000000000 ____D C:\Users\SM\AppData\Local\Avg
    2018-04-18 12:07 - 2018-04-18 12:17 - 000000000 ____D C:\AVG_Remover
    Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
    Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
    EmptyTemp:
    End::

  • Execute FRST/FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    FRST_Fix.png
  • Press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

  • 0

Advertisements


#32
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Hi Sleepy,

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19.04.2018
Ran by Scott (20-04-2018 05:57:02) Run:3
Running from C:\Users\Scott\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & SM & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2012-09-08]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
HKLM\...\Run: [AvgUi] => "C:\Program Files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
C:\Program Files\AVG
S1 UimBus; C:\Windows\System32\DRIVERS\uimbus.sys [80792 2017-04-25] (Paragon Software GmbH)
C:\Windows\System32\DRIVERS\uimbus.sys
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uimdevim.sys [20376 2017-04-25] (Paragon Software GmbH)
C:\Windows\System32\DRIVERS\uimdevim.sys
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
2018-04-18 12:16 - 2018-04-18 12:16 - 000000000 ____D C:\Users\SM\AppData\Local\Avg
2018-04-18 12:07 - 2018-04-18 12:17 - 000000000 ____D C:\AVG_Remover
Task: {DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6} - System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {BB8E71B2-D43C-4F0F-8962-BAB9883D1A29} - System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
Task: {14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3} - System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => msiexec.exe /package "C:\Users\Scott\Downloads\MicrosoftFixit50123.msi"
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully
"HKLM\System\CurrentControlSet\Services\cleanhlp" => removed successfully.
cleanhlp => service removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => removed successfully.
"HKU\S-1-5-21-4044866103-2329573634-2605357377-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => removed successfully.
"C:\Program Files\AVG" => not found
"HKLM\System\CurrentControlSet\Services\UimBus" => removed successfully.
UimBus => service removed successfully.
C:\Windows\System32\DRIVERS\uimbus.sys => moved successfully
"HKLM\System\CurrentControlSet\Services\Uim_DEVIM" => removed successfully.
Uim_DEVIM => service removed successfully.
C:\Windows\System32\DRIVERS\uimdevim.sys => moved successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
C:\Users\SM\AppData\Local\Avg => moved successfully
C:\AVG_Remover => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD732DE6-D589-4CD6-86D9-CA5BC8B0ADA6}" => removed successfully.
C:\Windows\System32\Tasks\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1FEB967-16F4-4ECF-AF9B-26F198453BD9}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB8E71B2-D43C-4F0F-8962-BAB9883D1A29}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB8E71B2-D43C-4F0F-8962-BAB9883D1A29}" => removed successfully.
C:\Windows\System32\Tasks\{746B6DDB-026D-46DC-BE02-6386A60BB78B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{746B6DDB-026D-46DC-BE02-6386A60BB78B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14A54D07-0B8E-4E6C-BEFB-DEB6A8F28FA3}" => removed successfully.
C:\Windows\System32\Tasks\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33AB1714-0F1F-41BE-AE4D-4CE707FC8AB9}" => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13536784 B
Java, Flash, Steam htmlcache => 5045 B
Windows/system/drivers => 97386 B
Edge => 0 B
Chrome => 0 B
Firefox => 196523382 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 6310 B
Public => 0 B
ProgramData => 0 B
systemprofile => 80367490 B
LocalService => 5217178 B
NetworkService => 148460464 B
Scott => 6882520 B
TEMP => 434009 B
SM => 1313752 B
Administrator => 4383563 B

RecycleBin => 4892430027 B
EmptyTemp: => 5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:58:56 ====


  • 0

#33
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,552 posts
Hi,

The fix worked as expected.

There is this error on the logs:

Error: (04/19/2018 08:10:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (04/19/2018 06:02:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

 
I would try to ID the Harddisk6 by opening the Disk Manager
- click Start
- on the search box type diskmgmt.msc
- click diskmgmt.msc on the search results to open the Disk Manager
 
After knowing the drive letter that correspond to the Disk 6 is recommended to run a disk check on the drive or check the drive using SEATOOLS program guide: https://www.seagate....ndows-en-us.pdf
  • 0

#34
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Hi,

 

Working on disk6 now.

 

Can I do anything abt the Old Firfox ? I have old No Script etc ?  TY


  • 0

#35
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

I'm going to run a disk check after I refine my system FireFox etc . Is that good ? I will need time to run the Disk Check on Disk 6.

Attached Thumbnails

  • CaptureDisk6.JPG

  • 0

#36
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,552 posts

Hi,

 

Let Firefox check for updates it should take care of the updates for you.

 

It's fine to run the disk check later when you don't need to use the computer because a full check it will take a long time...


  • 0

#37
everythingsm

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts

Hi Sleepy,

 

Foxfire says it's up to date 59.02 (32 bit). I have no player picture for sites and at one point a message came up I did not have current java ? I'm looking any suggestions.

 

My Win updates are off and no history shown ?

 

I ran chk at C Prompt for java per instructions from the net. C Prompt said it was not a good command ? So I went to java and downloaded the most current version.  At no time did the machine tell me java was already installed. I completed the install and still no player. In Firefox the folders look different and it does not have the same look or my all of my settings such as Home Page but Favorites are here. Is there a way to get all my old FireFox from a BackUP or am I going in the wrong direction ?


Edited by everythingsm, Yesterday, 06:19 AM.

  • 0

#38
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,552 posts

Hi,

 

Sorry I don't understand what you mean with "I have no player picture for sites..."

 

None of you logs show Java installed. Be extra careful some websites try to convince users to install malware by saying that you have some program outdated and that you need to install Flash, Java, etc. If you installed those components from the legit websites and you continue to see the same update prompt then its most likely a fake alert!

 

In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If Yes, uninstall any old version then go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

For extra safety you can have Java installed and available to run programs locally but disabled in your browsers, only enable it when you need it for the web in pages you *really* trust. You can Enable/Disable Java by executing the following steps:

Click the Start> Settings > Control Panel > Java, click the Security tab and uncheck the box Enable Java content in the browser and click OK
javapanel.jpeg

Another extra step you should do is to check the last option Suppress sponsor offers when installing or updating Java inside the Advanced tab
DisableJavaSponsors.png

 

 

Most browsers dropped the Java support I think you need to use Internet Explorer if there is some website that absolutely requires java to work!

 

I also didn't understand what is missing on Firefox!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP