There's no such thing as a stupid question, but they're the easiest to answer.


Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Can't Uninstall ASPCA we-care


patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
10-Nov-2013, 01:39 PM #1
Can't Uninstall ASPCA we-care
Searched in TSG for this and still not sure if this is a virus or just pain-in-butt-ware.
I tried uninstalling it from Control Panel with no luck.
My search turned up a thread that required the use of Combofix, which tells me the TSG volunteer thought of this ASPCA thing as fairly intrusive.
Any help will be appreciated.
Thanks for your time.

ps. presently no outstanding BIG PC function issues, although, I'm bringing back to life a 3 year old PC that was idled due to problems.....
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Nov-2013, 02:49 PM #2
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
10-Nov-2013, 04:28 PM #3
As I stated, I've been doing some work on this PC bringing it back from an idle state. There were a lot of virus/malware on it when I first started. I can supply logs from the utilities I used if need be.

# AdwCleaner v3.011 - Report created 10/11/2013 at 16:14:33
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Dixie - DIXIE-PC
# Running from : C:\Users\Dixie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Updater Service for StartNow Toolbar

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\Tencent
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Dixie\AppData\Local\Babylon
Folder Deleted : C:\Users\Dixie\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dixie\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dixie\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Dixie\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
Folder Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
Folder Deleted : C:\Users\Dixie\AppData\Roaming\Tencent
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\
Folder Deleted : C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\se archplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\se archplugins\Conduit.xml
File Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\se archplugins\mywebsearch.xml
File Deleted : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\us er.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F5A89FE-8D3E-49A1-A670-25CD8118FEBB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5A89FE-8D3E-49A1-A670-25CD8118FEBB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9C23CD1-6DA9-4E0B-8367-C6F9F1F78BAF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC948 35868BCA58489B0D79DE655BCB1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F9281 23A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v20.0 (en-US)

[ File : C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\27oct4gy.default\pr efs.js ]

Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://");
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{db8263eb-69ba-4f87-89f8-b73a3b70e59b}");
Line Deleted : user_pref("", false);
Line Deleted : user_pref("", "web");
Line Deleted : user_pref("aol_toolbar.searchHook.keepSearchSettings", false);
Line Deleted : user_pref("", "1");
Line Deleted : user_pref("", "2");
Line Deleted : user_pref("", "11");
Line Deleted : user_pref("", "2008");
Line Deleted : user_pref("", "");
Line Deleted : user_pref("", "0");
Line Deleted : user_pref("", "0");
Line Deleted : user_pref("", "0");
Line Deleted : user_pref("", "0");
Line Deleted : user_pref("", "-1");
Line Deleted : user_pref("", "1");
Line Deleted : user_pref("", "0");
Line Deleted : user_pref("", "1");
Line Deleted : user_pref("", "1");
Line Deleted : user_pref("", "1");
Line Deleted : user_pref("bearsharemediabar.Var1", "0");
Line Deleted : user_pref("bearsharemediabar.Var10", "0");
Line Deleted : user_pref("bearsharemediabar.Var2", "0");
Line Deleted : user_pref("bearsharemediabar.Var3", "0");
Line Deleted : user_pref("bearsharemediabar.Var4", "0");
Line Deleted : user_pref("bearsharemediabar.Var5", "0");
Line Deleted : user_pref("bearsharemediabar.Var6", "0");
Line Deleted : user_pref("bearsharemediabar.Var7", "0");
Line Deleted : user_pref("bearsharemediabar.Var8", "0");
Line Deleted : user_pref("bearsharemediabar.Var9", "0");
Line Deleted : user_pref("bearsharemediabar.firstlaunch", "0");
Line Deleted : user_pref("bearsharemediabar.guid", "%7B5196A9BB-E525-1322-41D7-3197C2CD38CA%7D");
Line Deleted : user_pref("bearsharemediabar.popupblockedcnt", "3");
Line Deleted : user_pref("", "");
Line Deleted : user_pref("", "");
Line Deleted : user_pref("", "hxxp://{searchTerms}");
Line Deleted : user_pref("", "");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101067");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("", "a4a1c5b2000000000000001d60862b2e");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15378");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67235825);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101067");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a4a1c5b2000000000000001d60862b2e");
Line Deleted : user_pref("", "a4a1c5b2000000000000001d60862b2e");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15378");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\\\");
Line Deleted : user_pref("extensions.asktb.cbid", "FM");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://{query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://[...]
Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "0105AC30-AEBF-4C3F-BEC6-B94C305C480A");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"\", \"\", \"\", \"\", \"\", \"hxxps://\", [...]
Line Deleted : user_pref("extensions.asktb.if", "su");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1301954857972");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.o", "14193");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "2");
Line Deleted : user_pref("", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "04C29179-2D7D-4E0F-B52A-41A5D69B9D76");
Line Deleted : user_pref("", "hxxp://{searchTerms}");
Line Deleted : user_pref("", true);
Line Deleted : user_pref("", "hxxp://{searchTerms}");
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.version", "");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.1,,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://");
Line Deleted : user_pref("extentions.y2layers.installId", "b6bc9963-d47a-4fcd-9b9a-c23b15530a00");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


AdwCleaner[R0].txt - [25502 octets] - [10/11/2013 16:05:47]
AdwCleaner[S0].txt - [25950 octets] - [10/11/2013 16:14:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26011 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Nov-2013, 04:36 PM #4
That cleared a lot

next lets see what this finds
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
10-Nov-2013, 05:10 PM #5
JRT "detected a bad module", I answered "yes" to "reboot now"? To delete it. Would it have been better to reboot later, so it would show in the log?

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dixie on Sun 11/10/2013 at 17:01:27.91

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\81337c0da4b761d40a4c b3380f57ae88
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\81337c0da4b761d40a4c b3380f57ae88
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a03964954 9966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{e21c554a-6135-4608-aa3b-e35d00645fe1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dixie\appdata\locallow\blubster toolbar"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\software informer"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bearsharewebsearch.xml"
Successfully deleted: [File] C:\Users\Dixie\AppData\Roaming\mozilla\firefox\profiles\27oct4gy.default\se archplugins\bearsharewebsearch.xml
Successfully deleted: [File] C:\Users\Dixie\AppData\Roaming\mozilla\firefox\profiles\27oct4gy.default\se archplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Dixie\AppData\Roaming\mozilla\firefox\profiles\27oct4gy.default\pr efs.js

user_pref("", true);
Emptied folder: C:\Users\Dixie\AppData\Roaming\mozilla\firefox\profiles\27oct4gy.default\mi nidumps [155 files]

~~~ Event Viewer Logs were cleared

Scan was completed on Sun 11/10/2013 at 17:06:02.12
Computer was rebooted
End of JRT log
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Nov-2013, 05:26 PM #6
hopefully that should have cleared most of the junk out
What problems ( if any) are you still having
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
10-Nov-2013, 07:37 PM #7
As I stated in Post#1, things were alot better ( now even better, seeing what you removed ) and no major funtional issues yet ( been turned on and running for only a couple days ).
I still see and can't uninstall ASPCA Reminder. I have the feeling you have seen this before, just in case you haven't, I'm attaching the pop up windows I get when trying to uninstall it from Control Panel.
So, since this machine really has only been running a couple days, I'm not sure if I'm entirely clean, but, I would like to take care of the ASPCA thing.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Nov-2013, 03:45 AM #8
did you check the box & then press "remove the reminder"
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
11-Nov-2013, 07:57 AM #9
That worked. I'm sure I tried that before, but after reboot it was back.
OK. so, I see this machine has Windows Defender ( not turned on right now ), any thoughts about what I should run on this Vista machine?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Nov-2013, 08:24 AM #10
What antivirus do you use
lets see what this shows us is still there

Download to Desktop: DDS by sUBs from one of the below locations

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.

post the contents of both logs back here.
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
11-Nov-2013, 10:53 AM #11
I downloaded DDS yesterday to my desktop anticipating I would be requested to run it. When I ran it today, it ran in silent mode for some reason, but still produced the two logs. I plan on going over to the Vista forum to tidy-up un-needed apps and startup......

DDS (Ver_2012-11-20.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/28/2007 7:22:07 AM
System Uptime: 11/11/2013 7:43:15 AM (3 hours ago)
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 223 GiB total, 121.208 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.131 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP2183: 11/10/2013 11:44:16 AM - after initial work
RP2184: 11/10/2013 12:13:46 PM - after mbam rootkit check
RP2185: 11/10/2013 12:18:14 PM - Windows Update
RP2186: 11/10/2013 12:48:18 PM - Removed AVG 2011
RP2187: 11/10/2013 7:22:25 PM - Removed ASPCA Reminder V7F+AU by
RP2188: 11/10/2013 7:26:01 PM - Removed ASPCA Reminder V7F+AU by
RP2189: 11/10/2013 7:28:51 PM - Removed ASPCA Reminder V7F+AU by
RP2190: 11/11/2013 7:37:22 AM - Removed ASPCA Reminder V7F+AU by
==== Installed Programs ======================
3ivx MPEG-4 5.0.3 (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
avast! Free Antivirus
BlackBerry Device Software Updater
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell DataSafe Online
Dell Support Center
Dell System Customization Wizard
ESET Online Scanner v3
Facebook Plug-In
Games, Music, & Photos Launcher
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Macromedia Shockwave Player
Malwarebytes Anti-Malware version
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mobile Mouse Server
MobileMe Control Panel
Move Media Player
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.0)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nuclear Coffee - DiscRipper
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIANetworkDiagnostic 3.3
Paint.NET v3.36
Product Documentation Launcher
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sonic Activation Module
Switch Sound File Converter
TBS WMP Plug-in
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Works Upgrade
==== Event Viewer Messages From Past Week ========
11/11/2013 7:47:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/11/2013 7:47:30 AM, Error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
11/11/2013 7:47:30 AM, Error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
11/11/2013 7:47:30 AM, Error: Service Control Manager [7000] - The Photoshop Elements Device Connect service failed to start due to the following error: The system cannot find the file specified.
11/11/2013 7:47:30 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/11/2013 7:47:30 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
11/11/2013 7:47:30 AM, Error: Service Control Manager [7000] - The Adobe Active File Monitor service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.7.2
Run by Dixie at 10:43:15 on 2013-11-11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1022.326 [GMT -5:00]
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
============== Running Processes ================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ 3\program\soffice.exe
C:\Program Files\ 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uStart Page = hxxps://
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ROC_ROC_JAN2013_AV] c:\users\dixie\appdata\roaming\avg january 2013 campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\dixie\appdata\roaming\micros~1\windows\startm~1\programs\startup\o penof~1.lnk - c:\program files\ 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://
TCP: NameServer =
TCP: Interfaces\{350641B0-898F-4D29-99CA-436A4B1CF266} : DHCPNameServer =
TCP: Interfaces\{3EB6AD1B-456A-4305-ACE8-8A902F504B1D} : DHCPNameServer =
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
================= FIREFOX ===================
FF - ProfilePath - c:\users\dixie\appdata\roaming\mozilla\firefox\profiles\27oct4gy.default\
FF - prefs.js: - Google
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\dixie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\dixie\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
============= SERVICES / DRIVERS ===============
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-9 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-14 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-14 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-14 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-14 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-14 50344]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-19 45848]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
=============== Created Last 30 ================
2013-11-10 21:54:59 -------- d-----w- c:\windows\ERUNT
2013-11-10 21:05:42 -------- d-----w- C:\AdwCleaner
2013-11-10 16:50:48 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-10 16:50:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-10 16:49:12 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-09 23:28:17 -------- d-----w- c:\program files\ESET
2013-11-09 23:23:36 -------- d-----w- c:\users\dixie\appdata\roaming\AVAST Software
2013-11-09 18:32:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-09 18:32:41 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-09 14:25:11 -------- d-----w- c:\users\dixie\appdata\roaming\
2013-11-09 14:24:56 -------- d-----w- c:\programdata\
2013-11-09 14:24:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-09 03:50:42 650936 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\M icrosoft.MediaCenter.Sports.UI.dll
2013-11-09 01:34:01 -------- d-----w- c:\users\dixie\appdata\roaming\TuneUp Software
==================== Find3M ====================
2013-11-09 18:37:54 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-09 18:37:52 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-09 18:37:49 43152 ----a-w- c:\windows\avastSS.scr
============= FINISH: 10:44:22.30 ===============
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Nov-2013, 11:44 AM #12
you have Avast antivirus installed so no need for windows defender to be active
You also have some left over AVG entries that need dealing with

use the AVG uninstaller to remove all left overs

I will ask one of the TA's who specialise in updating etc to offer you advice about what needs updating and there are quite a few outdated programs there
patmac's Avatar
patmac patmac is offline
Computer Specs
Member with 868 posts.
Join Date: May 2004
Location: Earth
Experience: Beginner
11-Nov-2013, 01:22 PM #13
I'll stick with Avast.
Ran the AVG remover, after the restart, it said it needed to restart?? Which it did, again...
Should I start a new thread in the Vista forum asking for update/startup help?

Something to note, not sure what it means, but ever since I checked the "remove reminder" box for ASPCA, the boot time at restart has increased to 7 or 8 minutes, from 3 or 4 minutes prior. It's a definite increase because during the work you did, I had to restart a bunch of times, so I'm really aware of it. When the restart gets to the black screen with the narrow rectangular box at the bottom of the screen with the moving green bars in it, the bars stop moving, for two or three minutes, then go, then stop. They start and keep moving when there's activity on the hard drive.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 47,617 posts.
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Nov-2013, 02:28 PM #14
removing the ASPCA reminder won't have done anything to the boot time
somebody will reply in this topic to help you with the updates and cut down on any start upload
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 63,155 posts.
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
11-Nov-2013, 09:47 PM #15

According to your AdwCleaner log in post #3, your computer is running Windows Vista Home Premium Service Pack 1 32-bit.
Why hasn't it been upgraded to Service Pack 2 which was released in May 2009?


According to your DDS log in post #11, you appear to have a Dell Inspiron 531 or Dell Inspiron 531S desktop.
Which one do you have, and what's the 7-character "service tag" number on it?


Concerning your list of installed programs:

Adobe Reader 8.1.3 needs to be updated to version 11.0.05

Java 7 Update 7 needs to be updated to version Java 7 Update 45(

Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 22
Java(TM) 6 Update 23
all need to be uninstalled.

Mozilla Firefox 20.0 needs to be updated to version 25.0
If you no longer use this browser, uninstall it instead. 3.3.0 needs to be updated to Apache OpenOffice 4.0.1
If you no longer use this suite, uninstall it instead.

There are a LOT of other outdated and probably unused and unneeded programs and add-ons in your computer.
Some serious "decluttering" is in order.

As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

You Are Using: Server ID
Trusted Website Back to the Top ↑