My mom's computer is infected. Help please?

She pulled a no no and clicked on spyware that appeared on her desktop…:frowning: Now it has hijacked the desktop. Avast found a few viruses, one or two of which it could not move or delete, so I was forced to ignore them. Here is what I found from Kaspersky’s scan. Can anyone advise me on what I should do? Thank you in advance. I can post a hijack this as well if it will help.

Friday, August 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 18:44:27
Records in database: 1124860
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:
D:
E:
Scan statistics
Files scanned 84642
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 01:24:29

File name Threat name Threats count
C:\Program Files\AOL Toolbar\temp.000 Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\AOL Toolbar~GLH0004.TMP Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Program Files\Magentic\bin\magentic_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.f 1
The selected area was scanned.

Well as much as I dislike AOHell I would doubt that their toolbar would be considered adware, but it is unlikely that it had anything to do with the prevoius avast detection.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

What was the reason it couldn’t be moved, e.g. whar error message was displayed (commonly this file is in use) ?

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

Haha, I hate aol too. I can’t convince her that it sucks. Should I try harder? I did run a boot scan when I initially installed it. It caught two things, two others it could not move or delete. I will see if I can find them now. All I see in the logs are the following: error log and warning log. The computer froze last night about 75 percent through. I am running the scan again.

Here is the error log

10/3/2006 12:18:26 AM SYSTEM 1952 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\EntApi.dll failed, 00000005.
10/3/2006 4:18:33 AM SYSTEM 1952 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\EntApi.dll failed, 00000005.
10/3/2006 8:18:36 AM SYSTEM 1952 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\EntApi.dll failed, 00000005.
10/3/2006 12:18:39 PM SYSTEM 1952 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\system32\EntApi.dll failed, 00000005.

Here is the warning log. I should have written them down I know, but by the time I realized it wasn’t going to fix them I had hit ignore and the scan moved on…Any other programs I should try and download or run online?

10/3/2006 12:18:26 AM SYSTEM 1952 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\system32\EntApi.dll (C:\WINDOWS\system32\EntApi.dll) returning error, 00000005.
10/3/2006 12:50:41 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 12:50:41 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/3/2006 4:18:33 AM SYSTEM 1952 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\system32\EntApi.dll (C:\WINDOWS\system32\EntApi.dll) returning error, 00000005.
10/3/2006 4:56:44 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 4:56:44 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/3/2006 8:18:36 AM SYSTEM 1952 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\system32\EntApi.dll (C:\WINDOWS\system32\EntApi.dll) returning error, 00000005.
10/3/2006 9:02:48 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 9:02:48 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/3/2006 12:18:39 PM SYSTEM 1952 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\system32\EntApi.dll (C:\WINDOWS\system32\EntApi.dll) returning error, 00000005.
10/3/2006 1:08:51 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 1:08:51 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/3/2006 5:14:54 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 5:14:54 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/3/2006 9:20:58 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/3/2006 9:20:58 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 1:27:02 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 1:27:02 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 5:33:05 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 5:33:05 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 9:39:08 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 9:39:08 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 1:45:11 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 1:45:11 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 5:51:15 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 5:51:15 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/4/2006 9:57:18 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/4/2006 9:57:18 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 2:03:21 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 2:03:21 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 6:09:24 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 6:09:24 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 10:15:27 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 10:15:27 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 2:21:31 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 2:21:31 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 6:27:34 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 6:27:34 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/5/2006 10:34:19 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/5/2006 10:34:19 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 2:40:22 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 2:40:22 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 6:46:25 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 6:46:25 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 10:52:29 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 10:52:29 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 2:58:32 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 2:58:32 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 7:04:35 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 7:04:35 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/6/2006 11:10:38 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/6/2006 11:10:38 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 3:16:41 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/7/2006 3:16:41 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 7:22:46 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/7/2006 7:22:46 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 11:28:49 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/7/2006 11:28:49 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 3:34:52 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/7/2006 3:34:52 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 7:40:55 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/7/2006 7:40:55 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/7/2006 11:46:58 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.

(continued)

10/7/2006 11:46:58 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/8/2006 3:53:01 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/8/2006 3:53:01 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/8/2006 7:59:05 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/8/2006 7:59:05 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/8/2006 12:05:10 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/8/2006 12:05:10 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/8/2006 4:11:13 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/8/2006 4:11:13 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/8/2006 8:17:03 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/8/2006 8:17:03 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/9/2006 12:23:07 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/9/2006 12:23:07 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/9/2006 4:29:10 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/9/2006 4:29:10 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/9/2006 8:35:14 AM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/9/2006 8:35:14 AM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/9/2006 12:41:17 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/9/2006 12:41:17 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
10/9/2006 4:47:20 PM SYSTEM 1952 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
10/9/2006 4:47:20 PM SYSTEM 1952 An error has occured while attempting to update. Please check the logs.
8/21/2008 9:03:21 PM SYSTEM 1088 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\lphcp46j0ele5.exe” file.
8/21/2008 10:33:36 PM Vicki Hull 2596 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{3029B316-1FD5-455A-B12F-DF32771AB5DB}\RP151\A0027691.exe” file.

Yes Our British friends may be in bed
If the are lurking they may chime in

first download and run Malware Bytes Anti Malware (free) and Rogue remover
post the logs

then lets fix your AV

  • In windows\system32, or anywhere else, see if you have the file entapi.dll. When you find it, right-click on it and click on Properties. Review the information there. Is the file from or for McAfee?

If you ever have had McAfee on this machine remove with add remove programs then the Mcafee removal tool
see here
http://www.pchell.com/virus/uninstallmcafee.shtml
then go to the bottom of the page and uninstall any other AV you have ever had
then go here
http://www.pchell.com/virus/uninstallantivir.shtml
start in the middle of the page
here
What if Windows Security Center Shows AntiVir or other muliple Antivirus products installed

One quirk with AV causes it to still show up in the Windows Security Center even when its been uninstalled properly. If this is the case, please refer to this article to resolve it.

http://www.pchell.com/support/multiple_antivirus_in_security_center.shtml

THEN
run the Antivir registry cleaner
follow the instructions
when reinstalling avast schedule a boot time scan and report the results

Besides these initial errors are very old dating to 2006 and really not worth chassing as there have been many updates since then.

Well the 00000005 (windows file system error 5) is access denied and this can be for legitimate reasons as well as malware being protected. So when you see those errors google the file name that the error is for, this should give you a good idea what application the file is associated with and if the access denied is reasonable.

Also when you get these errors you could schedule a boot-time scan (as mentioned previously) where it is less likely that access would be denied as windows won’t be running, this should allow avast to scan the file.

The EntApi.dll file would appear to be a part of McAfee Virus Scan so a) it would be reasonable that it is protected, b) however this shows that there ia another AV installed or remnants on your Mom’s system and this can cause conflicts.

Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. However, as I said these errors are dated 2006 so may no longer be an issue if McAfee has been removed as there have been no further errors relating to this since 2006.

So I don’t know if this is the cause of many of these errors, certainly the 'Function setifaceUpdatePackages() has failed, errors.

Ensure that McAfee has been uninstalled and also run the uninstall tool, I have supplied more information as I have no idea what version she might have had.
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe
2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525

8/21/2008 9:03:21 PM SYSTEM 1088 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32\lphcp46j0ele5.exe” file.
8/21/2008 10:33:36 PM Vicki Hull 2596 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{3029B316-1FD5-455A-B12F-DF32771AB5DB}\RP151\A0027691.exe” file.

These seem valid detections and the only recent ones 21/8/2008, but the main thing is what action did your Mom choose on the detection, Move to chest, Delete, etc. ?

Just about to go to bed ;D

I am heading to her house now and will follow all the steps you two suggested. I know she had McAffee a long time ago, I didn’t realize there were still stuff left over. I will post the logs as soon as I get them. To answer the last question, she and I have both followed Avast’s suggestions to move the files to the vault. Two of them could not be moved or deleted in the boot scan and were forced to be ignored. She still has some fake windows security alert message that is locked on her desktop. I will post as soon as I get some logs.

On another note, my own computer runs Vista and I just came across a thread stating that to install and uninstall applications properly I would have to right click the .exe file and select “run as administrator?” Does anyone have more info about whether this really is necessary or not? I have never done that once in the year and a half that I’ve used Vista.

I’m running the anti malware right now. Rogue remover found nothing. Maybe I’m missing something but I don’t see a log anywhere to post for rogue remover. Is there one?

Here is my mom’s mbam log. Should I remove selected or wait for further instruction?

Malwarebytes’ Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

2:21:01 PM 8/23/2008
mbam-log-08-23-2008 (14-20-54).txt

Scan type: Full Scan (C:|)
Objects scanned: 137109
Time elapsed: 59 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) → No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) → No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) → No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) → No action taken.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) → No action taken.
C:\WINDOWS\SYSTEM32\blphcp46j0ele5.scr (Trojan.FakeAlert) → No action taken.
C:\WINDOWS\SYSTEM32\phcp46j0ele5.bmp (Trojan.FakeAlert) → No action taken.

  • In windows\system32, or anywhere else, see if you have the file entapi.dll. When you find it, right-click on it and click on Properties. Review the information there. Is the file from or for McAfee?

This file was nowhere to be found. I searched for it as well. I will use the removal tool as you suggested

Hi
yes REMOVE with MBAM it will create a backup/quarantine
That RR did not find anything is good
That old Mcafee hit was somewhere in your error log or ???
anyway McAffe, even when old can cause major interference so do the whole 9 yards removal thing
If the Antivir reg tool finds anything the McAfee removal tool missed let me know

Do not worry about files in Chest or Quarantine
as you noticed Kaspersky does not remove anything but does tell where to look:)

Is that fake message still there?
if it’s gone run CCleaner
Defrag
set a new restore point
If not gone
Or if you wish to double check run a different on line scan and Super Anti Spyware first

On your vista question- I’d post separately in the Avast 4 forum

Well my mom had leftovers of all kinds of av’s. Specifically, Norton, McAffee and AVG…Norton is the only one who’s removal tool worked so far. McAffee’s seemed to freeze. I restarted, and tried to run the program again, and it tells me it is still running. ??? I followed the steps for AVG, erased all of the program files etc. To be sure I followed the steps in the link to download the latest version of AVG, and that their would be an option to uninstall. I don’t see that option anywhere. I felt like I had made it to the last step and was about to install it. Which I do not want to do. Any advice? I am about to uninstall Avast in the hopes that I will be ready for a clean install soon. Is there any sort of log I could post for someone to tell whether all the other AV’s are still lurking somewhere?

Ya the McAffee cleanup tool is a POS. I’ve restarted the computer like three times. When I try and run it, I get: Clean up failed. Clean up is already running. It’s been over an hour, I’m doubting it could take that long to run…

The good news is that malwarebytes got the hijack desktop stuff off successfully. Once I figure out the proper way to clean up her antivirus stuff I think she will be back in business!

Don’t know which McAfee tool you used as I gave lots of options before:

The last one I gave previously (see below) might be more relevant if your Mom had the Internet Security Suite.

Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525

For AVG Remover, download tool from here, http://www.grisoft.com/ww.download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one.

NORTON MCAFEE AND AVG lucky her computer could connect or ran at all !
Thanks DavidR you beat me to it !!!

Really glad you got MBAM to work
You can always try the MCAfee tool (s) in safe mode
Do Run the AVG tool that DavidR linked to
Do run the Antivir registry cleaner and let me know what it finds that the removal tools missed :slight_smile:

After you get her back up
CCleaner
Defrag
New Restore Point

I’d suggest Spyware Blaster by Javacool
a Hosts file
and either Windows Defender or SpywareTerminator (without the toolbar for some free real time protection for mom

Thank you for the link. I am trying it now. I was using pchell’s site and used the mcafee tool they listed there. It seems to have locked or frozen on the system and claims to be running…indefinitely. But PCHell also said there was no AVG removal tool, so go figure. I am running avg’s now. So hopefully the only one left to remove is McAfee.

Is the antivir reg cleaner for avira? As far as I know she never ran that. Is that why I am running the removal tool or will it fix the rest of my registry problems? And sorry about my above post. THe question is in there somewhere…

It also looks for other AVs registry entries.