Noshiba

Hello everyone,

Hope you are having a great holiday. I do some nonprofit work and a client that I delivered a computer to is having some issues. It has been about 2 years since I have taken a look at her computer and I have found that it is dreadfully slow. Fortunately, I created an image of the system clean and it still has a restore partition but since I haven’t done this in awhile, I thought that this would be a great time to learn.

Here is the config:

Toshiba Satellite C655D, Win7 Home Premium SP1, 64-bit,3GB Ram, AMD E-350 Processor 1.6 GHz, Avast, WinPatrol, Online Armour, Secunia, Superantispyware, Ccleaner,

I found a curious program on her machine: PC Tools Registry Cleaner. I can’t find a coresponding program in “install/uninstall” in Windows. Of course, I did not install the program myself nor can she remember installing it.

In addition, I will be adding two pictures of a curious pop-up. Actually, the pop-up from online armor is continuous while the one from Winpatrol popup once which is usually the case with Winpatrol.

Here are the two pics

PC tools info http://www.pctools.com/product-eol/index/faq/utility/

Thanks, the issue I have here is that when doing my own search–before initially posting–there was not in information regarding “PC Tools Registry Cleaner.” There was plenty information regarding “PC Tools Registry Mechanic.” I am familiar with Registry Mechanic. In fact, I have known of the program more than the almost two years in which she received her computer. Either way, it shouldn’t be on her computer since for sure I would never download and install a registry cleaner to any newbie, or even a more advanced user without making it clear as to the risk of using such a program.

Maybe you are correct and these two programs are one in the same but if the name was changed I do wonder why I can’t find any info on the program when googling.

Thanks again.

:slight_smile:

Update: The program within start menu was actually PC Tools Registry Mechanic

Uninstalled Malwarebytes and reinstalled. One of the things that was slowing down the computer was the fact that she must have inadvertently choose the trial version which has live scanning.That is troubling to me since I initially installed Mbytes and when she updated the program this must have been when a mistake was made. That means she had a total of three live scanners: avast, Online Armor, & Malwarebytes. Computer is running faster since the initial scans that I have completed by avast directives and faster since the Malwarebytes change. I will not make any other changes to this computer until told to do so. However, the Mbytes change was obvious.

:slight_smile:

Let me know if this makes a difference

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> No File BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: No Name -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File Toolbar: HKLM-x32 - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-3311559648-135962878-152735979-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Getting this pop-up message when I open Chrome and Opera, “Your preferences cannot be read. Some features may be unavailable and changes to settings won’t be saved.” No pop-up messages from Firefox or IE. This was the case before all the cleaning. All browsers and programs open up normally which was not the case before the cleaning project. Online Armour pop-up disappeared for around 3-4 boots but returned. Boot to desktop takes about 3 minutes. That includes Ccleaner time of a minute and twenty seconds. Consequently, except for the browser & the OA pop-ups things are close to normal.

Here are the scan results that were requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Ms Williams at 2015-01-03 21:08:41 Run:1
Running from C:\Users\Ms Williams\Desktop\Linda Programs 2 Transfer
Loaded Profiles: Ms Williams & uCompute (Available profiles: Ms Williams & Linda & uCompute)
Boot Mode: Normal

Content of fixlist:


CreateRestorePoint:
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk → C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk → C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name → {4F524A2D-5354-2D53-5045-7A786E7484D7} → No File
BHO-x32: No Name → {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} → No File
BHO-x32: No Name → {4F524A2D-5354-2D53-5045-7A786E7484D7} → No File
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-3311559648-135962878-152735979-1000 → No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EmptyTemp:
CMD: bitsadmin /reset /allusers


Restore point was successfully created.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
“HKLM\SOFTWARE\Policies\Google” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => Key deleted successfully.
HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{4F524A2D-5354-2D53-5045-7A786E7484D7}” => Key deleted successfully.
HKCR\CLSID{4F524A2D-5354-2D53-5045-7A786E7484D7} => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}” => Key deleted successfully.
HKCR\Wow6432Node\CLSID{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{4F524A2D-5354-2D53-5045-7A786E7484D7}” => Key deleted successfully.
HKCR\Wow6432Node\CLSID{4F524A2D-5354-2D53-5045-7A786E7484D7} => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}” => Key deleted successfully.
“HKCR\Wow6432Node\CLSID{DBC80044-A445-435b-BC74-9C25C1C588A9}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
“HKCR\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5354-2D53-5045-7A786E7484D7} => value deleted successfully.
HKCR\CLSID{4F524A2D-5354-2D53-5045-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5354-2D53-5045-7A786E7484D7} => value deleted successfully.
HKCR\Wow6432Node\CLSID{4F524A2D-5354-2D53-5045-7A786E7484D7} => Key not found.
HKU\S-1-5-21-3311559648-135962878-152735979-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4CBB74C3-72DF-4EBF-8833-F37EC63FDB3E} canceled.
{076A5540-0A96-433E-AB69-299D57D2B4F2} canceled.
{781208E1-BBA4-4E3C-B686-89A304BE4862} canceled.
{5B4522C6-227D-4E34-A826-17DDC09C8B8A} canceled.
{D49DB55C-BFBE-4241-98BF-2424D75D5075} canceled.
5 out of 5 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 65 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:09:38 ====

Second Log

AdwCleaner v4.106 - Report created 03/01/2015 at 21:43:19

Updated 21/12/2014 by Xplode

Database : 2014-12-21.4 [Local]

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : Ms Williams - MSWILLIAMS-PC

Running from : C:\Users\Ms Williams\Desktop\AdwCleaner.exe

Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\Linda\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Ms Williams\AppData\Local\AskPartnerNetwork

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{EA92D14B-D39B-4BCF-B06A-1E8DFD7AEB10}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork

***** [ Browsers ] *****

-\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\ Mozilla Firefox v35.0 (x86 en-US)

-\ Google Chrome v39.0.2171.95

[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Users\Ms Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ms Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\ Opera v26.0.1656.60

[C:\Users\Ms Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ms Williams\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}


AdwCleaner[R0].txt - [3840 octets] - [03/01/2015 21:37:15]
AdwCleaner[S0].txt - [3700 octets] - [03/01/2015 21:43:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3760 octets] ##########

Is it ok to uninstall PC Tools Registry Mechanic? It auto started today. I aborted the scanning or cleaning or whatever. This is the only time I have noticed it after a week and a half of having the computer.

What is the online armour popup related to ? You may need to re-install chrome

I don’t understand your question, “What is it related to?” The pop-up appears in Chrome and Opera after trying to open either. I tried opening it in the admin account. I do not know whether this occurs in the limited user account. However, for now, there is only one Chrome account and that is in her admin account. I loved Opera before the changes (Chrome type build or something) so I will likely uninstall it when the cleaning is done or go back to the old one. That is, if I can be sure that the old one is still supported.

OK I thought you mentioned an OA popup as well. As for Chrome and opera you will need to uninstall and then re-install to remove that error

You’re correct, I did mention the OA pop-up and even posted a picture of it in this thread ;). Looks like AdobeArm and my research found that it is related to Adobe’s PDF reader.

Ooops I see it now, that is Adobe reader trying to load at start. Do you use Adobe as a full PDF programme or is it just to read PDF’s

Just to read PDFs for my clients. I personally have to use it so that I can fill in PDF forms but I doubt if anyone of our users care. She will not care. In addition, what is funny about it is that even when I choose “allow,” the pop-up still occurs. I can’t remember whether I told it to remember my choice by clicking the box. What would be your recommendation for a PDF reader? I have used Suamtra in the past.

She mostly plays free games mostly at POGO, moderate surfing & reading. I told her that she should find a different website for online games. I did not like some of the comments about the website.

What would be your recommendation for a PDF reader? I have used [b]Suamtra[/b] in the past.
my favorite ;)

Thanks

Thanks

:slight_smile:

For purely reading I would use Sumatra as it is an order of magnitude faster and does not need to start with the computer

Pogo games are Java based if I remember correctly so there is a security gap there. Did you re-install chrome and does it work now

Sorry, Chrome is not on her machine and I am using dial-up here. Therefore, I will have to go off site. In addition, someone cut my tire so I will not be mobile until tomorrow. I will un-install and re-install it tomorrow. However, I am able to use both browsers, I am just concerned about the annoying pop-up at the start. Since I can’t re-install until tomorrow, I will try this solution first: http://www.wintips.org/how-to-fix-your-preferences-can-not-be-read-error-in-chrome-solved/ and proceed to your recommendation if this does not work. Unless of course your recommendation is to uninstall without trying this proposed solution.

I do have a copy of Sumatra–actually an older copy–so I have already installed it on her machine.

No if that works then use it, I do not have Chrome myself so I always go for the heavy option, but the proposal they have seems sufficient :slight_smile:

That worked. I guess it was more serious than I originally thought since the home page reappeared after the user data deletion and restart.