MB fails to load on HP Touchsmart. Computer running very slow

FFox · May 20, 2015

Dear Forum Experts,

MB does not load and run on my computer as it once did. I have attached the FRST.txt and addition.txt files. Please let me know how to proceed in restore my MB scan abilities.

Thank You

Floyd Fox

New Jersey

Addition.txt

FRST.txt

Maniac · May 20, 2015

Hello FFox! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following programs:

Avery Toolbar

Yahoo! Toolbar

Step 2

Download and run mbam-clean.exe from here
It will ask to restart your computer, please allow it to do so very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
- Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
- Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
  Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
Step 3
Launch Malwarebytes Anti-Malware and perform a threat scan. Post your log file.
Step 4
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
In your next reply, post the following log files:
- Malwarebytes' Anti-Malware log
- FRST log

fixlist.txt

FFox · May 21, 2015

Borislav,

I completed the instructions in your reply. Here are the log files (pasted below). There were two files in the C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs directory so I posted both. Please let me know how to proceed.

1) Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015

Ran by FoxHome at 2015-05-20 21:18:36 Run:1

Running from C:\Users\FoxHome\Desktop

Loaded Profiles: FoxHome (Available profiles: FoxHome & Mcx1-FOXMAIN-PC)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CloseProcesses:

Task: {87F96F6C-D6FA-47DA-A1A3-34B3FEB77505} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

SearchScopes: HKLM -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKU\S-1-5-21-99837430-1268001104-3909394189-1000 -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL =

Toolbar: HKU\S-1-5-21-99837430-1268001104-3909394189-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

CHR DefaultSearchKeyword: Default -> mcafee

CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US91005D20121126&p={searchTerms}

CHR DefaultSuggestURL: Default ->

CHR Extension: (Ask Toolbar) - C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-10-20]

CHR Extension: (ShopAtHome.com) - C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-17]

CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [Not Found]

C:\ProgramData\AskPartnerNetwork

C:\Program Files\PC Optimizer Pro

2015-05-20 15:49 - 2013-07-11 17:56 - 00000418 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job

EmptyTemp:

Reboot:

end

*****************

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87F96F6C-D6FA-47DA-A1A3-34B3FEB77505}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87F96F6C-D6FA-47DA-A1A3-34B3FEB77505}" => Key deleted successfully.

C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.

C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.

HKCR\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found.

"HKU\S-1-5-21-99837430-1268001104-3909394189-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.

HKCR\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found.

HKU\S-1-5-21-99837430-1268001104-3909394189-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.

HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.

Chrome DefaultSearchKeyword deleted successfully.

Chrome DefaultSearchURL deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj directory not found.

C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc => Moved successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj => Key not found.

"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.

"C:\Program Files\PC Optimizer Pro" => File/Directory not found.

"C:\Windows\Tasks\PC Optimizer Pro64 startups.job" => File/Directory not found.

EmptyTemp: => Removed 5 GB temporary data.

The system needed a reboot.

==== End of Fixlog 21:27:31 ====

2) mbam-log-2015-05-20 (18-19-32).xml

<?xml version="1.0" encoding="UTF-16" ?>

<mbam-log>

</header>

<malware-database>v2015.05.20.05</malware-database>

<rootkit-database>v2015.05.16.01</rootkit-database>

<license>premium</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

<osversion>Windows 7 Service Pack 1</osversion>

<username>FoxHome</username>

</system>

<type>threat</type>

<result>completed</result>

</summary>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items>

<key><path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf</path><vendor>PUP.Optional.SearchApp.A</vendor><action>success</action><hash>667fe7ae434778be4f1a7982ca39867a</hash></key>

<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf</path><vendor>PUP.Optional.SearchApp.A</vendor><action>success</action><hash>fce9791c7317fd39b9b013e818eb3dc3</hash></key>

<file><path>C:\Users\FoxHome\Desktop\Downloads\ZipSetup (1).exe</path><vendor>PUP.Optional.Comboapps</vendor><action>success</action><hash>ebfac8cd454543f382b4a2bebc4a966a</hash></file>

<file><path>C:\Users\FoxHome\Desktop\Downloads\ZipSetup.exe</path><vendor>PUP.Optional.Comboapps</vendor><action>success</action><hash>9a4b167f1c6e3501f3434b1536d09868</hash></file>

<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>6e77059083073204ac8033bcab58a957</hash></file>

<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>8362b4e1deac2016c567b43b63a0e51b</hash></file>

<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences</path><vendor>PUP.Optional.ASK.A</vendor><action>replaced</action><baddata> "homepage": "http://www.search.ask.com/?gct=hp",</baddata><gooddata></gooddata><hash>c520dfb6becc85b1f6be174eeb1bdf21</hash></file>

</items>

</mbam-log>

3) protection-log-2015-05-20.xml

<?xml version="1.0" encoding="UTF-8" ?>

<logs>

</logs>

Maniac · May 21, 2015

Well done!

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan button. Wait until is finished.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
In your next reply, post the following log files:
- Junkware Removal Tool log
- AdwCleaner log
- ESET Online Scanner log

FFox · May 22, 2015

Borislav,

Here are the logs from the recent cleaning. I also added the second [R0] file in the adware cleaner log directory since I was not sure if this would be of any help.

Floyd

1)JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.7.6 (05.21.2015:1)

OS: Windows 7 Home Premium x64

Ran by FoxHome on Thu 05/21/2015 at 16:07:48.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\couponprinter.ocx

Successfully deleted: [File] C:\Windows\wininit.ini

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\coupons

~~~ Chrome

Successfully deleted: [Folder] C:\Users\FoxHome\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 05/21/2015 at 16:13:09.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2) AdwCleaner[s0].txt

# AdwCleaner v4.205 - Logfile created 21/05/2015 at 16:21:46

# Updated 21/05/2015 by Xplode

# Database : 2015-05-21.2 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : FoxHome - FOXMAIN-PC

# Running from : C:\Users\FoxHome\Desktop\AdwCleaner (1).exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Google Chrome v42.0.2311.152

*************************

AdwCleaner[R0].txt - [1218 bytes] - [21/05/2015 16:19:22]

AdwCleaner[s0].txt - [1155 bytes] - [21/05/2015 16:21:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1214 bytes] ##########

3) AdwCleaner[R0].txt

# AdwCleaner v4.205 - Logfile created 21/05/2015 at 16:19:22

# Updated 21/05/2015 by Xplode

# Database : 2015-05-21.2 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : FoxHome - FOXMAIN-PC

# Running from : C:\Users\FoxHome\Desktop\AdwCleaner (1).exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Google Chrome v42.0.2311.152

*************************

AdwCleaner[R0].txt - [1080 bytes] - [21/05/2015 16:19:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1139 bytes] ##########

4)ESETScanlog.txt

C:\Users\FoxHome\Desktop\Downloads\OffercastInstaller_AVR_U-0090-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined

C:\Users\FoxHome\Desktop\Downloads\redsn0w-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application deleted - quarantined

Maniac · May 22, 2015

How are things now?

FFox · May 23, 2015

Borislav,

MB starts and runs fine. The computer appears to running ok. Would like it to be a bit faster. I do notice the hard drive light is nearly constantly on (more than I would expect given apparent program activity). Thank you for all of your help

Floyd

Maniac · May 23, 2015

Glad is better now, Floyd! Glad I could help you.

Last steps for you:

Step 1

Please download DelFix by Xplode and save it to your desktop. Please launch it and make sure that this one is checked: Remove disinfection tools. Click on Run button. The program will run for a few seconds and display a notepad report. You do not need to attach it.

Step 2

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing!

AdvancedSetup · May 27, 2015

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

MB fails to load on HP Touchsmart. Computer running very slow

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information