Jump to content

MB fails to load on HP Touchsmart. Computer running very slow


Recommended Posts

Hello FFox! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Avery Toolbar

Yahoo! Toolbar

Step 2

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

    Step 3

    Launch Malwarebytes Anti-Malware and perform a threat scan. Post your log file.

    Step 4

    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    In your next reply, post the following log files:

    • Malwarebytes' Anti-Malware log
    • FRST log

fixlist.txt

Link to post
Share on other sites

Borislav,

 

I completed the instructions in your reply.  Here are the log files (pasted below).  There were two files in the C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs directory so I posted both.  Please let me know how to proceed.

 

1) Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by FoxHome at 2015-05-20 21:18:36 Run:1
Running from C:\Users\FoxHome\Desktop
Loaded Profiles: FoxHome (Available profiles: FoxHome & Mcx1-FOXMAIN-PC)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
Task: {87F96F6C-D6FA-47DA-A1A3-34B3FEB77505} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
SearchScopes: HKLM -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-99837430-1268001104-3909394189-1000 -> {366630E4-3C61-47A1-AD6B-1AB803875114} URL = 
Toolbar: HKU\S-1-5-21-99837430-1268001104-3909394189-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default ->
CHR Extension: (Ask Toolbar) - C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-10-20]
CHR Extension: (ShopAtHome.com) - C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-17]
CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [Not Found]
C:\ProgramData\AskPartnerNetwork
C:\Program Files\PC Optimizer Pro
2015-05-20 15:49 - 2013-07-11 17:56 - 00000418 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
EmptyTemp:
Reboot:
end
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87F96F6C-D6FA-47DA-A1A3-34B3FEB77505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87F96F6C-D6FA-47DA-A1A3-34B3FEB77505}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.
HKCR\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found. 
"HKU\S-1-5-21-99837430-1268001104-3909394189-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{366630E4-3C61-47A1-AD6B-1AB803875114}" => Key deleted successfully.
HKCR\CLSID\{366630E4-3C61-47A1-AD6B-1AB803875114} => Key not found. 
HKU\S-1-5-21-99837430-1268001104-3909394189-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. 
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj directory not found.
C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj => Key not found. 
"C:\ProgramData\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files\PC Optimizer Pro" => File/Directory not found.
"C:\Windows\Tasks\PC Optimizer Pro64 startups.job" => File/Directory not found.
EmptyTemp: => Removed 5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:27:31 ====
 
 
2) mbam-log-2015-05-20 (18-19-32).xml
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/05/20 18:19:33 -0400</date>
<logfile>mbam-log-2015-05-20 (18-19-32).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.05.20.05</malware-database>
<rootkit-database>v2015.05.16.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>FoxHome</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>438611</objects>
<time>3531</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>5</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf</path><vendor>PUP.Optional.SearchApp.A</vendor><action>success</action><hash>667fe7ae434778be4f1a7982ca39867a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf</path><vendor>PUP.Optional.SearchApp.A</vendor><action>success</action><hash>fce9791c7317fd39b9b013e818eb3dc3</hash></key>
<file><path>C:\Users\FoxHome\Desktop\Downloads\ZipSetup (1).exe</path><vendor>PUP.Optional.Comboapps</vendor><action>success</action><hash>ebfac8cd454543f382b4a2bebc4a966a</hash></file>
<file><path>C:\Users\FoxHome\Desktop\Downloads\ZipSetup.exe</path><vendor>PUP.Optional.Comboapps</vendor><action>success</action><hash>9a4b167f1c6e3501f3434b1536d09868</hash></file>
<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>6e77059083073204ac8033bcab58a957</hash></file>
<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>8362b4e1deac2016c567b43b63a0e51b</hash></file>
<file><path>C:\Users\FoxHome\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences</path><vendor>PUP.Optional.ASK.A</vendor><action>replaced</action><baddata>                  "homepage": "http://www.search.ask.com/?gct=hp",</baddata><gooddata></gooddata><hash>c520dfb6becc85b1f6be174eeb1bdf21</hash></file>
</items>
</mbam-log>
 
 
3) protection-log-2015-05-20.xml 
 
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:18.503917-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="6139186b-fbfa-42e5-a9ab-c6f85cfe0851" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:18.518917-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="1f7183b3-83a2-41e7-b2d0-0e1d257cc034" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:18.549919-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="d75e305d-a83a-4307-a108-bcd6676de0fb" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:19.620980-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="0a66e508-adf0-45ff-ae24-e13ae91420b2" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-20T18:05:25.501317-04:00" source="Manual" type="Update" username="SYSTEM" systemname="FOXMAIN-PC" fromVersion="2015.2.25.1" last_modified_tag="db5c0686-64d0-4e5e-a540-d2d7ef751a69" name="Rootkit Database" toVersion="2015.5.16.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-20T18:05:25.575321-04:00" source="Manual" type="Update" username="SYSTEM" systemname="FOXMAIN-PC" fromVersion="2015.3.9.1" last_modified_tag="e322dc46-79a2-49c2-b62b-87d96e140136" name="Remediation Database" toVersion="2015.5.13.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-20T18:05:30.022575-04:00" source="Manual" type="Update" username="SYSTEM" systemname="FOXMAIN-PC" fromVersion="2015.3.9.5" last_modified_tag="19f64b29-ad9d-4125-863b-2405387b34f1" name="Malware Database" toVersion="2015.5.20.5"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:30.053577-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="e682a278-b5f6-4428-b2f0-de407ab0d6da" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:30.059577-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="ff6677cf-ec6a-4844-a1b6-0a27bf4ceed2" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:30.137582-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="9b15abe2-6f2e-4c78-945f-c1b226076fd8" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:38.060035-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="4d8ee3f6-7659-49c0-a88a-8dbacc9e4705" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:38.082036-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="a814bb95-22a1-4120-9c0b-6e56486167de" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:05:38.349052-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="1b9eab01-b889-4671-8757-3bb6d56989c3" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:13:13.883671-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="c9620e6e-e72f-402a-bcfc-d969bc0bdbc8" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:13:14.242472-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="ce52459e-905a-4df3-92db-bcd893218edc" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:13:14.351672-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="5c9e81bf-9ac7-4c8c-91d0-6807f0421155" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T18:13:53.492140-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="3da18101-2fbe-48f6-ad09-be8e2371ec89" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="6" datetime="2015-05-20T19:19:21.163282-04:00" source="Manual" type="Scan" username="SYSTEM" systemname="FOXMAIN-PC" duration="3531" last_modified_tag="5cc7f069-9731-47ee-add2-90c79f993a7e" malwaredetections="0" nonmalwaredetections="7" scanresult="completed" scantype="threat" starttime="2015-05-20T18:19:33-04:00"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T19:24:53.342222-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="71068d50-db84-4768-82ad-79cea8967fc3" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T19:24:53.420223-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="a3bfe560-b53d-4cc0-9481-3d8fe1dfcbc2" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T19:24:53.467023-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="71df5837-9ae7-4407-85c5-1fd55481d533" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T19:25:39.221902-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="0e1327cb-2428-4244-874f-3572f3a1ba5b" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-20T20:27:29.922313-04:00" source="Scheduler" type="Update" username="SYSTEM" systemname="FOXMAIN-PC" fromVersion="2015.5.20.5" last_modified_tag="3531ab46-6411-445b-94c6-714844ab7577" name="Malware Database" toVersion="2015.5.20.6"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:27:30.795915-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="0f469898-3ccd-4e0e-9643-e9f14caa6e37" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:27:30.811515-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="057e74fb-ed55-41ec-a952-fbcaee2c6510" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:27:31.419916-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="8dc7580f-bbb7-4efc-8e05-f2f71f551a00" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:28:00.295566-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="17688687-836e-43c9-b784-478105951aac" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:28:00.311166-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="5dbf3e5c-d15e-4555-ac0e-1feb0ef9ee7f" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T20:28:00.747967-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="54297f36-516f-4d88-babe-ec2c8d1a3639" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T21:31:06.979843-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="9d272543-2415-40f2-83c7-46cd014edd76" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T21:31:07.213843-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="b2f6ef04-96b8-455c-a2d3-a5592b70a26a" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T21:31:07.245043-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="695af1f0-8a7d-4e31-ad2e-65e4749c2957" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-05-20T21:31:08.477445-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="FOXMAIN-PC" last_modified_tag="94ef64c1-e91b-4904-ae76-d28c8914eaca" result="Started" subtype="Malicious Website Protection"></record>
</logs>
 
Link to post
Share on other sites

Well done! :)

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Junkware Removal Tool log
    • AdwCleaner log
    • ESET Online Scanner log
Link to post
Share on other sites

Borislav,

Here are the logs from the recent cleaning.  I also added the second [R0] file in the adware cleaner log directory since I was not sure if this would be of any help.

Floyd

 

1)JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Home Premium x64
Ran by FoxHome on Thu 05/21/2015 at 16:07:48.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\couponprinter.ocx
Successfully deleted: [File] C:\Windows\wininit.ini
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\coupons
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\FoxHome\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/21/2015 at 16:13:09.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
2) AdwCleaner[s0].txt
 
# AdwCleaner v4.205 - Logfile created 21/05/2015 at 16:21:46
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : FoxHome - FOXMAIN-PC
# Running from : C:\Users\FoxHome\Desktop\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Google Chrome v42.0.2311.152
 
 
*************************
 
AdwCleaner[R0].txt - [1218 bytes] - [21/05/2015 16:19:22]
AdwCleaner[s0].txt - [1155 bytes] - [21/05/2015 16:21:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1214  bytes] ##########
 
 
3) AdwCleaner[R0].txt
 
# AdwCleaner v4.205 - Logfile created 21/05/2015 at 16:19:22
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : FoxHome - FOXMAIN-PC
# Running from : C:\Users\FoxHome\Desktop\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Google Chrome v42.0.2311.152
 
 
*************************
 
AdwCleaner[R0].txt - [1080 bytes] - [21/05/2015 16:19:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1139 bytes] ##########
 
4)ESETScanlog.txt
 
C:\Users\FoxHome\Desktop\Downloads\OffercastInstaller_AVR_U-0090-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\FoxHome\Desktop\Downloads\redsn0w-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application deleted - quarantined
 
 
Link to post
Share on other sites

Borislav,

 

MB starts and runs fine.  The computer appears to running ok.  Would like it to be a bit faster.  I do notice the hard drive light is nearly constantly on (more than I would expect given apparent program activity).  Thank you for all of your help

 

Floyd

Link to post
Share on other sites

Glad is better now, Floyd! Glad I could help you. :)

Last steps for you:

Step 1

Please download DelFix by Xplode and save it to your desktop. Please launch it and make sure that this one is checked: Remove disinfection tools. Click on Run button. The program will run for a few seconds and display a notepad report. You do not need to attach it.

Step 2

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.