Author Topic: [In Progress] beyond slow laptop, MBAM found  (Read 1898 times)

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #15 on: June 16, 2017, 09:37:58 AM »
I went online, klicked on the button, downloaded eset and stayed online while it was doing its thing which took a long time (the scan alone took 4hrs and 7 minutes). Each step to get to the download was slow. I turned Security Essentials off for the Scan since eset stated running a virus program while scanning may cause problems. It is now back to Real-Time protection and updated. Here is that log:

C:\AI_RecycleBin\{357AF691-D70D-411E-9756-C093451972C2}\3\Strongvault\StrongVaultApp.exe   a variant of MSIL/Adware.StrongVault.A application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(05b3e7eb).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(155fb8c3).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(1e67abf7).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(1ebb0d88).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(222a2faa).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(27c2c783).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(2c775bfe).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(45936b0f).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\MyOwnSuperheroIE\bar\setups\MyOwnSuperhero Installer(4b53297b).exe   a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application   
C:\Users\user1\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\2A27FDBC.exe   a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application   
C:\Users\user1\AppData\LocalLow\WeatherBlinkEI\Installr\Cache\12B7390C.exe   a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application   

I had eset delete the files. After that the computer didn't respond to opening MBAM or Security Essentials. I waited 15 Minutes, still nothing, so I disconnected the LAN cable, shut it down and turned it back on again. I started MBAM with LAN cable back in place and ran MBAM after updating and went offline again but MBAM didn't find anything.

After exporting the MBAM log and closing MBAM a window popped up "Program Compatibility Assistant" reading:
Windows detected that this program did not run correclty
To try and fix the problem, Windows has applied compatibility settings to this program. Windows will use these settings the next time you run the program.
If you noticed that this program didn't run correctly, try running the program again.
Program: Malwarebytes
Publisher: Malwarebytes
Location: C:\Program Files\Malwarebyt...\mbam.exe

Here is the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/16/17
Scan Time: 9:54 AM
Log File: mbam-2017-06-16-1000.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2164
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user1-PC\user1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331967
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 13 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #16 on: June 16, 2017, 09:59:49 AM »
It bothers me that another toolbar was found. Please read the instructions below and follow them. You do not remove things the first time thru (unless you are for sure that you know you do not want that software).

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #17 on: June 21, 2017, 04:23:26 PM »
Hoov,

Sorry it took me a while to get back, I was busy with work.

I went ahead and downloaded AdwCleaner, went offline, closed all programs, ran the exe file and hit the scan button. AdwCleaner found 169 files. I couldn't see any programs I wanted to keep in the folders, files or tasks. As far as the registry goes, I was sure for about 95% that I didn't want to keep anything. At the end of the day all I want is a laptop to run Firefox, stream some music and that's it. So, with 95% confidence, I hit the "clean" button without un-selecting anything. AdwCleaner displayed "deleting folders" while the process bar filled up about 15%. After that AdwCleaner went into "Not responding". I left it alone for 45minutes. Nothing changed. So, I Ctrl+Alt+Del-ed the laptop and rebooted. No text file opened though and I am not sure how successful my cleaning attempt was. I will stop here and now. Before doing anything else, I will post the log and wait to see what your thoughts are.


# AdwCleaner v6.047 - Logfile created 21/06/2017 at 16:16:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user1 - USER1-PC
# Running from : C:\Users\user1\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\user1\AppData\Local\Best Buy pc app
Folder Found:  C:\ProgramData\Best Buy pc app
Folder Found:  C:\ProgramData\Application Data\Best Buy pc app
Folder Found:  C:\Users\user1\AppData\Local\iLivid
Folder Found:  C:\Users\user1\AppData\Local\PackageAware
Folder Found:  C:\Users\user1\AppData\Local\torch
Folder Found:  C:\Users\user1\AppData\LocalLow\iac
Folder Found:  C:\Users\user1\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\user1\AppData\LocalLow\IAC
Folder Found:  C:\ProgramData\Ascentive
Folder Found:  C:\ProgramData\Ask
Folder Found:  C:\ProgramData\Partner
Folder Found:  C:\ProgramData\Application Data\Ascentive
Folder Found:  C:\ProgramData\Application Data\Ask
Folder Found:  C:\ProgramData\Application Data\Partner
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
Folder Found:  C:\Program Files (x86)\Conduit
Folder Found:  C:\Program Files (x86)\MyWebSearch
Folder Found:  C:\Program Files (x86)\Search Results Toolbar
Folder Found:  C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Found:  C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Folder Found:  C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion


***** [ Files ] *****

File Found:  C:\alotserviceruntime.log


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  Best Buy pc app
Task Found:  0


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app_is1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{9A1A857D-41B0-4122-9DB2-B5A9B21DE0B2}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A60671D2-CC17-4FDB-8CB7-87EFC561FB2C}
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\APN
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Ask.com
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Conduit
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\FunWebProducts
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\AskToolbar
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\CompeteInc
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Conduit
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\MyWebSearch
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\APN
Key Found:  HKCU\Software\Ask.com
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\FunWebProducts
Key Found:  HKCU\Software\MyWebSearch
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\AppDataLow\Software\AskToolbar
Key Found:  HKCU\Software\AppDataLow\Software\CompeteInc
Key Found:  HKCU\Software\AppDataLow\Software\Conduit
Key Found:  HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\APN
Key Found:  HKLM\SOFTWARE\AskToolbar
Key Found:  HKLM\SOFTWARE\Conduit
Key Found:  HKLM\SOFTWARE\FocusInteractive
Key Found:  HKLM\SOFTWARE\Fun Web Products
Key Found:  HKLM\SOFTWARE\InboxAce_1g
Key Found:  HKLM\SOFTWARE\MyWebSearch
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\WeatherBlink
Key Found:  HKLM\SOFTWARE\TelevisionFanatic
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\APN
Key Found:  [x64] HKCU\Software\Ask.com
Key Found:  [x64] HKCU\Software\Conduit
Key Found:  [x64] HKCU\Software\FunWebProducts
Key Found:  [x64] HKCU\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\AskToolbar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\CompeteInc
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Conduit
Key Found:  [x64] HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Data Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-457
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZU^xdm896^YY^us&ptb=A22B0EDE-4938-4574-BEAF-47854FF9956F
Key Found:  HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
Key Found:  HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [15902 Bytes] - [21/06/2017 16:16:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15976 Bytes] ##########

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #18 on: June 21, 2017, 06:20:44 PM »
Well at least it is getting cleaner. Try rebooting windows cleanly. The instructions are here, https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows scroll down and make sure to select the windows 7 option.

Once that is done, go ahead and follow the previous instructions to clean the computer.

One question, was this computer purchased at Best Buy, or was it ever take there for  maintenance that you know of?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #19 on: June 21, 2017, 07:48:45 PM »
I do not know where the computer was purchased but I know it was taken to Best Buy for Service at least once.

Rebooting Windows cleanly made the difference  :t!

Here is the AdwCleaner log. One question: should I reboot windows cleanly for the Junkware Removal Tool and RogueKiller, too? I will work on that either tomorrow or on Friday...


# AdwCleaner v6.047 - Logfile created 21/06/2017 at 20:35:52
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user1 - USER1-PC
# Running from : C:\Users\user1\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\user1\AppData\Local\iLivid
[-] Folder deleted: C:\Users\user1\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\user1\AppData\Local\torch
[-] Folder deleted: C:\Users\user1\AppData\LocalLow\iac
[-] Folder deleted: C:\Users\user1\AppData\LocalLow\Yahoo!\Companion
  • Folder deleted on reboot: C:\Users\user1\AppData\LocalLow\IAC
  • [-] Folder deleted: C:\ProgramData\Ascentive
    [-] Folder deleted: C:\ProgramData\Ask
    [-] Folder deleted: C:\ProgramData\Partner
  • Folder deleted on reboot: C:\ProgramData\Application Data\Ascentive
  • Folder deleted on reboot: C:\ProgramData\Application Data\Ask
  • Folder deleted on reboot: C:\ProgramData\Application Data\Partner
  • [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
    [-] Folder deleted: C:\Program Files (x86)\Conduit
    [-] Folder deleted: C:\Program Files (x86)\MyWebSearch
    [-] Folder deleted: C:\Program Files (x86)\Search Results Toolbar
    [-] Folder deleted: C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    [-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
    [-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion


    ***** [ Files ] *****

    [-] File deleted: C:\alotserviceruntime.log


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: 0


    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
  • [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\APN
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Ask.com
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Conduit
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\FunWebProducts
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\AskToolbar
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\CompeteInc
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Conduit
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\MyWebSearch
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
  • Key deleted on reboot: HKCU\Software\APN
  • Key deleted on reboot: HKCU\Software\Ask.com
  • Key deleted on reboot: HKCU\Software\Conduit
  • Key deleted on reboot: HKCU\Software\FunWebProducts
  • Key deleted on reboot: HKCU\Software\MyWebSearch
  • Key deleted on reboot: HKCU\Software\Yahoo\Companion
  • Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\AskToolbar
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\CompeteInc
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\MyWebSearch
  • Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
  • [-] Key deleted: HKLM\SOFTWARE\APN
    [-] Key deleted: HKLM\SOFTWARE\AskToolbar
    [-] Key deleted: HKLM\SOFTWARE\Conduit
    [-] Key deleted: HKLM\SOFTWARE\FocusInteractive
    [-] Key deleted: HKLM\SOFTWARE\Fun Web Products
    [-] Key deleted: HKLM\SOFTWARE\InboxAce_1g
    [-] Key deleted: HKLM\SOFTWARE\MyWebSearch
    [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
    [-] Key deleted: HKLM\SOFTWARE\WeatherBlink
    [-] Key deleted: HKLM\SOFTWARE\TelevisionFanatic
  • Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\gamesbar
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\MyWebSearch
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\Companion
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Yahoo\YFriendsBar
  • Key deleted on reboot: [x64] HKCU\Software\APN
  • Key deleted on reboot: [x64] HKCU\Software\Ask.com
  • Key deleted on reboot: [x64] HKCU\Software\Conduit
  • Key deleted on reboot: [x64] HKCU\Software\FunWebProducts
  • Key deleted on reboot: [x64] HKCU\Software\MyWebSearch
  • Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
  • Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AskToolbar
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\CompeteInc
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\MyWebSearch
  • Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
  • [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
  • Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
  • [-] Data restored: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\Main
[Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-4082746810-1952379862-2089340206-1000\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
  • Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
  • [-] Key deleted:
[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15926 Bytes] - [21/06/2017 20:35:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [17255 Bytes] - [21/06/2017 16:16:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [15564 Bytes] - [21/06/2017 20:27:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16148 Bytes] ##########

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #20 on: June 21, 2017, 08:44:24 PM »
Booting windows cleanly would be the best way. But unless you went and undid it, you are still in that mode. It survives a reboot. Unlike safe mode, you have to go back and turn everything back on.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #21 on: June 22, 2017, 01:43:30 PM »
Thank you, I didn't know. I thought it worked like safe mode.

I ran the Junkware Removal Tool and the log is attached at the bottom.
 
Next I downloaded Roguekiller to the desktop. After double clicking on it, window opened "C:\Users\user1\RogueKiller.exe is not a valid Win32 application" and I am not able to post anything for RogueKiller.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by user1 (Administrator) on Thu 06/22/2017 at 14:27:13.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 43

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\ProgramData\strongvault online backup (Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{0AA40EEA-7029-4125-90CF-DE921C697BC4} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{0B838235-7061-4A9A-95F7-4D417A606C55} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{1518AB3E-2B54-46F8-B63A-49D6D638E8BB} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{201457BD-6F57-44A7-9E30-7208D85FACA1} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{27994228-4B4E-42E0-85C5-8299325C1AAA} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{2BBC9548-8E22-4AE7-AB37-5887985E545C} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{316BFAD1-3DD9-4477-A70B-ED2E1FD45024} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{578CF9A0-740E-486D-9B63-C85647A5B631} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{5BE6EBB5-D395-4BF9-BA34-E13B692F4568} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{7521066C-9123-4C28-8149-5E4461B9ED46} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{78C73347-3467-428D-8B5E-442B79AF9540} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{79B4F12E-2FE1-466B-BB4F-F7466BEE086C} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{990361C7-4FF6-42AA-A539-B1D391E55AF0} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{A37E2D58-5746-49D9-A37D-2217FE297DFD} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{B2EB163B-9795-49E5-90EF-EAECE69CE2B3} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{DD5CD88B-9655-4D81-825F-AF66EDC0861A} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{F32DD16C-3392-49A7-872E-91538C8C4B87} (Empty Folder)
Successfully deleted: C:\Users\user1\AppData\Local\{FFDF9E64-C1EC-4721-A329-85EB1DD9D56C} (Empty Folder)
Successfully deleted: C:\Users\user1\Appdata\LocalLow\televisionfanaticei (Folder)
Successfully deleted: C:\Users\user1\Appdata\LocalLow\weatherblinkei (Folder)
Successfully deleted: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\tadxifiq.default\extensions\toolbar@ask.com (Folder)
Successfully deleted: C:\windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\weatherblinkei (Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KL195R2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QH15SWL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHZ96TOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUVFF863 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXS11AKO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR04W56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI1JF248 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU8VDGPN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KL195R2 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QH15SWL (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHZ96TOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUVFF863 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXS11AKO (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBR04W56 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI1JF248 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU8VDGPN (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE753F4C-2AD0-42DB-8A12-E83979DDC45C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/22/2017 at 14:29:09.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #22 on: June 22, 2017, 08:32:26 PM »
Right click on roguekiller and select run as administrator and see if it will start.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #23 on: June 23, 2017, 02:15:33 AM »
No, that makes no difference. Still get the "...RogueKiller.exe is not a valid Win32 application" window ???

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #24 on: June 23, 2017, 03:45:17 AM »
Is this the only time you have seen this?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #25 on: June 23, 2017, 01:33:50 PM »
 Yes, I have never seen this message before.

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #26 on: June 23, 2017, 03:32:21 PM »
Do you want me to try and run it in compatibility mode for Windows 7?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #27 on: June 23, 2017, 03:46:56 PM »
No. Try downloading it again. If you have access to another computer try downloading it with that one, and move it to the problem child. If you get the same problem, reboot to safe mode and try running it in safe mode.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline millermaster

  • Bronze Member
  • Posts: 90
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #28 on: June 23, 2017, 04:21:02 PM »
If you do not mind me asking what size should that RogueKiller.exe file have? I downloaded it from the Sur la Toile site to my good PC and while transferring I realized that the file has a size of 0 bytes. Or at least it looks that way in the windows explorer on both computers. Safe mode wouldn't make a difference either. Perhaps I should look for another mirror site?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27136
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] beyond slow laptop, MBAM found
« Reply #29 on: June 23, 2017, 04:54:04 PM »
That is the wrong file. I will send you a PM with the link.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!