Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Computer won't boot after using Defender offline

13 Aug 2013   #31
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Ok Now Open AdwCleaner and click on the Delete button . Click OK on the Information window . The PC will restart when its done and it will upload a text file. Upload that text file. Should be called " AdwCleaner[S1].txt "


My System SpecsSystem Spec
.
13 Aug 2013   #32
friedpasta

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Ok, here it is.


Attached Files
File Type: txt AdwCleaner[S2].txt (33.1 KB, 3 views)
My System SpecsSystem Spec
13 Aug 2013   #33
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run JRT

Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file
My System SpecsSystem Spec
.

13 Aug 2013   #34
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Once you're done with that run Malwarebytes

Malwarebytes

Download Link MalwareBytes

When the installation is done uncheck Enable free trial of Malwarebytes (see image below )



Update the definitions and do a full scan

On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Log looks like this : mbam-log-yyyy-mm-dd

Log located : C:\Users\{Your UserName}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs or C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
My System SpecsSystem Spec
13 Aug 2013   #35
friedpasta

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

(Oddly, I'm now getting some spam pop-ups, after all this cleaning! lol. I'm suspecting Firefox is responsible for several of these "blockades" with downloading and ads. Is not happening in Explorer).


Attached Files
File Type: txt JRT.txt (7.1 KB, 3 views)
My System SpecsSystem Spec
13 Aug 2013   #36
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run Malwarebytes . We will rerun AdwCleaner ( Delete ) after Malwarebytes has been ran .
My System SpecsSystem Spec
14 Aug 2013   #37
friedpasta

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

MB log, after removal process
******************

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.14.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Brian :: BRIAN-PC [administrator]
8/14/2013 9:53:50 AM
mbam-log-2013-08-14 (09-53-50).txt
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464675
Time elapsed: 1 hour(s), 54 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8A2BBD3A-2130-4882-B198-863271F320DE} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\Interface\{39E6096A-E5CA-483A-A05C-AA967F48FD1C} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Program Files (x86)\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\FireFox (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32 (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
Files Detected: 55
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\OptChrome.exe.vir (PUP.Optional.OptChrome.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Local\Temp\delta\delta\1.8.22.0\delta4ie.exe.vir (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Brian\AppData\Roaming\eIntaller\F71A3AC468FD4b039CFFF6F25F8CDF2A\De sk365.exe.vir (PUP.Optional.E7) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ICReinstall_setup(1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ICReinstall_setup(2).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\Impressioner.exe (PUP.Optional.MSIL.Downloader.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\MixiCND_CID2_20130716.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\133BB07C-BAB0-7891-A45E-39C6C5E79CDB\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\133BB07C-BAB0-7891-A45E-39C6C5E79CDB\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\MyDeltaTB.exe (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\C635BED7-BAB0-7891-8D28-8EFD70602A8E\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\DIQM\FlashPlayer_151\software\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\12262888_Setup.EXE (PUP.Optional.IBryte.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\is1326335552\wajam_validate.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Brian\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\fbsoft.exe (HackTool.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\ffdshow_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FirstRowSportApp_setup(47c42).exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FlashPlayer_V.143646672b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\FlashPlayer_V.143674269b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\setup(1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\setup(2).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brian\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\terms-of-service.rtf (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Uninstall.exe (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\UAC-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\FireFox\lesstabs@lesstabs.com.xpi (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
(end)
My System SpecsSystem Spec
14 Aug 2013   #38
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Download a newer version of AdwCleaner

AdwCleaner

Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose

Click the Clean button

Upload the AdwCleaner[n].txt in your reply.

Note   Note
The log file is at C:\AdwCleaner[n].txt
My System SpecsSystem Spec
14 Aug 2013   #39
friedpasta

Infected is Win7 home premium 64 bit (clean is Vista home premium 32)
 
 

Adw (still getting a "congratulations" pop-up on Mozilla)


Attached Files
File Type: txt AdwCleaner[1].txt (3.7 KB, 12 views)
My System SpecsSystem Spec
14 Aug 2013   #40
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Can you do a scrnprnt of the pop up ? Paste it inside mspaint.

click on type in mspaint.exe inside and press Enter

save the file and upload it .
My System SpecsSystem Spec
Reply

 Computer won't boot after using Defender offline




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Computer wont start after removing alureon virus with defender offline
I used windows defender offline to remove the Trojan alureon virus and now my computer will not start up. as it is attempting to start, blue screen will flash and the loop will start over.
System Security
Ran Windows Defender Offline, can't boot up computer. Help please!
So a google search tells me that this seems to happen pretty often. Microsoft Malicious Software Removal Tool detected Alereon (sp?), directed me to use Windows Defender Offline. I did and now I can't boot up. I have followed the directions given here to prior victims and have attached the...
System Security
Boot Failure after Windows Defender Offline
Got the Alureon.a trojan/rootkit. Downloaded the Windows Defender Offline and ran it successfully, but now I can not get past the "Verifying DMI pool data....". I've read countless posts about doing F8 or F10 to go into Advanced Boot Options, but neither of those respond. So I can not change...
Hardware & Devices
Windows Defender Offline crashed computer
Microsoft Security Essentials said I needed to run Windows Defender Offline to remove a trojan. I made the disk and ran it and it said it removed the trojan and to restart the computer. Only problem is it only goes to the Windows Error Recovery Screen. It will not repair or start normally. I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App