Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Ran Windows Defender Offline, can't boot up computer. Help please!

28 Jan 2014   #41

Windows 7 64 bit

Thanks again, cottonball. You managing in this seesaw weather we're having? It just seems sadistic to give us 60 degree weather on Sunday and 8 degree weather on Monday. Better than the other way around, I guess.

Here's the AdwCleaner logfile as requested:

# AdwCleaner v3.017 - Report created 28/01/2014 at 09:42:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : POSTAL - POSTAL-PC
# Running from : C:\Users\POSTAL\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\POSTAL\AppData\Local\apn
Folder Deleted : C:\Users\POSTAL\AppData\LocalLow\AskToolbar
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Description
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\POSTAL\AppData\Local\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R0].txt - [5353 octets] - [28/01/2014 09:39:10]
AdwCleaner[S0].txt - [5191 octets] - [28/01/2014 09:42:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5251 octets] ##########

My System SpecsSystem Spec
28 Jan 2014   #42

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

Is the Ask toolbar coming back? I thought I saw it erradicated earlier in the thread. I could be wrong and only think so because I read a few of the scan logs.

Anyway, I came across this How do I remove the Ask com Toolbar
There is a good video and Ask offers a cleanup utility if the instructions don't completely remove their toolbar. An interesting question posed at the top of that page is: Are you sure it's the Ask toolbar?

You don't have to do anything with this information, I just wanted to put it up somewhere and this seemed like a good place.

My System SpecsSystem Spec
28 Jan 2014   #43

Windows 7 Home Premium


Thanks for the report.

Have been living in this area since 1979, and this has to be the coldest Winter I remember. We may have more to come in February!

As far as the Ask Bundle, etc., looks af if AdwCleaner got it.

If you do any scans, and it comes up again, either post back, or give the link Slartybart provided a try.

Don't know if having the fox guarding the henhouse is what it brings, however, removing the Ask Bundle is do-able thru other means.

Need to go thru this thread and see what else needs done. Will be back with you later this PM.

My System SpecsSystem Spec

28 Jan 2014   #44

Windows 7 Home Premium

Before we wrap up, need to have you use the following...

Please download Security Check:
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.

(Do not take any corrective actions!)

My System SpecsSystem Spec
29 Jan 2014   #45

Windows 7 64 bit

Ugh, more in February? I'm starting to see the appeal of seasonal migration.

Here's the checkup text report:

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version
Java(TM) 6 Update 30
Java 7 Update 45
Java version out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
My System SpecsSystem Spec
31 Jan 2014   #46

Windows 7 Home Premium


Ever heard of 'white February'?

These are vulnerabilities you cannot afford to have:
>> Java version out of date!

Please verify the version of Java you have installed:
Link > Verify Java Version
If your version of Java is outdated, it needs to be updated:
When done, please uninstall older versions:
Link > How do I uninstall Java on my Windows computer?

>> Adobe Reader out of date!
Please download the latest version of Adobe Reader:
Link > Adobe - Adobe Reader download - All versions
Once installed, launch it, select Help > Check for Updates, and install any updates.
Then, uninstall earlier versions:
Go to Start > Control Panel > Add/Remove Programs, and remove all older versions of Adobe Reader.

On Google Chrome, make sure you are protected by the latest security updates!
Check here:
Link >

Are you having any more malware problems with Windows 7?
My System SpecsSystem Spec
31 Jan 2014   #47

Windows 7 64 bit

I have updated Java and Adobe on this computer and uninstalled old versions as directed. I have also confirmed that Google Chrome is updated as well.

I don't have any more malware problems with Windows 7, and I thank you so much for all that you've done to help me out of a real jam. If I could click the scales of justice anymore to give you additional rep I would.
My System SpecsSystem Spec
01 Feb 2014   #48

Windows 7 Home Premium

Thank you. Glad to help!

If you are no longer having problems, you are good to go!

Since the computer had the Alureon RootKit, the types of information that may have been accessed are account IDs and passwords (such as PayPal, Hotmail, gmail, Facebook accounts, etc.), credit card information (PIN numbers, expiration dates and card numbers), and banking information (account numbers, passwords, PINs etc.).

If you conducted any activities or transactions of the nature described above on the infected computer, would strongly recommend you change passwords, IDs, PINs, etc., using another computer.

Let's wrap up, as well as remove the tools used and their reports, since these tools are updated frequently, and it is best to have a new copy.

Please remove:
-FRST, its folder in C:\FRST, and any fixlist or fixlog on the Desktop.
-Security Check, and its report
-TDSSKiller, and its reports

-AdwCleaner > Run the tool, and press: Uninstall

Would use Malwarebytes Anti-Malware, and run it regularly...
If you have USB pendrives or SD cards, connect them to other computers, and then connect them back to your computer, the Perform Full Scan
has the option of selecting which drives you want to scan, and includes removable drives.

Also, make sure your security software is ALL enabled and running!

And, consider doing the following to prevent future infections...
Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer.
You can use the Secunia Personal Software Inspector to scan for vulnerable programs:
Free Computer Security - Personal Software Inspector (PSI) - Secunia
A tutorial on how to use the program is found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

Thanks for following all the instructions and providing the reports!!

Have a great year, bsever!!
My System SpecsSystem Spec
03 Feb 2014   #49

Windows 7 64 bit

Thanks cottonball! I will follow your advice and guard myself the best I can.
My System SpecsSystem Spec

 Ran Windows Defender Offline, can't boot up computer. Help please!

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Computer wont start after removing alureon virus with defender offline
I used windows defender offline to remove the Trojan alureon virus and now my computer will not start up. as it is attempting to start, blue screen will flash and the loop will start over.
System Security
Computer won't boot after using Defender offline
Well, it seems this is a common problem. I'm mildly tech savvy, but this has me beat. Kid's college computer got Alureon, ran Defender Offline from a USB which appeared to work to remove the virus, but now it's in the start cycle of black and white Acer screen, a quick flash from a blue screen,...
System Security
Boot Failure after Windows Defender Offline
Got the Alureon.a trojan/rootkit. Downloaded the Windows Defender Offline and ran it successfully, but now I can not get past the "Verifying DMI pool data....". I've read countless posts about doing F8 or F10 to go into Advanced Boot Options, but neither of those respond. So I can not change...
Hardware & Devices
Windows Defender Offline crashed computer
Microsoft Security Essentials said I needed to run Windows Defender Offline to remove a trojan. I made the disk and ran it and it said it removed the trojan and to restart the computer. Only problem is it only goes to the Windows Error Recovery Screen. It will not repair or start normally. I...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:38.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App