Solved Computer won't boot after using Defender offline

[VistaKing]

Open Malwarebytes and update it . By clicking on the Updates tab click on click the Update button once done do a quick scan

 

[friedpasta]

0 malicious on MB

 

[VistaKing]

Run

TFC ( Temp File Cleaner )

TFC

Download TFC below

Download link :ar: http://oldtimer.geekstogo.com/TFC.exe

Drag the TFC.exe from your Downloads folder to the Desktop

Right click on TFC.exe and choose

Click on the Start button

When its finished it will ask you to restart your PC if it doesn't restart manually .

   Tip

Make sure all of the windows are closed

   Note

TFC will empty your Recycle Bin

 

[friedpasta]

Ok, that's done.

 

[VistaKing]

Scan the PC with MSE and see if AddLyrics been removed .

 

[friedpasta]

Says removed!

 

[VistaKing]

Run

SecurityCheck

Click here :ar: SecurityCheck to Download

Place the file onto your desktop

Right-click the SecurityCheck choose

Press any key to continue

Once the scan is done . It will open up a text file copy and paste the text

Press Ctrl and A to select All of the text
Press Ctrl and C to copy the selected text
In your reply click on the message box and press Ctrl and V to Paste

 

[friedpasta]

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

[VistaKing]

Java 7 Update 25

32-bit OS : Java 7 Update 25

64-bit OS : Java 7 Update 25

Adobe Reader

ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.03/en_US/AdbeRdr11003_en_US.exe

 

[friedpasta]

Installed latest Adobe ok, it appears, but the Java link for 64 bit does not work.

 

[VistaKing]

http://javadl.sun.com/webapps/download/AutoDL?BundleId=78827

 

[friedpasta]

Finished with those.

 

[VistaKing]

Farbar Service Scanner

Click here :ar: Farbar Service Scanner to DOWNLOAD

Place the file onto your desktop

Right click on FSS.exe select

Place a check mark next to the following options

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender

Press the Scan button

Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply

 

[friedpasta]

Text here. (I have again gotten the spam pop-up, this time I was ale to see it said "shop to win within it before it disappeared.)

 

[friedpasta]

I found the "shop to win" as an ext in Mozilla, removed it (I hope).

 

[VistaKing]

What did you use to remove it ?

 

[friedpasta]

Actually, it was listed under the mozilla add-ons, under extensions, and gave the option to disable or remove. Probably it's not really removed, is it?

 

[VistaKing]

Did you click on Remove ? Lets see grab a new FRST and upload the FRST.txt

 

[friedpasta]

Ok.

 

[VistaKing]

Open notepad . Paste the highlighted text below


start
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: No Name - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3pyxs3ox.default\Extensions\staged
FF Extension: ShopToWin15 - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3pyxs3ox.default\Extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
FF Extension: SelectionLinks - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\3pyxs3ox.default\Extensions\{D2DD9F60-30D8-466D-A9BE-D5E0CF75C10B}
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
S3 b57xdbd; \SystemRoot\system32\drivers\b57xdbd.sys [x]
S3 b57xdmp; \SystemRoot\system32\drivers\b57xdmp.sys [x]
S3 bScsiMSa; \SystemRoot\system32\drivers\bScsiMSa.sys [x]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [x]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [x]
2013-08-14 20:57 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 19:56 - 2011-09-28 11:18 - 00000000 ____D C:\Windows\System32\Tasks\Games
end


Click on File > Save As

File Name : Fixlist.txt

Location : Desktop

Save as type : All Files

Click on Save . Close Notepad

Open FRSt64.exe and click on the FIX button . Once its completed it will create a new log called Fixlog.txt

Restart the PC and run the tool below

Download link :ar: McAFee Removal Tool

Right click on MCPR.exe select Run as administrator
When you see the User Account Control dialog box, click Yes.
At the McAfee Software Removal screen, click Next.
At the End User License Agreement (EULA) dialog box, click Next to accept the agreement.
When prompted, type the Captcha information, which is case sensitive, to validate to application security, and then click Next.