[RESOLVED] Opera Browser ends when I enter Win 7 password to see saved passwords in settings - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 51

Thread: [RESOLVED] Opera Browser ends when I enter Win 7 password to see saved passwords in settings

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  2. #17
    Join Date
    Nov 1999
    Posts
    438
    RKreport.txt

    RogueKiller V12.11.25.0 (x64) [Nov 20 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mark [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 11/25/2017 23:33:57 (Duration : 02:25:56)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Search Settings -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64 -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar -> Not selected
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Not selected
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Not selected
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {03EB0E9C-7A91-4381-A220-9B52B641CDB1} : IObit Apps Toolbar -> Not selected
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Not selected
    [PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Not selected

    ¤¤¤ Tasks : 3 ¤¤¤
    [Hj.Shortcut] \{06A042C1-A4E6-4FE1-BA83-017A2F664DFD} -- "c:\program files (x86)\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/5.5.0.124/e...fered;disabled) -> Deleted
    [Hj.Shortcut] \{662EF20E-8AFE-49E9-85A6-C784C8930670} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...toolbaroffered) -> Deleted
    [Hj.Shortcut] \{A95C2512-1A1D-4CE4-99C9-7F71C22FCF7E} -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (http://ui.skype.com/ui/0/4.2.0.155/e...alreadyoffered) -> Deleted

    ¤¤¤ Files : 11 ¤¤¤
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Definitions -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Icons -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\WCAssistantServiceLog.log -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Logs -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\CurrentReleaseNotes.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\install.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\partner.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt -> Deleted
    [PUP.Gen1][File] C:\ProgramData\Lavasoft\Web Companion\Options\UpdateServer.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion\Options -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\ffmpeg.exe -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\global.ini -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\rtmp.exe -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\Uninstall.exe -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox\vdultimate.exe -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate\Firefox -> Deleted
    [PUP.Gen1][File] C:\ProgramData\VideoDownloaderUltimate\Firefox_old\global.ini -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate\Firefox_old -> Deleted
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion -> Deleted
    [PUP.Gen1][File] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion\Options\Language.txt -> Deleted
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Roaming\Lavasoft\Web Companion\Options -> Deleted
    [PUP.Tific][Folder] C:\Users\Mark\AppData\Roaming\Tific -> Deleted
    [PUP.Tific][File] C:\Users\Mark\AppData\Roaming\Tific\Environment.tfc -> Deleted
    [PUP.Tific][File] C:\Users\Mark\AppData\Roaming\Tific\tificocs.symantec.com.tfc -> Deleted
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\SlimWare Utilities Inc -> Deleted
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\YSearchUtil -> Deleted
    [PUP.Gen1][Folder] C:\Users\Mark\AppData\Local\YSearchUtil\CrashLogs -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\Lavasoft\Web Companion -> ERROR [3]
    [PUP.Gen1][Folder] C:\ProgramData\VideoDownloaderUltimate -> ERROR [3]
    [PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Deleted
    [PUP.Gen1][File] C:\Program Files\Uninstaller\Uninstall.xml -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Ad-Aware Web Companion.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BCUEngineS.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BCUSDK.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserManager.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserParameters.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\de-DE -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\en-US -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\es-ES -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Esent.Interop.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Extension -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\fr-CA -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.IWshRuntimeLibrary.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.SHDocVw.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Interop.Shell32.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\it-IT -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ja-JP -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Automation.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.IEController.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SmartAssemblyUI.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\LogicNP.EZShellExtensions.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\LZ4.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Microsoft.mshtml.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\pt-BR -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\ru-RU -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartAssembly.ReportException.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\SmartExceptionsCore.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\System.Data.SQLite.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\tr-TR -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebcompaionReimageIcon.ico -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe.config -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionExtensionIE.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon_Pro.ico -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe.config -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.pdb -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64\SQLite.Interop.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x64 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\x86 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-CHS -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans\WebCompanion.resources.dll -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application\zh-Hans -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\Lavasoft\Web Companion\Application -> Deleted
    [PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo_ff.xml -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 7 ¤¤¤
    [PUP.Gen2][Firefox:Addon] cro82bul.default-1405778775589 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected
    [PUP.Gen2][Firefox:Addon] px2us03v.default-1438862973166-1505776534346 : Video Downloader professional [ffext_basicvideoext@startpage24] -> Not selected
    [PUP.Gen2][Firefox:Addon] xja4n96y.Mark : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected
    [PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Not selected
    [PUM.HomePage][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Not selected
    [PUM.SearchEngine][Firefox:Config] cro82bul.default-1405778775589 : user_pref("browser.search.selectedEngine", "Astromenda"); -> Not selected
    [PUM.SearchEngine][Firefox:Config] px2us03v.default-1438862973166-1505776534346 : user_pref("browser.search.defaultenginename", "Bing®"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] e43f5ce005e8915020c7e23b8a8aadfd
    [BSP] ce58651762c921c45f80955eb1e9033b : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292890 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 600248320 | Size: 12154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  3. #18
    Join Date
    Nov 1999
    Posts
    438
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/26/17
    Scan Time: 8:11 AM
    Log File: 541c2c10-d2ab-11e7-8350-001f16ed4bf8.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3349
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Mark-PC\Mark

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 418935
    Threats Detected: 8
    Threats Quarantined: 8
    Time Elapsed: 21 min, 4 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 1
    PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349

    Module: 1
    PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349

    Registry Key: 1
    PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, Quarantined, [1218], [380352],1.0.3349

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 5
    PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, Quarantined, [1218], [380341],1.0.3349
    PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Mark, Quarantined, [1218], [380341],1.0.3349
    PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, Quarantined, [1218], [380338],1.0.3349
    PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarantined, [1218], [380352],1.0.3349
    PUP.Optional.AdvancedSystemCare, C:\USERS\MARK\DOWNLOADS\ADVANCED-SYSTEMCARE-SETUP.EXE, Quarantined, [1218], [396386],1.0.3349

    Physical Sector: 0
    (No malicious items detected)


    (end)
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  4. #19
    Join Date
    Nov 1999
    Posts
    438
    # AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 26 14:37:57 2017
    # Updated on 2017/27/10 by Malwarebytes
    # Running on Windows 7 Home Premium (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    Deleted: WCAssistantService


    ***** [ Folders ] *****

    Deleted: C:\IObit\Advanced SystemCare
    Deleted: C:\ProgramData\IObit\Advanced SystemCare
    Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
    Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
    Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
    Deleted: C:\Users\All Users\IObit\Advanced SystemCare
    Deleted: C:\Users\Mark\AppData\LocalLow\IObit\Advanced SystemCare
    Deleted: C:\Users\Mark\AppData\Roaming\IObit\Advanced SystemCare
    Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
    Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\HPAppData
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HPAppData
    Deleted: C:\Users\Mark\AppData\LocalLow\HPAppData
    Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
    Deleted: C:\ProgramData\IObit\ASCDownloader
    Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
    Deleted: C:\Users\All Users\IObit\ASCDownloader
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


    ***** [ Files ] *****

    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\px2us03v.default-1438862973166-1505776534346\searchplugins\bing-lavasoft.xml


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
    Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\IObit\Advanced SystemCare
    Deleted: [Key] - HKCU\Software\IObit\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
    Deleted: [Key] - HKLM\SOFTWARE\IObit Apps
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\IObit Apps
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\AppDataLow\Software\IObit Apps
    Deleted: [Key] - HKCU\Software\IObit Apps
    Deleted: [Key] - HKCU\Software\AppDataLow\Software\IObit Apps
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\APN PIP
    Deleted: [Key] - HKCU\Software\APN PIP
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\YahooPartnerToolbar
    Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
    Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Lavasoft\Web Companion
    Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
    Deleted: [Key] - HKU\S-1-5-21-1757856145-4072474172-4118854403-1000\Software\Link64
    Deleted: [Key] - HKCU\Software\Link64
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted: [Key] - HKLM\SOFTWARE\Search Settings
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}
    Deleted: [Key] - HKLM\SOFTWARE\Auslogics


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [7971 B] - [2017/11/24 4:33:21]
    C:/AdwCleaner/AdwCleaner[S1].txt - [7469 B] - [2017/11/26 14:32:7]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
    Last edited by COPO; November 26th, 2017 at 11:19 AM. Reason: prior txt was too old
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  6. #21
    Join Date
    Nov 1999
    Posts
    438
    https://www.flickr.com/gp/15757759@N02/27y8o2

    https://www.flickr.com/gp/15757759@N02/be5nr4
    From my phone browser.

    I’ve done 1 continue and seem to get the same 2 warnings.

    What can I do now?
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Click Yes and continue

  8. #23
    Join Date
    Nov 1999
    Posts
    438
    Seems to be going through different named files. Will this eventually end?
    Last edited by COPO; November 27th, 2017 at 12:15 AM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    OK, wait.
    Answer NO to the first warning.

  10. #25
    Join Date
    Nov 1999
    Posts
    438
    Finally ended and shutdown and Win 7 is booting up. Hopefully it created a txt file. This program started about 7pm.
    Now the Administration Combofix screen came up.
    Preparing log report.
    Got my Windows 7 desktop back. I'll check for the txt file.
    Last edited by COPO; November 27th, 2017 at 12:37 AM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  11. #26
    Join Date
    Nov 1999
    Posts
    438
    Doesn't look good. All my exe programs come up as this one shown for chrome.

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Illegal operation attempted on a registry key that has been marked for deletion.

    I tried all the browsers I have and get the same msg even when I go directly to the C:\Program Files directory.
    The same msg came up for the ComboFix.txt file
    C:\ComboFix\ComboFix.txt
    Illegal operation attempted on a registry key that has been marked for deletion.

    How do we get out of this? Restore? Which always fails on my laptop. I do have my PC backed up using Windows 7
    Backup/Restore function but if no .exe files work then that won't work.
    Last edited by COPO; November 27th, 2017 at 01:15 AM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  12. #27
    Join Date
    Nov 1999
    Posts
    438
    I do have a backup of my registry both on my PC and USB HD but regedit doesn't work due to having the same registry msg as above.
    I also have a Win backup using AOMEI Backupper, but the exe file gets the same error of course. And Windows backup and restore won't
    work either.

    I do have my Windows 7 Recovery discs I created when I first powered up my laptop when it was new.
    Last edited by COPO; November 27th, 2017 at 09:25 AM. Reason: Ad more
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  13. #28
    Join Date
    Nov 1999
    Posts
    438
    Am I down to 2 options?
    Restore in Safe Mode since Windows mode will not execute
    and the other option probably is to reinstall Win7 using my Recovery Discs.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  14. #29
    Join Date
    Nov 1999
    Posts
    438
    I can view photos and videos from my HD's.

    I also have the cd I created in 2016 labeled
    Win-7 64 bit Repair Disc which was created using Windows Backup and Restore
    with options to:
    - boot your computer
    - Windows System Recovery Tools
    - Restore computer from a system image
    Last edited by COPO; November 27th, 2017 at 12:15 PM.
    My Web Site - 1970 Z28 Camaro
    Retired from 35 yrs IT Hardware Planning Analyst
    Cheers
    Mark

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Restart computer one more time.

Thread Information

Users Browsing this Thread

There are currently 3 users browsing this thread. (0 members and 3 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •