Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 7 wont reboot [Solved]

windows 7 toshiba norton power eraser

  • This topic is locked This topic is locked

#46
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

ok here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 01
Ran by Frank at 2014-06-11 21:23:46 Run:2
Running from C:\Users\Frank\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {54851B17-76E3-4761-A07C-7580B78E3E26} URL = http://websearch.ask...EE-F3B8E3F08B90
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF SearchEngineOrder.1: Ask.com
C:\Users\Frank\AppData\Local\Temp\RemoveGO.exe
cmd: netsh advfirewall reset 
cmd: netsh advfirewall set allprofiles state off
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reboot:
*****************
 
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54851B17-76E3-4761-A07C-7580B78E3E26}' => Key deleted successfully.
'HKCR\CLSID\{54851B17-76E3-4761-A07C-7580B78E3E26}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Frank\AppData\Local\Temp\RemoveGO.exe => Moved successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state off =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

Advertisements


#47
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

and here's the adwcleaner:

 

# AdwCleaner v3.212 - Report created 11/06/2014 at 21:36:14
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Frank - FRANK-PC
# Running from : C:\Users\Frank\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Frank\AppData\Local\apn
Folder Deleted : C:\Users\Frank\AppData\Local\PackageAware
Folder Deleted : C:\Users\Frank\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Frank\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\xmb4wk2g.default\searchplugins\Askcom.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v5.0 (en-US)
 
[ File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\xmb4wk2g.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=OVO2&o=2164&locale=en_ES&apn_uid=afc25735-5eda-44dc-ba73-da3b2359542a&apn_ptnrs=%5EA2N&apn_sauid=336AB5C5-580A-4D8C-ACEE-F3B8E3F08B90&apn_dtid=%5EYYYYYY%5EYY%5EVE&q={searchTerms}
Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1&sp=&sd=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2468 octets] - [11/06/2014 21:35:20]
AdwCleaner[S0].txt - [2427 octets] - [11/06/2014 21:36:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2487 octets] ##########

  • 0

#48
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :)

Lets proceed as follows shall we...

TFC(Temp File Cleaner):
  • Please download TFC to the desktop,
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of the GUI(graphical user interface)'
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.
  • Right-click on mbam-setup-2.0.2.1012.exe and select Run as Administrator, then follow the prompts to install the program.
  • Select the language and click OK >> Accept the agreement.
  • Deselect the check-mark next to Enable the Free Trial(you may enable this when I give the all clear if you so wish) and then ensure Launch Malwarebytes' Anti-Malware is selected, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click on Quarantine All
  • When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History >> Application Logs.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered ?
  • Malwarebytes Anti-Malware Log.

  • 0

#49
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/12/2014
Scan Time: 10:20:01 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.13.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Frank
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286546
Time Elapsed: 20 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#50
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frank
->Temp folder emptied: 776390705 bytes
->Temporary Internet Files folder emptied: 6311207 bytes
->Java cache emptied: 1044124 bytes
->FireFox cache emptied: 274495947 bytes
->Google Chrome cache emptied: 24308830 bytes
->Flash cache emptied: 57225 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827863114 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 594627 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43273706 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 1,864.00 mb
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/12/2014
Scan Time: 10:55:00 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.13.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Frank
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286528
Time Elapsed: 18 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#51
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Any further issues remaining ? If not carry out the below for myself and in turn post the requested log. Then afterwards I will provide some online safety advice etc. :)

Clean-Up with DelFix:

Please download DelFix to your desktop
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select all available options:
DelFix.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.provide will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.
  • 0

#52
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
 System seems to be running fine. I haven't had any issues.
 
 
 
# DelFix v10.7 - Logfile created 14/06/2014 at 00:35:01
# Updated 27/04/2014 by Xplode
# Username : Frank - FRANK-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #155 [End of disinfection | 06/14/2014 04:29:42]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#53
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
H. :)
 

System seems to be running fine. I haven't had any issues.

Good, congratulations both of your computer's appear to be malware free!

Below is some generic advice which can be applied/used on either machine since both have similar software installed etc....

Importance of Regular System Maintenance:

I advise you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Symantec Endpoint Protection automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings, Securing Your Router and Securing Your Web Browser.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Check your third party software is up to date:

Via a download/install and use of the FileHippo Update Checker...

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#54
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 7, toshiba, norton power eraser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP