Malware-Bytes

[mikeblom13]

I loaded Mal-B on a Toshiba laptop running Vista. After the DL, rebooting, and signing back in with the password, I ran Mal-B and got rid of a lot of viruses and such. After shutting the laptop down again and booting back -up, my screen went black after signing in with my password. Using a forced shutdown, I rebooted in SAFE MODE and deleted Mal-B. Shut down again, fired the laptop back up again and now it's back to running normal.
Could there be some some sort of conflict between Vista and Mal-B, being that Vista is such an old OS?
Thank you

 

[johnb35]

No, shouldn't be. If you had some bad infections it could cause issues booting back up after the deletion. Do you remember what the infections were? I recommend running the following and post the logs from it.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

 

[mikeblom13]

I should of mentioned that the laptop belongs to a friend of mine. I get back with him about creating his own account where he can log in and we'll go from there. It will make things easier.

 

[justin a]

This is the log for JRT for the above laptop posted by mikeblom

I DL'd ADCleaner, ran it and after i clicked on CLEAN windows shut the program down. So this is all I have for now~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Brandi on Thu 08/07/2014 at 20:28:48.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{79D2B06B-D845-40F0-85D0-DD34DDB6FB90}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5652AF2-616E-49FE-A506-C7467879F48D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Brandi\AppData\LocalLow\FCTB000062133
Successfully deleted: [Folder] "C:\Users\Brandi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Brandi\appdata\locallow\toolbar4"
Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxdollars"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/07/2014 at 20:37:46.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[johnb35]

The adwcleaner log is located at C:\adwcleaner.txt

 

[justin a]

# AdwCleaner v3.303 - Report created 07/08/2014 at 20:17:39
# Updated 06/08/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Brandi - BRANDI-PC
# Running from : C:\Users\Brandi\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Program Files (x86)\InboxDollars
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\Users\Brandi\AppData\Local\Conduit
Folder Found : C:\Users\Brandi\AppData\Local\OpenCandy
Folder Found : C:\Users\Brandi\AppData\Local\PackageAware
Folder Found : C:\Users\Brandi\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Brandi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Brandi\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Brandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InboxDollars
Folder Found : C:\Users\Brandi\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4219427B-0228-4356-A78B-EB7668D37D07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4219427B-0228-4356-A78B-EB7668D37D07}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v37.0.2062.68

[ File : C:\Users\Brandi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5402 octets] - [07/08/2014 20:17:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5462 octets] ##########

 

[johnb35]

Quite a bit of bad stuff there. Continue to use machine and let me know if there are any more issues. You can download and run a temp file cleaner such as Ccleaner or TFC here.

https://www.piriform.com/CCLEANER

http://www.bleepingcomputer.com/download/otl/dl/93/

Should help with bootup time and system speed.

 

[mikeblom13]

I'll have him DL Ccleaner and let you know if any more issues come up.

Do you think that he'll have some issues again if he goes ahead and try to load Mal-B again?

 

[johnb35]

The issue with the black screen at the beginning of this thread wasn't due to malwarebytes but was due to the infections you had. I've seen this exact same thing on other machines.

 

[Agent Smith]

In addition to Malwarebytes there is Herdprotect.