monkeymii

All done. Once more thanks for the help Kevin

Okay so I changed it to manual in services.msc and turned it on in msconfig, this didn't work. Left it on manual and took it out from msconfig and weirdly, when I rebooted it still had the black screen even though the web helper service wasn't enabled. One more restart and it's back to working again without changing any settings. I'm not really sure what to do about it but I suppose it's not an essential service that I can do without? If that's the case I'm willing to just leave my system as it is now and call this done Really appreciate your help through all of this.

Okay so I believe I've found the service. The system seems to be booting up perfectly and I've enabled all of the startup items + services excluding this one service : Origin Web Helper Service

this makes sense. I was hoping it wouldn't come to this I'll get on trying it now

Okay so I've done what's been asked. Unchecked all startup items and and non-windows services... and it starts up perfectly. I then spent a bit more time fiddling with different services/startup items and couldn't pinpoint what exactly was causing the issue through trial and error but it seems like I can check a few items fairly safely (malwarebytes service and startup) and have the same results... not sure where to go from now and I'm not sure if it's tiredness or not but I seem to be having varied results eg. doing a clean boot and 1/3 times it's been not working.. which in my head doesn't make sense but I feel I may just be missing something. Another note is that when I bootup to a black screen the system seems considerably slower when opening msconfig (taking up to a minute) and explorer.exe seems to be prone to crashing and not responding. When I do a successful clean boot msconfig starts up instantaneously and everything seems fine (other than still not having startup items but I suppose it's better than explorer.exe being broken.)

Okay I had a few windows updates and thought now a good time. I ran and completed them and on restart the system booted up perfectly (except it started up literally everything in msconfig's startup list) I then restarted to confirm it was solved and unfortunately the problem has begun again. Now going to try what you said and will edit this post with the results.

I'll do that and report back. It's the same time for me, really appreciate your help with this.

Just tried it and yes it does. Explorer working.

I just remembered something I did in the beginning last week that may be relevant. When I tried to change the startup programs I put it in diagnostic startup from msconfig to run malwarebytes scans. This messed up all my services even when I changed it back to normal startup and the standard services weren't even in the checklist for me to choose from so I had no sound running, network capabilities etc. I panicked a bit and searched about and found going into services.msc you can manually re-enable them. I didn't know which ones were supposed to be on and was getting frustrated with some working while others required others to be active so I spent a long time just going down the list and telling them all to come on at startup and could not find anywhere that would simply just restore it to it's default properties. So essentially I just messed with services.msc to start 90% of the things in the list. This made my sound and network work again which I was glad about.

Here you are: Search.txt

If I do nothing it stays black so I end the process there and then proceed to do what you said, yes.

I just restarted to show exactly what's happening, printscreen on login after bringing the task manager up:

Just restarted and none right now. Still getting the black screen and having to manually restart explorer.exe as well as starting up programs that normally would be starting up.

Attached CBS.zip CBS.zip

Here is the CHKDSK log, will post the next part when it's done: Log Name: Application Source: Microsoft-Windows-Wininit Date: 28/01/2017 23:20:07 Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: monkeymii-PC Description: Checking file system on C: The type of the file system is NTFS. Volume label is Main Drive. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 1225728 file records processed. File verification completed. 3596 large file records processed. 0 bad file records processed. 0 EA records processed. 79 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 1499214 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 1225728 file SDs/SIDs processed. Cleaning up 1699 unused index entries from index $SII of file 0x9. Cleaning up 1699 unused index entries from index $SDH of file 0x9. Cleaning up 1699 unused security descriptors. CHKDSK is compacting the security descriptor stream 136744 data files processed. CHKDSK is verifying Usn Journal... 34199792 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 1225712 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 17085683 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 482036735 KB total disk space. 411828136 KB in 759101 files. 522936 KB in 136747 indexes. 0 KB in bad sectors. 1342931 KB in use by the system. 65536 KB occupied by the log file. 68342732 KB available on disk. 4096 bytes in each allocation unit. 120509183 total allocation units on disk. 17085683 allocation units available on disk. Internal Info: 00 b4 12 00 65 ab 0d 00 49 7e 18 00 00 00 00 00 ....e...I~...... 33 0a 00 00 4f 00 00 00 00 00 00 00 00 00 00 00 3...O........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2017-01-28T23:20:07.000000000Z" /> <EventRecordID>403763</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>monkeymii-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Main Drive. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 1225728 file records processed. File verification completed. 3596 large file records processed. 0 bad file records processed. 0 EA records processed. 79 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 1499214 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 1225728 file SDs/SIDs processed. Cleaning up 1699 unused index entries from index $SII of file 0x9. Cleaning up 1699 unused index entries from index $SDH of file 0x9. Cleaning up 1699 unused security descriptors. CHKDSK is compacting the security descriptor stream 136744 data files processed. CHKDSK is verifying Usn Journal... 34199792 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 1225712 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 17085683 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 482036735 KB total disk space. 411828136 KB in 759101 files. 522936 KB in 136747 indexes. 0 KB in bad sectors. 1342931 KB in use by the system. 65536 KB occupied by the log file. 68342732 KB available on disk. 4096 bytes in each allocation unit. 120509183 total allocation units on disk. 17085683 allocation units available on disk. Internal Info: 00 b4 12 00 65 ab 0d 00 49 7e 18 00 00 00 00 00 ....e...I~...... 33 0a 00 00 4f 00 00 00 00 00 00 00 00 00 00 00 3...O........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>

Thanks, attached Fixlog.txt

Okay I just restarted the system and I am still getting the black screen on login and having to manually close and restart exlorer.exe. Did the virus I have perhaps change some sort of setting to make this happen? As it seems to be some side effect of what it was trying to do? (Make the system useless other than to view ads)

Okay I've finished all of the steps, going to now attach all the log files before restarting and checking to see if I still get a black screen on startup. Here is the Sophos Log: 2017-01-28 13:30:48.003 Sophos Virus Removal Tool version 2.5.6 2017-01-28 13:30:48.003 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2017-01-28 13:30:48.003 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2017-01-28 13:30:48.003 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2017-01-28 13:30:48.006 Checking for updates... 2017-01-28 13:30:50.303 Update progress: proxy server not available 2017-01-28 13:30:53.973 Option all = no 2017-01-28 13:30:53.973 Option recurse = yes 2017-01-28 13:30:53.973 Option archive = no 2017-01-28 13:30:53.973 Option service = yes 2017-01-28 13:30:53.973 Option confirm = yes 2017-01-28 13:30:53.973 Option sxl = yes 2017-01-28 13:30:53.973 Option max-data-age = 35 2017-01-28 13:30:53.973 Option vdl-logging = yes 2017-01-28 13:30:53.976 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-01-28 13:30:53.976 Machine ID: 0394deeb5ee6467fad1fc3026435e611 2017-01-28 13:30:53.982 Component SVRTcli.exe version 2.5.6 2017-01-28 13:30:53.982 Component control.dll version 2.5.6 2017-01-28 13:30:53.982 Component SVRTservice.exe version 2.5.6 2017-01-28 13:30:53.982 Component engine\osdp.dll version 1.44.1.2270 2017-01-28 13:30:53.983 Component engine\veex.dll version 3.67.0.2270 2017-01-28 13:30:53.983 Component engine\savi.dll version 9.0.5.2270 2017-01-28 13:30:53.983 Component rkdisk.dll version 1.5.31.1 2017-01-28 13:30:53.983 Version info: Product version 2.5.6 2017-01-28 13:30:53.983 Version info: Detection engine 3.67.0 2017-01-28 13:30:53.983 Version info: Detection data 5.32 2017-01-28 13:30:53.983 Version info: Build date 04/10/2016 2017-01-28 13:30:53.983 Version info: Data files added 722 2017-01-28 13:30:53.983 Version info: Last successful update (not yet updated) 2017-01-28 13:30:58.028 Downloading updates... 2017-01-28 13:30:58.029 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2017-01-28 13:30:58.029 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-01-28 13:30:58.029 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-01-28 13:30:58.029 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2017-01-28 13:30:58.029 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2017-01-28 13:30:58.029 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=] 2017-01-28 13:30:58.029 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path= 2017-01-28 13:30:58.029 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-01-28 13:30:58.080 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2017-01-28 13:30:58.080 Update progress: [I19463] Product download size 156130248 bytes 2017-01-28 13:31:04.909 Update progress: [I19463] Syncing product IDE536 LATEST path= 2017-01-28 13:31:04.909 Update progress: [I19463] Product download size 3527452 bytes 2017-01-28 13:31:05.150 Update progress: [I19463] Syncing product IDE537 LATEST path= 2017-01-28 13:31:05.150 Update progress: [I19463] Product download size 1431537 bytes 2017-01-28 13:31:05.263 Installing updates... 2017-01-28 13:31:05.866 Error level 1 2017-01-28 13:31:07.067 Update successful 2017-01-28 13:31:11.630 Option all = no 2017-01-28 13:31:11.631 Option recurse = yes 2017-01-28 13:31:11.631 Option archive = no 2017-01-28 13:31:11.631 Option service = yes 2017-01-28 13:31:11.631 Option confirm = yes 2017-01-28 13:31:11.631 Option sxl = yes 2017-01-28 13:31:11.631 Option max-data-age = 35 2017-01-28 13:31:11.631 Option vdl-logging = yes 2017-01-28 13:31:11.633 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-01-28 13:31:11.633 Machine ID: 0394deeb5ee6467fad1fc3026435e611 2017-01-28 13:31:11.636 Component SVRTcli.exe version 2.5.6 2017-01-28 13:31:11.636 Component control.dll version 2.5.6 2017-01-28 13:31:11.636 Component SVRTservice.exe version 2.5.6 2017-01-28 13:31:11.636 Component engine\osdp.dll version 1.44.1.2280 2017-01-28 13:31:11.636 Component engine\veex.dll version 3.68.0.2280 2017-01-28 13:31:11.636 Component engine\savi.dll version 9.0.7.2280 2017-01-28 13:31:11.636 Component rkdisk.dll version 1.5.31.1 2017-01-28 13:31:11.636 Version info: Product version 2.5.6 2017-01-28 13:31:11.637 Version info: Detection engine 3.68.0 2017-01-28 13:31:11.637 Version info: Detection data 5.35 2017-01-28 13:31:11.637 Version info: Build date 10/01/2017 2017-01-28 13:31:11.637 Version info: Data files added 300 2017-01-28 13:31:11.637 Version info: Last successful update 28/01/2017 13:31:07 2017-01-28 13:31:33.764 Warning: rootkit scan failed to open volume "\\?\Volume{7b9fdd7b-2d87-11e0-b7df-90fba62eaf4f}" (5) 2017-01-28 15:10:57.970 >>> Virus 'Mal/Generic-S' found in file C:\$Recycle.Bin\S-1-5-21-1746493775-819686441-3300315000-1000\$RHU2GCJ.exe 2017-01-28 15:10:57.970 >>> Virus 'Mal/Generic-S' found in file C:\$Recycle.Bin\S-1-5-21-1746493775-819686441-3300315000-1000\$RHU2GCJ.exe 2017-01-28 15:10:57.970 >>> Virus 'Mal/Generic-S' found in file C:\$Recycle.Bin\S-1-5-21-1746493775-819686441-3300315000-1000\$RHU2GCJ.exe 2017-01-28 15:10:57.970 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:10:57.970 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:47.953 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\ScreenShared\uninstaller.exe 2017-01-28 15:11:47.953 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:47.953 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:50.340 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\Wuposmujopy\drhcnf.dll 2017-01-28 15:11:50.340 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:50.340 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:57.079 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\monkeymii\AppData\Local\Ogics\gtgh7.exe 2017-01-28 15:11:57.079 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\monkeymii\AppData\Local\Ogics\gtgh7.exe 2017-01-28 15:11:57.079 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\monkeymii\AppData\Local\Ogics\gtgh7.exe 2017-01-28 15:11:57.079 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:57.079 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:11:58.998 Could not open C:\hiberfil.sys 2017-01-28 15:12:12.882 Could not open C:\pagefile.sys 2017-01-28 15:18:04.678 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll 2017-01-28 15:18:04.678 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:18:04.678 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:23:14.307 Could not open C:\System Volume Information\{185f59a2-e55d-11e6-a381-b27a9b23d12d}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-01-28 15:23:14.307 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-01-28 15:23:14.307 Could not open C:\System Volume Information\{f9af837b-e4c8-11e6-9898-df24315ce86e}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-01-28 15:23:14.307 Could not open C:\System Volume Information\{f9af83ea-e4c8-11e6-9898-df24315ce86e}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-01-28 15:25:08.265 Password protected file C:\Users\monkeymii\Documents\Restaraunttest.xls 2017-01-28 15:27:22.379 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2017-01-28 15:27:22.379 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2017-01-28 15:27:22.956 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2017-01-28 15:27:22.956 Could not open C:\Windows\System32\config\RegBack\SAM 2017-01-28 15:27:22.956 Could not open C:\Windows\System32\config\RegBack\SECURITY 2017-01-28 15:27:22.956 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2017-01-28 15:27:22.956 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2017-01-28 15:37:17.993 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\rimworld\RimWorldAlpha15cWin\RimWorldWin_Data\Plugins\steam_api.dll 2017-01-28 15:37:17.993 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:37:17.993 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:37:20.333 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\rimworld\RimWorldAlpha15cWin\steam_api.dll 2017-01-28 15:37:20.333 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:37:20.333 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:38:39.799 >>> Virus 'Mal/Generic-S' found in file D:\Games\Stronghold crusader 2\Stronghold Crusader 2\bin\win32_release\Crusader2.exe 2017-01-28 15:38:39.799 >>> Virus 'Mal/Generic-S' found in file D:\Games\Stronghold crusader 2\Stronghold Crusader 2\bin\win32_release\Crusader2.exe 2017-01-28 15:38:39.799 >>> Virus 'Mal/Generic-S' found in file D:\Games\Stronghold crusader 2\Stronghold Crusader 2\bin\win32_release\Crusader2.exe 2017-01-28 15:38:39.799 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:38:39.799 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:42:43.987 >>> Virus 'Mal/Generic-S' found in file F:\Program Files\Windows Multimedia Platform\Services and Controller app.exe 2017-01-28 15:42:43.987 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:42:43.987 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:42:46.280 >>> Virus 'Mal/Generic-S' found in file F:\Program Files\Windows Multimedia Platform\System.exe 2017-01-28 15:42:46.280 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:42:46.280 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:59:44.525 >>> Virus 'Mal/VMProtBad-A' found in file F:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll 2017-01-28 15:59:44.525 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 15:59:44.525 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 17:11:37.684 >>> Virus 'Mal/HiBrowLnk-A' found in file F:\Users\monkeymii\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 2017-01-28 17:12:10.179 >>> Virus 'Mal/HiBrowLnk-A' found in file F:\Users\monkeymii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-28 17:19:06.154 >>> Virus 'Mal/Generic-S' found in file F:\Users\monkeymii\Desktop\desktop\Dwarf fortress lazy newb\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfunreveal.exe 2017-01-28 17:19:06.154 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 17:19:06.154 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 17:25:18.574 Password protected file F:\Users\monkeymii\Documents\Restaraunttest.xls 2017-01-28 17:25:44.813 >>> Virus 'Mal/Generic-L' found in file F:\Users\monkeymii\Downloads\CyberGate v1.07.5\CyberGate v1.07.5.exe 2017-01-28 17:25:44.813 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 17:25:44.813 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1746493775-819686441-3300315000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2017-01-28 18:19:56.919 Could not open LOGICAL:000A:00000000 2017-01-28 18:19:56.919 Could not open K:\ 2017-01-28 18:19:56.919 Could not open LOGICAL:0010:00000000 2017-01-28 18:19:56.919 Could not open Q:\ 2017-01-28 18:19:57.044 The following items will be cleaned up: 2017-01-28 18:19:57.044 Mal/Generic-S 2017-01-28 18:19:57.044 Mal/VMProtBad-A 2017-01-28 18:19:57.044 Mal/Generic-L 2017-01-28 18:19:57.044 Mal/HiBrowLnk-A 2017-01-28 18:19:57.044 Mal/HiBrowLnk-A 2017-01-28 18:24:48.141 Threat 'Mal/Generic-S' has been cleaned up. 2017-01-28 18:24:48.141 File "C:\$Recycle.Bin\S-1-5-21-1746493775-819686441-3300315000-1000\$RHU2GCJ.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "C:\$Recycle.Bin\S-1-5-21-1746493775-819686441-3300315000-1000\$RHU2GCJ.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Program Files (x86)\ScreenShared\uninstaller.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Program Files (x86)\ScreenShared\uninstaller.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Program Files (x86)\Wuposmujopy\drhcnf.dll" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Program Files (x86)\Wuposmujopy\drhcnf.dll" has been cleaned up. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Users\monkeymii\AppData\Local\Ogics\gtgh7.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "C:\FRST\Quarantine\C\Users\monkeymii\AppData\Local\Ogics\gtgh7.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "D:\Games\Stronghold crusader 2\Stronghold Crusader 2\bin\win32_release\Crusader2.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "D:\Games\Stronghold crusader 2\Stronghold Crusader 2\bin\win32_release\Crusader2.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "F:\Program Files\Windows Multimedia Platform\Services and Controller app.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "F:\Program Files\Windows Multimedia Platform\Services and Controller app.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "F:\Program Files\Windows Multimedia Platform\System.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "F:\Program Files\Windows Multimedia Platform\System.exe" has been cleaned up. 2017-01-28 18:24:48.141 File "F:\Users\monkeymii\Desktop\desktop\Dwarf fortress lazy newb\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfunreveal.exe" belongs to malware 'Mal/Generic-S'. 2017-01-28 18:24:48.141 File "F:\Users\monkeymii\Desktop\desktop\Dwarf fortress lazy newb\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfunreveal.exe" has been cleaned up. 2017-01-28 18:24:48.141 Removal successful 2017-01-28 18:24:55.988 Threat 'Mal/VMProtBad-A' has been cleaned up. 2017-01-28 18:24:55.988 File "C:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll" belongs to malware 'Mal/VMProtBad-A'. 2017-01-28 18:24:55.988 File "C:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll" has been cleaned up. 2017-01-28 18:24:55.988 File "D:\Games\rimworld\RimWorldAlpha15cWin\RimWorldWin_Data\Plugins\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'. 2017-01-28 18:24:55.988 File "D:\Games\rimworld\RimWorldAlpha15cWin\RimWorldWin_Data\Plugins\steam_api.dll" has been cleaned up. 2017-01-28 18:24:55.988 File "D:\Games\rimworld\RimWorldAlpha15cWin\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'. 2017-01-28 18:24:55.988 File "D:\Games\rimworld\RimWorldAlpha15cWin\steam_api.dll" has been cleaned up. 2017-01-28 18:24:55.988 File "F:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll" belongs to malware 'Mal/VMProtBad-A'. 2017-01-28 18:24:55.988 File "F:\Program Files (x86)\Square Enix\Sleeping Dogs\buddha.dll" has been cleaned up. 2017-01-28 18:24:55.988 Removal successful 2017-01-28 18:24:58.281 Threat 'Mal/Generic-L' has been cleaned up. 2017-01-28 18:24:58.281 File "F:\Users\monkeymii\Downloads\CyberGate v1.07.5\CyberGate v1.07.5.exe" belongs to malware 'Mal/Generic-L'. 2017-01-28 18:24:58.281 File "F:\Users\monkeymii\Downloads\CyberGate v1.07.5\CyberGate v1.07.5.exe" has been cleaned up. 2017-01-28 18:24:58.281 Removal successful 2017-01-28 18:24:58.406 >>> Virus 'Mal/HiBrowLnk-A' found in file F:\Users\monkeymii\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 2017-01-28 18:24:58.406 Disinfection successful 2017-01-28 18:24:58.499 >>> Virus 'Mal/HiBrowLnk-A' found in file F:\Users\monkeymii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-28 18:24:58.515 Disinfection successful 2017-01-28 18:24:58.983 Error level 0 2017-01-28 18:25:20.448 Scan completed. 2017-01-28 18:25:20.448 ------------------------------------------------------------ MalbamLog.txt AdwCleaner[C0].txt Fixlog.txt

okay, I got to the Sophos step and the scan has been running for about an hour now. Is there an estimate on how long it should take to complete?

Yep it created a log on pressing fix I believe. Should I proceed to the other steps now? Fixlog.txt

Hey Kevin, I did the first step as asked, FRST updated itself and then when fix was pressed it got hung up after about 5 minutes of seemingly running fine. The window won't move as if it's not responding and nothing can be pressed. Attaching screenshot...

Hey, A couple weeks ago I came back to my pc which was left on the desktop over night showing nothing but a Black screen, a popup advert and internet explorer opened on some ad site (I can't remember fully). I powered down and came back the next morning to attempt to fix it, disconnecting my wireless connection to the internet and ctrl-shift-esc opening task manager, PING.exe kept being sent over processes as well as a few other strange processes which I shut down. Then ended and restarted explorer.exe which brought back my desktop instead of the blank black screen and proceeded to do scans with malewarebytes. I had little luck for a while. Continuously restarting/deleting quarantined files/repeat as new threats were being picked up seemingly with every restart. Now I gave up after that couple of days and have come back yesterday to try and give it another shot. I acquired malewarebytes 3.0 and it finally seemed to have picked up everything (I believe) although I've been doing scans all day today and every so often it will pick something new up as if it wasn't there before. I had a hijacked hosts file most notably yesterday and most sites were being redirected to something else. It's worth noting that last week I was fed up with how slow the system was running with the viruses and so I went into msconfig (probably stupidly) and disabled a lot of startup programs that I thought might have something to do with them. Since this has happened I've run another couple of scans (cut them short as for whatever reason they have seemed to be taking at least 4x longer than what they usually have been) and things have been clean however when I start up the system I still have a black screen and have to manually restart explorer.exe as well as any programs that are supposed to be running on startup. So I believe there's still something there and am expecting that eventually it will spread again to what it was in those first couple scans (Somewhere around 2400+ threats) as well as this annoying issue of having to restart explorer.exe to make the system functional after each startup. Addition.txt FRST.txt