LGW

sorry speccy file attached for previous post I also tried the SFC and DISM commands but didnt work, didnt want to do the system restore because I thought I might get reinfected again? Or should I be OK now? Anyway, does not having correctly installed the two applications "Microsoft.Windows.ShellExperienceHost" and Microsoft.Windows.Cortana" effect my PC performance at all? if not I can live without it. The only other question I'd like to ask is what do you recommend as routine security checks/maintenance and how often. Obviously Mbam, but how about the other ones you got me to do in post #2 (junkware remover, sophos, etc.) should I be using them routinely? Thanks speccy 25.06.zip

Hi Ron I think I've downloaded the driver. Can you please check with new speccy zip file? I still have the issue of the start menu not opening. I just tried running a microsoft "troubleshoot problems opening start menu or cortana. The diagnostic gave the following report "microsoft.windows.shellexperiencehost" and driver. "microsoft.windows.cortana" need to be installed properly. Did something make these install incorrectky?

I wasnt sure if u wanted a speccy file or all file so I did a snapshot using both (I think).You might notice that I have upgraded my ram to 4Gb, what a difference! Much more responsive but still cant open the start button. Btw I appreciate all the help you have given, and I'm sure everyone is really thankful to have you and your team helping people like me who aren't very tech savvy but want to keep our personal information exactly that, personal. Cheers. As you have helped effectively remove/quarantine the mbam detections which is what I came here for, I totally understand if your time can be spent with plenty other folk who need help.Just let me know. Otherwise please do continue. Speccy 23.zip Speccy 23.6.zip

HI Ron, unfortunately the auto detect didnt work after downloading Java. So I downloaded the latest driver which is 9.18.13.908. I wasnt sure what I was doing so I searched manually for a driver only to find out there is no driver that supports windows 10. I have noticed that my start button doesn't open when I left click but it does open a set of options when I right click (programs and features , task manger , run etc.) Do you think this is the driver or perhaps the stuff I quarantined? Is there a way to check my PC for errors and caused by not having the quarantines stuff ? Oh and should I uninstall Java? Thanks again FRST.txt Addition.txt mb-check-results.zip

Hi Ron, Logs attached. Custom scan 18.6.17 is where Mbam managed to detect and finally quarantine the threats. I did another custom scan after with no detections. I just tried to do another set of scans and when I tried to do a custom scan it got halfway and crapped itself but this time it went to the blue screen of death. Not sure if the logs show what happened. I also forgot to mention when the computer crapped itself yesterday, I managed to get task manager going during the usual black screen. It showed all processes at 0% except task manager itself. Is there something I shouldn't have quarantined? Should I run the system file checker tool again? Thanks FRST.txt Addition.txt mb-check-results.zip Threat scan 19.6.17.txt Threat scan 17.6.17.txt custom scan 18.6.17.txt custom scan after 18.6.17.txt

Hi definitely not going to sleep, it seems like the computer just freezes and craps itself (lack of a better term). I tried to the system file checker tool which is suggested on the link you provided. The tool didn't find anything. I haven't been able to provide many reports as the computer craps itself before the end of the custom scan. And after I reboot there's no record of it. Luckily last night one of that stands went all the way through and detected +40 threats and I was also able to finally move them to quarantine. I'll attach the reports when I'm back at home this evening as I want to know whether there are any I should keep as I have noticed the computer has crapped itself a couple of times during normal operation after I quarantined the threats

Hi Ron, no luck unfortunately. Mbam is still detecting threats during the custom scan. It got to about 23 detections then black screen again. This time the monitor couldn't detect a signal at all but the computer was still running. Files attached. Thanks Addition.txt FRST.txt mb-check-results.zip

Haha yeah I'm pretty proud of the hardware, there's been many occasions where I've nearly thrown it out the window in frustration. I actually purchased 4Gb the other day and should receive it in the mail any day now. Hopefully that will lower my blood pressure to somewhat normal levels. I have reverted the msconfig settings back to normal (I think), uninstalled Trend password manager and ran FRST with the fixlist in same location. Fixlog attached as requested. Let me know how it went. Cheers! Fixlog.txt

Hi Ron, no its my PC at home since new (many moons ago). My ex was in charge of the computer initially as I have limited knowledge at best. She did play around with a few things but no idea what and that was ages ago and she was rather keen to have high security settings at the time. The only other things I can think of that might be out of the "norm" are: 1. I installed Glary utilities which had a startup manager which could have stuff things up (deleted a few months ago) 2. Old Trend antivirus still installed on PC which my ex bought the subscription for (which has since expired a while ago) 3. Oh maybe it has to do with something my ex installed once, it was able to track what I typed on the keyboard while she was away one time (thats probably why she is an ex lol). As for the browser I have fiddled around with a few things (which I probably shouldn't have) to try minimise the system resources on the 1Gb ram I have! There actually isn't any issues I have noticed as such apart from how slow everything is using this PC. I'd be lucky to have anymore than 2 tabs open in the browser before things take minutes to perform. I've always thought it was due to my lack of ram rather than anything else. The only obvious issue is only during a custom scan at the end where it detects the threats and goes to the black screen before I am able to put them in quarantine or remove them. Hope that helps. Cheers LGW

Hi AdvancedSetup, I did as the instructions said but wasn't sure when to run the mbcheck; Before or after the scans. Anyway I did the scans again with pretty much the same results but this time again my computer went to a black screen (with only my mouse pointer visible) during the custom scan. Rebooted and ran the mbcheck and Frst apps. Files attached as per the previous link. Addition.txt FRST.txt mb-check-results.zip

Hi, AdvancedSetup, thanks for reopening my thread back and apologies for not responding in time. I did as suggested in post #7. I deleted all my previous restore points and then created a new restore point. I then ran a threat scan and custom scan after that. Same issue, no threats detected on the threat scan but 30 odd on the custom scan. It didn't go directly to a black screen this time immediately after the custom scan. This time it got to the results page where you can select (tick) the threats you want to quarantine. I checked all the threats to quarantine but when I click the quarantine button the black screen happens and my PC is effectively frozen as I cant see what I'm doing. The results are attached. Let me know if you need any further info or what I should do next. I know your flat out at the moment, I'm in no real rush so please reply whenever you get a chance. Thanks! Custom scan 3.6.17.txt threat scan 3.6.17.txt

Oh I hope your better now or well on the way to it. Thanks for replying and yes I do still need help when you get a chance. To be honest I haven't tried any other things to fix my issue if there is one. Just the automatic scans with windows defender (which has detected nothing).

Hi I did as requested, I think you might have missed my last post. Anyway I did as requested and a few days later I decided to run a threat scan and then a custom scan as I did initially to see whether MBAM would still detect during the custom scan. Same result, didn't detect anything on the first scan threat scan but detected a bunch of stuff on the second using a custom scan. I checked in the quarantine folder and nothing was there either after the custom scan. Logs attached FRST.txt Addition.txt Threat scan.txt

Hi Advance Setup, thanks for your reply. Much appreciated. I followed your instructions above. Details below, also FRST and addition attachments as requested. Sophos Antivirus didn't detect anything. Without jumping ahead of myself, do I delete my recycle bin (after all the steps you advise have been done) to permanently delete the files that were quarantined using MBAM? Should the above steps be done on any routine basis? Thanks again. Happy Easter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Pro x86 Ran by Sarah (Administrator) on Fri 14/04/2017 at 12:55:47.97 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\ProgramData\1461745786.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1461746695.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1461747690.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1491311564.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1491311569.bdinstall.bin (File) Successfully deleted: C:\ProgramData\1491313443.bdinstall.bin (File) Successfully deleted: C:\ProgramData\trymedia (Folder) Successfully deleted: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\rbtjrxsv.default-1491486015295\extensions\trash (Folder) Successfully deleted: C:\Program Files\GUTCDDC.tmp (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 14/04/2017 at 12:58:52.47 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.045 - Logfile created 14/04/2017 at 13:19:00 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-13.1 [Server] # Operating System : Windows 10 Pro (X86) # Username : Sarah - TRACASCELINE # Running from : C:\Users\Sarah\Downloads\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Trymedia Systems [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [888 Bytes] - [14/04/2017 13:19:00] C:\AdwCleaner\AdwCleaner[S0].txt - [1232 Bytes] - [14/04/2017 13:17:40] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1033 Bytes] ########## FRST.txt Addition.txt

Hi, i was hoping you might be able to help determine whether my PC has an issue or not. Firstly I'd like to say that my PC is ancient so don't laugh! And I'm pretty average at best in computer knowledge. When I run a threat scan MBAM doesn't detect anything but when I do a custom scan (everything ticked in the options for scanning c: drive only) I get around 30 detections. But every time before the scan finished the screen goes black (with only the cursor visible) and I am unable to navigate anywhere and have to manually turn the computer off and on again. Report details below. Thanks in advance. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/8/17 Scan Time: 7:46 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.96 Update Package Version: 1.0.1684 License: Free -System Information- OS: Windows 10 CPU: x86 File System: NTFS User: TRACASCELINE\Sarah -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 116183 Time Elapsed: 1 hr, 43 min, 55 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 33 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075024.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075031.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075037.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075043.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075025.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075038.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075044.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075026.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075033.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075039.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075022.EXE, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075028.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075035.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075041.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.Conduit, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075047.EXE, No Action By User, [522], [8425],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075027.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP740\A0075040.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084037.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084035.EXE, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084041.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084048.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084054.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.Conduit, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084060.EXE, No Action By User, [522], [8425],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084052.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084039.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084050.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084056.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084042.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084053.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084040.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084046.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084051.DLL, No Action By User, [11400], [299293],1.0.1684 PUP.Optional.ConduitTB.Gen, C:\SYSTEM VOLUME INFORMATION\_RESTORE{FD3C1499-40A3-42C0-B988-AFEF01E7A09C}\RP762\A0084057.DLL, No Action By User, [11400], [299293],1.0.1684 Physical Sector: 0 (No malicious items detected) (end) Addition.txt FRST.txt