detheagle666

So I'm a complete idiot, and in my rush to not be late to work I did not read the last bit there where you asked me to copy any errors and send them to you. However, There are some logs made by windows repair tool. On the other hand, it seems that this last step cleaned it all up. Well, most of it. So I shut down my laptop before I left, and as soon as I got back I immediately turned it on and let it load. No windows process manager stuff came up, wifi worked, nothing strange at all outside of cryptography going nuts and lots of notifications saying that my default browser was reset, etc etc. Reinstalled MBAM, ran a scan, and popped up 1 item. This was the one and only remnant, some oddly named file in AppData\Local. This was the same one I threw so much shtuff at before I came here. I deleted it myself, and then left MBAM clear it. I do not know if I need to take anymore steps, if you want me to run a Farbar again or anything? Or those logs made by Windows Repair?

In order: I've gotten rid of that driver support program. Glad that wasn't has a painful process like I started to think it would be. The question of running frst wasnt about whay directory, because it's being run off a jump drive, but rather do I run it normally through windows, or in the recovery environment using cmd? Ive done both, and put up both logs. The one I ran regularly i left alone but the one I ran in the recovery environment i re-labeled "Fixlog Recov.txt" I cannot run Malwarebytes, it says something like "unable to connect to service." I can't reinstall it through the downloaded installer either. Should I run chameleon? Lastly, heres the fss.log you requested. It looks like basically every service on there except Windows Update got screwed up. FSS.txt

So ran frst both in regular mode AND recovery mode. No change. No way to access the internet or bluetooth, no firewall access, and I can't malwarebytes OR reinstall it. I have mbar and chameleon, but i dont know if i should run either (or of i can). Ive attached both Fixlog.txt, and Fixlog Recov.txt. The first one war done from the regular windows environment, and the second one from the recovery environment using the command prompt. Fixlog Recov.txt Fixlog.txt

I'm currently working on running the fix list, however before I continue I need to make sure I have to do the other parts of the list. I cannot uninstall "driver support." I get a message saying: "An error occured while trying to uninstall Driver Support. It may have been uninstalled. Would you like to remove Driver support from the Programs and Features list?" I have not done that because I've got no idea where to find it to manually delete it. Second, i cannot even access the windows defender firewall. It won't load, is the best description I can come up with. Might have to do with how I can't even access the internet on the infected computer anymore, some service(s) are not starting, so i don't even get the option to look at available networks. And finally, in your instruction you have directed me to use the jumpdrive i used to run Farbar in the recovery environment (or, so the first line of FRST.txt says), should i again run it in recovery or just straight off windows?

Got the file right here. I'm not to sure what your schedule is but from today onwards I'm going to be out of touch from late evening to mid afternoon or so, just so you're aware. Thank you for your help so far. FRST.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018 Ran by DethEagle (06-10-2018 12:17:46) Run:2 Running from C:\Users\DethEagle\Downloads Loaded Profiles: DethEagle (Available Profiles: DethEagle) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 12:17:47 ====

Aw *****, didn't read the stickies, sorry about that. So I've attached the most recent FRST.txt and Addition.txt. However, I can't attach the Malwarebytes logs because a) I don't know where they are and b) something is actively stopping Malwarebytes from starting, and uninstalling and reinstalling is the only way to get it to work. However, chameleon works, would those logs be useful? Addition.txt FRST.txt

Well, I might have not been paying to much attention to an .iso I downloaded yesterday, the second I ran the enclosed .exe I got inundated with Hacksaw.exe and Twisty.exe, 3 files in Appdata/Local that I cannot open, delete, take ownership of, etc, as well as several root-kits, trojans, registry edits, some fake-as-all-hell ushzrnesvc.exe in my system32, and 6 Windows Process Manager (32 bit) clogging up everything and Malwarebytes, Fileassassin, Unlocker, Mbar, Adwcleaner, and Farbar have all failed me. So I started doing the steps shown here: https://forums.malwarebytes.com/topic/216738-windows-process-manager-32-bit/ only to find that the "fixlist.txt" mentioned in the post about getting to the recovery environment was only good for that specific computer, and I've got no idea how to generate my own. If someone could point me in the direction I need to go, that would be really awesome. I've managed to take out most of this infection myself, ie. it's only the undeletable files and that so-called TOSHIBA CORP executable (I think) I need to get rid of. I'm not sure what logs and such are needed for this, and since I don't have any brand new shiny ones I'll wait for someone more who knows what their doing to tell me which programs to run and all that. Thank you very much in advance.