Alex1981 Posted February 23, 2014 ID:795300 Share Posted February 23, 2014 Hello there, I used Malwarebytes on my Lenovo computer and it modified files in the registry and now my computer won't start in regular mode. It starts in safe mode, but when I start it regularly, I only see a black screen which never moves. I would appreciate any support if anyone can give a hand. Thanks so much, Alex Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 23, 2014 Root Admin ID:795336 Share Posted February 23, 2014 Hello Alex Can you please post the MBAM log so that we can see what it removed. Also please run the following and post back it's log too. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Thanks Link to post Share on other sites More sharing options...
Alex1981 Posted February 23, 2014 Author ID:795539 Share Posted February 23, 2014 Hello Ron, Thank you very much for your reply. I'll post the three MBAM logs that I have, in the order that they were run. The computer stopped working after I ran the second one that did not delete all files - I figured that at that point, I should run the full program and then clean things off. I realize that may have been a bad move - but it is what it is. First one: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.13.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Admin :: ADMIN-PC [administrator] Protection: Enabled 12/01/2014 11:28:42 PMmbam-log-2014-01-12 (23-28-42).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 215579Time elapsed: 12 minute(s), 20 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 3HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN40741475549710180&UM=2&ctid=CT3287803) Good: (http://www.google.com) -> No action taken. Folders Detected: 3C:\Users\Admin\AppData\Local\Temp\ct3287803 (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791 (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> No action taken. Files Detected: 43C:\ProgramData\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Babylon.A) -> No action taken.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RBJYJA5.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RF88MI1.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RXZZJGZ.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\spch.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\installer.exe (PUP.Optional.MSILLauncher) -> No action taken.C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\setup__120.exe (PUP.Optional.Amonetize.A) -> No action taken.C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> No action taken.C:\Users\Admin\Downloads\freeopener_714.exe (PUP.Optional.InstallIQ.A) -> No action taken.C:\Users\Admin\Downloads\InstallFreeRARExtractFrog.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Admin\Downloads\video-media-download_setup.exe (PUP.Downware) -> No action taken.C:\Users\Admin\Downloads\winrar.exe (PUP.Optional.MSILLauncher) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\6GCWAIFM\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\VisualBee_V_4_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\wajam_install[1].exe (PUP.Optional.Wajam.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\TKVCS9Q5\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\SolidSavingsINT[1] (PUP.Optional.CrossRider) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBeeSoftware[1].exe (PUP.Optional.Babylon.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBee_V.4[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\wajam_download[1].exe (PUP.Optional.Wajam) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\CT3287803.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\initData.json (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\manifest.json (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3287803\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Admin\AppData\Local\Temp\ct3294791\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken. (end) Link to post Share on other sites More sharing options...
Alex1981 Posted February 23, 2014 Author ID:795541 Share Posted February 23, 2014 Ron - I've attached the second and third MBAM files here - I suspect it is one of the files in this one that are causing the problem. I've also added the FRST file and the Addition file. Again, thanks so much for your help. Alex Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.13.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Admin :: ADMIN-PC [administrator] Protection: Enabled 12/01/2014 11:43:07 PMmbam-log-2014-01-12 (23-43-07).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 25767Time elapsed: 55 second(s) [aborted] Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Number 3 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.01.13.01 Windows 7 Service Pack 1 x64 NTFS (Safe Mode)Internet Explorer 11.0.9600.16476Admin :: ADMIN-PC [administrator] Protection: Disabled 18/01/2014 3:46:48 PMmbam-log-2014-01-18 (15-46-48).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 212596Time elapsed: 5 minute(s), 36 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN40741475549710180&UM=2&ctid=CT3287803) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 3C:\Users\Admin\AppData\Local\Temp\ct3287803 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully. Files Detected: 43C:\ProgramData\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RBJYJA5.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RF88MI1.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RXZZJGZ.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\installer.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\setup__120.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> Quarantined and deleted successfully.C:\Users\Admin\Downloads\freeopener_714.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.C:\Users\Admin\Downloads\InstallFreeRARExtractFrog.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Admin\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.C:\Users\Admin\Downloads\winrar.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\6GCWAIFM\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\VisualBee_V_4_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\wajam_install[1].exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\TKVCS9Q5\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\SolidSavingsINT[1] (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBeeSoftware[1].exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBee_V.4[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\wajam_download[1].exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\CT3287803.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3287803\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Admin\AppData\Local\Temp\ct3294791\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 24, 2014 Root Admin ID:795661 Share Posted February 24, 2014 Well these files should not be causing a reboot issue but Conduit does have a known issue with this but is typically on Windows XP when it causes a non reboot issue. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. Thanks Link to post Share on other sites More sharing options...
Firefox Posted February 24, 2014 ID:795867 Share Posted February 24, 2014 Root Admin, I had the same issue after running Malewarbytes Pro a couple of weeks ago.....Hello and ajjjr as everyone's computer is different, its best to start your own topic as to not confuse what instructions need to be taken by the original poster. If you don't mind, please start your own topic and then include the requested logs below and included you latest scan logs with the detected items..... DDS – Checktool - FRST STEP 1 Please run the DDS scanner and send back both logs as attachments to your next reply. Download DDS from one of the locations below and save it to your Desktop: dds.scr dds.com Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed. Then double click dds.scr or dds.com to run the tool. Click the Run button if prompted with an Open File - Security Warning dialog box. A black DOS console should open and run for a moment.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txtYou can ignore the note about zipping the Attach.txt file and just post it or attach it.STEP 2 Please run mbam-check and send back the log as an attachment to your next reply.Download mbam-check.exe from HERE and save it to your desktopDouble-click on mbam-check.exe to run it, it should then open a log filePlease do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.STEP 3 Please run the FRST tool and send back both logs as attachments to your next reply. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system - that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your next reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now