Jump to content

Computer won't start after using Malwarebytes


Recommended Posts

Hello there,

 

I used Malwarebytes on my Lenovo computer and it modified files in the registry and now my computer won't start in regular mode. It starts in safe mode, but when I start it regularly, I only see a black screen which never moves.

 

I would appreciate any support if anyone can give a hand.

 

Thanks so much,

 

Alex

Link to post
Share on other sites

  • Root Admin

Hello Alex

 

Can you please post the MBAM log so that we can see what it removed.

 

Also please run the following and post back it's log too.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Thanks

Link to post
Share on other sites

Hello Ron,

 

Thank you very much for your reply. I'll post the three MBAM logs that I have, in the order that they were run. The computer stopped working after I ran the second one that did not delete all files - I figured that at that point, I should run the full program and then clean things off.

 

I realize that may have been a bad move - but it is what it is. 

 

First one:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.13.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrator]
 
Protection: Enabled
 
12/01/2014 11:28:42 PM
mbam-log-2014-01-12 (23-28-42).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215579
Time elapsed: 12 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN40741475549710180&UM=2&ctid=CT3287803) Good: (http://www.google.com) -> No action taken.
 
Folders Detected: 3
C:\Users\Admin\AppData\Local\Temp\ct3287803 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> No action taken.
 
Files Detected: 43
C:\ProgramData\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RBJYJA5.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RF88MI1.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RXZZJGZ.exe (PUP.Optional.FullSpectrumAdmin) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\installer.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\setup__120.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> No action taken.
C:\Users\Admin\Downloads\freeopener_714.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Admin\Downloads\InstallFreeRARExtractFrog.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Admin\Downloads\video-media-download_setup.exe (PUP.Downware) -> No action taken.
C:\Users\Admin\Downloads\winrar.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\6GCWAIFM\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\VisualBee_V_4_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\wajam_install[1].exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\TKVCS9Q5\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\SolidSavingsINT[1] (PUP.Optional.CrossRider) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBeeSoftware[1].exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBee_V.4[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\wajam_download[1].exe (PUP.Optional.Wajam) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\CT3287803.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3287803\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Admin\AppData\Local\Temp\ct3294791\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
 
(end)
Link to post
Share on other sites

Ron - I've attached the second and third MBAM files here - I suspect it is one of the files in this one that are causing the problem. I've also added the FRST file and the Addition file.
 
Again, thanks so much for your help.
 
Alex
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.13.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrator]
 
Protection: Enabled
 
12/01/2014 11:43:07 PM
mbam-log-2014-01-12 (23-43-07).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 25767
Time elapsed: 55 second(s) [aborted]
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Number 3
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.13.01
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrator]
 
Protection: Disabled
 
18/01/2014 3:46:48 PM
mbam-log-2014-01-18 (15-46-48).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212596
Time elapsed: 5 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN40741475549710180&UM=2&ctid=CT3287803) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 3
C:\Users\Admin\AppData\Local\Temp\ct3287803 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\VisualBeeExe (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.
 
Files Detected: 43
C:\ProgramData\VisualBee\VisualBeeSoftware.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RBJYJA5.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RF88MI1.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4045599396-3689474135-2538689433-1000\$RXZZJGZ.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\installer.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\DM\winrar.exe\edb808b20e17488db0caef3203e64515\setup__120.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\freeopener_714.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\InstallFreeRARExtractFrog.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Admin\Downloads\winrar.exe (PUP.Optional.MSILLauncher) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\6GCWAIFM\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\VisualBee_V_4_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\7VAU4HKK\wajam_install[1].exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\OCAEU7N2\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\TKVCS9Q5\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\XEJ8UNZV\SolidSavingsINT[1] (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBeeSoftware[1].exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\VisualBee_V.4[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\ZLRFTU27\wajam_download[1].exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\CT3287803.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3287803\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\ct3294791\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Well these files should not be causing a reboot issue but Conduit does have a known issue with this but is typically on Windows XP when it causes a non reboot issue.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Root Admin,

 

I had the same issue after running Malewarbytes Pro a couple of weeks ago.....

Hello and :welcome:

ajjjr as everyone's computer is different, its best to start your own topic as to not confuse what instructions need to be taken by the original poster.

If you don't mind, please start your own topic and then include the requested logs below and included you latest scan logs with the detected items.....

DDS – Checktool - FRST

STEP 1

Please run the DDS scanner and send back both logs as attachments to your next reply.

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
STEP 2

Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.
STEP 3

Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system - that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.