Jump to content
jessec

Black screen after Malwarebytes scan

Recommended Posts

Hello everyone,

I was redirected to this forum from Malwarebytes Anti-Malware Help.

Today I downloaded Malwarebytes to remove some malware/adware. I ran the scan and Malwarebytes removed 1,500-some results. Upon rebooting and logging into my Windows account, I was met with a black screen with the cursor.

This happened on my Lenovo laptop with Windows 10.

I read the thread entitled "I'm infected - What do I do now?" but I cannot download the Farbar Recovery Scan Tool as I cannot access my desktop because the screen is black.

I greatly appreciate any help,

Jesse

 

 

 

Share this post


Link to post
Share on other sites

Hello Jesse and welcome to Malwarebytes,

Try the following:

Hold down the Shift key and boot your computer. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window you can try "Automatic Repair"

If that fails go through that process again, this time select "System Restore" from there follow the prompts to run System Restore to any date prior to this issue happening..

Let me know the outcome...

Kevin...

 

Share this post


Link to post
Share on other sites

Hi Kevin,

Thank you so much for your response. When I select Troubleshoot, I see either "Reset this PC" or "Advanced Options." In Advanced Options, I see the System Restore, System Image Recovery, Startup Repair, Command Prompt, UEFI Firmware Settings, and Startup Settings. I don't see "Automatic Repair."

What should I try?

Thanks again,

Jesse

Share this post


Link to post
Share on other sites

Ok, try "Startup Repair" see if you can boot correctly, if that fails try "System Restore" .....

Share this post


Link to post
Share on other sites

Startup repair failed to solve the issue. I just ran System Restore, booted regularly and it also failed to solve the issue. I still have a black screen with the cursor visible.

Share this post


Link to post
Share on other sites

Do you have access to another PC where you can d/l and save FRST to a USB flash drive (memory stick)

Share this post


Link to post
Share on other sites

Yes, I do have access to another PC and I do have a USB flash drive. What is FRST?

Share this post


Link to post
Share on other sites

FRST is a special tool to run diagnostic scans and fixes, it can be run from a normally booted system or via the Recovery Environment... Try the following:

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Hold down the Shift key and boot your sick PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt"

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin...

Share this post


Link to post
Share on other sites

Here is the log. Thanks again for your time Kevin, I truly appreciate it and I will be sure to donate.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by SYSTEM on MININT-5CCG247 (13-06-2016 19:29:52)
Running from E:\
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402344 2015-12-18] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [269824 2015-10-29] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] wscript,
HKU\Jesse\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\Jesse\...\RunOnce: [Uninstall C:\Users\Jesse\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesse\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hott notes 4.lnk [2016-05-15]
ShortcutTarget: hott notes 4.lnk -> C:\Program Files (x86)\hott notes 4\hottnotes.exe (by Joel Riley)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar491.lnk [2016-06-13]
ShortcutTarget: Sidebar491.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-05-15]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-25] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-24] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-25] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-24] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-25] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-24] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-25] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-25] (AVAST Software)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-29] (Intel Corporation)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-02] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 19:29 - 2016-06-13 19:29 - 00000000 ____D C:\FRST
2016-06-13 14:27 - 2016-06-13 14:27 - 00206446 _____ C:\Windows\ntbtlog.txt
2016-06-13 11:59 - 2016-06-13 11:59 - 00000000 ____D C:\Avenger
2016-06-13 10:36 - 2016-06-13 15:09 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-06-13 10:36 - 2016-06-13 10:36 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-13 10:36 - 2016-06-13 10:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-13 10:36 - 2016-06-13 10:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-13 10:36 - 2016-03-10 10:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-06-13 10:36 - 2016-03-10 10:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-06-13 10:36 - 2016-03-10 10:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-06-13 10:35 - 2016-06-13 10:35 - 22851472 _____ (Malwarebytes ) C:\Users\Jesse\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 19:55 - 2016-06-13 11:59 - 00000000 ____D C:\Users\Jesse\AppData\Local\app
2016-06-12 19:49 - 2016-06-12 19:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-12 19:48 - 2016-06-12 19:48 - 04456448 _____ C:\Users\Jesse\Downloads\Agent_Orange_-_Living_In_Darkness_FlacTNT_Village.iso
2016-06-12 19:18 - 2016-06-12 19:18 - 45458988 _____ C:\Users\Jesse\Downloads\tree breeze (2) (1).wav
2016-06-12 19:12 - 2016-06-12 19:13 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (4).aif
2016-06-12 19:10 - 2016-06-12 19:11 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016b (3).aif
2016-06-12 19:04 - 2016-06-12 19:05 - 80703708 _____ C:\Users\Jesse\Downloads\NeoPunk 2 (2).wav
2016-06-10 10:03 - 2016-06-10 10:04 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (3).aif
2016-06-10 09:23 - 2016-06-10 09:25 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016b (2).aif
2016-06-10 09:20 - 2016-06-10 09:22 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (2).aif
2016-06-01 14:47 - 2016-06-12 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-25 14:10 - 2016-05-24 16:31 - 00536312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2016-05-25 14:09 - 2016-05-25 14:08 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-05-25 14:05 - 2016-05-25 14:05 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-15 11:14 - 2016-06-13 11:59 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\stickies
2016-05-15 11:14 - 2016-05-15 11:14 - 01672704 _____ (Zhorn Software) C:\Users\Jesse\Downloads\stickies_setup_9.0a.exe
2016-05-15 11:14 - 2016-05-15 11:14 - 00000715 _____ C:\Windows\uninstallstickies.bat
2016-05-15 11:14 - 2016-05-15 11:14 - 00000000 ____D C:\Program Files (x86)\Stickies
2016-05-15 11:05 - 2016-05-15 11:05 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\hott notes 4
2016-05-15 11:05 - 2016-05-15 11:05 - 00000000 ____D C:\Program Files (x86)\hott notes 4
2016-05-15 11:04 - 2016-05-15 11:04 - 04034353 _____ C:\Users\Jesse\Downloads\HottNotes4.1Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 15:27 - 2015-10-29 22:28 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-06-13 15:26 - 2015-12-01 21:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 15:13 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF
2016-06-13 15:13 - 2015-08-18 11:15 - 00882746 _____ C:\Windows\System32\PerfStringBackup.INI
2016-06-13 15:09 - 2015-12-01 21:24 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-13 15:09 - 2015-08-18 11:26 - 00000000 __SHD C:\Users\Jesse\IntelGraphicsProfiles
2016-06-13 14:52 - 2015-12-01 21:29 - 00000000 ____D C:\users\Jesse
2016-06-13 11:59 - 2014-08-02 16:29 - 00000000 __RDO C:\Users\Jesse\OneDrive
2016-06-13 11:57 - 2015-09-09 13:40 - 00000000 ____D C:\ProgramData\Browser
2016-06-13 11:50 - 2014-08-02 16:26 - 00000000 ____D C:\Users\Jesse\AppData\Local\SweetLabs App Platform
2016-06-13 10:28 - 2015-10-06 16:00 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 20:03 - 2015-11-05 19:50 - 00004004 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1446781839
2016-06-12 20:03 - 2015-09-09 14:13 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-12 20:02 - 2014-10-21 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 20:01 - 2014-08-04 18:32 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\uTorrent
2016-06-12 19:19 - 2014-08-21 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-12 18:46 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-12 18:39 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-10 10:18 - 2014-09-09 07:47 - 00000000 ____D C:\Users\Jesse\Desktop\Misc
2016-05-27 09:42 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:41 - 2014-08-02 17:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-25 14:08 - 2015-09-09 14:13 - 00465792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00287528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00166432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-05-24 16:31 - 2015-09-09 14:13 - 01070904 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-05-24 16:31 - 2015-09-09 14:13 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-05-17 19:31 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\NDF
2016-05-16 18:34 - 2015-01-01 11:59 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-15 20:20 - 2015-07-05 12:00 - 00000023 _____ C:\Users\Jesse\jagexappletviewer.preferences
2016-05-15 20:18 - 2015-07-05 12:00 - 00000044 _____ C:\Users\Jesse\jagex_cl_runescape_LIVE.dat
2016-05-15 11:43 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp

Some files in TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\1D66.tmp.exe
C:\Users\Jesse\AppData\Local\Temp\42B8.tmp.exe
C:\Users\Jesse\AppData\Local\Temp\fsd839E.exe
C:\Users\Jesse\AppData\Local\Temp\oct8FDB.tmp.exe
C:\Users\Jesse\AppData\Local\Temp\vqw4BdYkFU.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-05-10 16:21] - [2016-04-22 20:18] - 0585728 ____A (Microsoft Corporation) 5C156EC4E44E30331BCC865A3B61D839

C:\Windows\System32\wininit.exe
[2016-05-10 16:21] - [2016-04-22 21:06] - 0291360 ____A (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700

C:\Windows\explorer.exe
[2016-05-10 16:21] - [2016-04-22 21:08] - 4515256 ____A (Microsoft Corporation) 2617877C5761B8A696FD0368861EE6E4

C:\Windows\SysWOW64\explorer.exe
[2016-05-10 16:21] - [2016-04-22 21:09] - 4074160 ____A (Microsoft Corporation) 692E62EA6039478321AE5D24A68E1FE2

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-05-10 16:21] - [2016-04-22 21:00] - 1399224 ____A (Microsoft Corporation) F5F7CE3E32536F1A37FB3972F27A814F

C:\Windows\SysWOW64\User32.dll
[2016-05-10 16:21] - [2016-04-22 21:00] - 1337240 ____A (Microsoft Corporation) E7BD4D15CDC5A1E162256CFADCA92344

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2016-04-12 15:51] - [2016-03-29 02:11] - 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4

C:\Windows\SysWOW64\dnsapi.dll
[2016-04-12 15:51] - [2016-03-29 01:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2016-05-30 12:20
Restore point date: 2016-06-12 20:02

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8115.27 MB
Available physical RAM: 7210.19 MB
Total Virtual: 8115.27 MB
Available Virtual: 7249.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.58 GB) (Free:290.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.82 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.43 GB) FAT
Drive f: (PBR_DRV) (Fixed) (Total:14.85 GB) (Free:3.34 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5B1D201)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)


LastRegBack: 2016-06-09 17:42

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Also reboot and see if your system boots Normally...

fixlist.txt

Share this post


Link to post
Share on other sites

It worked! The log is attached.

So what did this process do exactly? Is my laptop protected and clear of the malware that MBAM removed earlier today? Or is there more that needs to be done?

Thank you so much Kevin,

Jesse

Fixlog.txt

Edited by jessec

Share this post


Link to post
Share on other sites

Hello again Jesse,

Your laptop was infected, the Winlogon registry key had been exploited. hence after removal of infection your system does not boot... We find the cause with the first scan and make the fix with the second via recovery environment.....

We need to run more scans to ensure your system is clean, its 1am local time for me so I will log off shortly... Run the following: (do not worry about running malwarebytes, it will be ok this time)

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns... (will catch up later)

Thank you,

Kevin...

 

 

Share this post


Link to post
Share on other sites

Good night Kevin, I look forward to resuming this process tomorrow.

I ran the MBAM scan, rebooted successfully and was able to obtain the log. I downloaded AdwCleaner, performed the scan and cleaning, and rebooted.

Unfortunately, upon rebooting after the AdwCleaner scan & cleaning, my desktop was black with the cursor once again. Same issue as before.

I will wait for your response before doing anything. Tomorrow I will be busy with work, but I will hopefully be available from 8pm-1am, your time zone (which is 3pm to 8pm in my time zone).

Thanks again,

Jesse

Share this post


Link to post
Share on other sites

Hello Jesse,

Very unusual for AdwCleaner to leave your system unbootable, not come across that result before.... We need to start over, I give the full instruction again....

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Hold down the Shift key and boot your sick PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt"

Continue with the following:
 

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thanks,

Kevin...

Share this post


Link to post
Share on other sites

Here is the new FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
Ran by SYSTEM on MININT-E43UTUK (14-06-2016 12:45:12)
Running from e:\
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [402344 2015-12-18] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] wscript,
HKU\Jesse\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\Jesse\...\RunOnce: [Uninstall C:\Users\Jesse\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesse\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\Jesse\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [5671 2016-06-13] ()
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hott notes 4.lnk [2016-05-15]
ShortcutTarget: hott notes 4.lnk -> C:\Program Files (x86)\hott notes 4\hottnotes.exe (by Joel Riley)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar264.lnk [2016-06-13]
ShortcutTarget: Sidebar264.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-05-15]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-25] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-24] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-25] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-24] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-25] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-24] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-25] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-24] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-25] (AVAST Software)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
S3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
S3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-29] (Intel Corporation)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-02] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 19:29 - 2016-06-13 19:51 - 00000000 ____D C:\FRST
2016-06-13 17:37 - 2016-06-13 17:41 - 00000000 ____D C:\AdwCleaner
2016-06-13 17:36 - 2016-06-13 17:37 - 03677248 _____ C:\Users\Jesse\Downloads\adwcleaner_5.119.exe
2016-06-13 17:32 - 2016-06-13 17:32 - 00000000 ___HD C:\OneDriveTemp
2016-06-13 14:27 - 2016-06-13 14:27 - 00206446 _____ C:\Windows\ntbtlog.txt
2016-06-13 10:36 - 2016-06-13 17:43 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-06-13 10:36 - 2016-06-13 10:36 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-13 10:36 - 2016-06-13 10:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-13 10:36 - 2016-06-13 10:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-13 10:36 - 2016-03-10 10:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-06-13 10:36 - 2016-03-10 10:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-06-13 10:36 - 2016-03-10 10:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-06-13 10:35 - 2016-06-13 10:35 - 22851472 _____ (Malwarebytes ) C:\Users\Jesse\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 19:49 - 2016-06-12 19:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-12 19:48 - 2016-06-12 19:48 - 04456448 _____ C:\Users\Jesse\Downloads\Agent_Orange_-_Living_In_Darkness_FlacTNT_Village.iso
2016-06-12 19:18 - 2016-06-12 19:18 - 45458988 _____ C:\Users\Jesse\Downloads\tree breeze (2) (1).wav
2016-06-12 19:12 - 2016-06-12 19:13 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (4).aif
2016-06-12 19:10 - 2016-06-12 19:11 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016b (3).aif
2016-06-12 19:04 - 2016-06-12 19:05 - 80703708 _____ C:\Users\Jesse\Downloads\NeoPunk 2 (2).wav
2016-06-10 10:03 - 2016-06-10 10:04 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (3).aif
2016-06-10 09:23 - 2016-06-10 09:25 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016b (2).aif
2016-06-10 09:20 - 2016-06-10 09:22 - 62299312 _____ C:\Users\Jesse\Downloads\Project dicks 4.21.2016c (2).aif
2016-06-01 14:47 - 2016-06-12 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-25 14:10 - 2016-05-24 16:31 - 00536312 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2016-05-25 14:09 - 2016-05-25 14:08 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-05-25 14:05 - 2016-05-25 14:05 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-15 11:14 - 2016-06-13 17:32 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\stickies
2016-05-15 11:14 - 2016-05-15 11:14 - 01672704 _____ (Zhorn Software) C:\Users\Jesse\Downloads\stickies_setup_9.0a.exe
2016-05-15 11:14 - 2016-05-15 11:14 - 00000715 _____ C:\Windows\uninstallstickies.bat
2016-05-15 11:14 - 2016-05-15 11:14 - 00000000 ____D C:\Program Files (x86)\Stickies
2016-05-15 11:05 - 2016-05-15 11:05 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\hott notes 4
2016-05-15 11:05 - 2016-05-15 11:05 - 00000000 ____D C:\Program Files (x86)\hott notes 4
2016-05-15 11:04 - 2016-05-15 11:04 - 04034353 _____ C:\Users\Jesse\Downloads\HottNotes4.1Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-14 08:43 - 2015-12-01 21:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-14 08:43 - 2015-10-29 22:28 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-06-14 08:42 - 2015-10-06 16:00 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 17:47 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF
2016-06-13 17:47 - 2015-08-18 11:15 - 00882746 _____ C:\Windows\System32\PerfStringBackup.INI
2016-06-13 17:43 - 2015-12-01 21:24 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-13 17:43 - 2015-08-18 11:26 - 00000000 __SHD C:\Users\Jesse\IntelGraphicsProfiles
2016-06-13 17:41 - 2014-08-02 16:29 - 00000000 __RDO C:\Users\Jesse\OneDrive
2016-06-13 17:30 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\tracing
2016-06-13 14:52 - 2015-12-01 21:29 - 00000000 ____D C:\users\Jesse
2016-06-13 11:57 - 2015-09-09 13:40 - 00000000 ____D C:\ProgramData\Browser
2016-06-12 20:03 - 2015-11-05 19:50 - 00004004 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1446781839
2016-06-12 20:03 - 2015-09-09 14:13 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-12 20:02 - 2014-10-21 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 20:01 - 2014-08-04 18:32 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\uTorrent
2016-06-12 19:19 - 2014-08-21 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-12 18:46 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-12 18:39 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-10 10:18 - 2014-09-09 07:47 - 00000000 ____D C:\Users\Jesse\Desktop\Misc
2016-05-27 09:42 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:41 - 2014-08-02 17:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-25 14:08 - 2015-09-09 14:13 - 00465792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00287528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00166432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-05-25 14:08 - 2015-09-09 14:13 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-05-24 16:31 - 2015-09-09 14:13 - 01070904 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-05-24 16:31 - 2015-09-09 14:13 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-05-17 19:31 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\NDF
2016-05-16 18:34 - 2015-01-01 11:59 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-15 20:20 - 2015-07-05 12:00 - 00000023 _____ C:\Users\Jesse\jagexappletviewer.preferences
2016-05-15 20:18 - 2015-07-05 12:00 - 00000044 _____ C:\Users\Jesse\jagex_cl_runescape_LIVE.dat
2016-05-15 11:43 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp

Some files in TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\libeay32.dll
C:\Users\Jesse\AppData\Local\Temp\msvcr120.dll
C:\Users\Jesse\AppData\Local\Temp\sqlite3.dll


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-05-10 16:21] - [2016-04-22 20:18] - 0585728 ____A (Microsoft Corporation) 5C156EC4E44E30331BCC865A3B61D839

C:\Windows\System32\wininit.exe
[2016-05-10 16:21] - [2016-04-22 21:06] - 0291360 ____A (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700

C:\Windows\explorer.exe
[2016-05-10 16:21] - [2016-04-22 21:08] - 4515256 ____A (Microsoft Corporation) 2617877C5761B8A696FD0368861EE6E4

C:\Windows\SysWOW64\explorer.exe
[2016-05-10 16:21] - [2016-04-22 21:09] - 4074160 ____A (Microsoft Corporation) 692E62EA6039478321AE5D24A68E1FE2

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-05-10 16:21] - [2016-04-22 21:00] - 1399224 ____A (Microsoft Corporation) F5F7CE3E32536F1A37FB3972F27A814F

C:\Windows\SysWOW64\User32.dll
[2016-05-10 16:21] - [2016-04-22 21:00] - 1337240 ____A (Microsoft Corporation) E7BD4D15CDC5A1E162256CFADCA92344

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2016-04-12 15:51] - [2016-03-29 02:11] - 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4

C:\Windows\SysWOW64\dnsapi.dll
[2016-04-12 15:51] - [2016-03-29 01:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2016-05-30 12:20
Restore point date: 2016-06-12 20:02

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8115.27 MB
Available physical RAM: 7205.11 MB
Total Virtual: 8115.27 MB
Available Virtual: 7243.66 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.58 GB) (Free:291.49 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.82 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.43 GB) FAT
Drive f: (PBR_DRV) (Fixed) (Total:14.85 GB) (Free:3.34 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E5B1D201)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)


LastRegBack: 2016-06-09 17:42

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Hiya Jesse

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Also reboot and see if your system boots Normally...

Next,

If the system boots normally continue:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


Post those logs...

Thank you,

Kevin...

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi Kevin,

The fix worked and my system booted regularly. The AdwCleaner log popped up, so I will display that here in case you need it. The RogueKiller scan is taking a long time, so I'm going to show you that log as soon as it's completed. In the mean time, attached are the other logs you requested.

AdwCleaner log:

# AdwCleaner v5.119 - Logfile created 13/06/2016 at 21:41:35
# Updated 30/05/2016 by Xplode
# Database : 2016-06-13.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Jesse - CRACIUN
# Running from : C:\Users\Jesse\Downloads\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 


***** [ Folders ] *****

 

[-] Folder Deleted : C:\WebShield
[-] Folder Deleted : C:\ProgramData\Ehohmaliamd
[#] Folder Deleted : C:\ProgramData\Ehohmaliamd
[#] Folder Deleted : C:\ProgramData\Ehohmaliamd
[#] Folder Deleted : C:\ProgramData\Application Data\Ehohmaliamd
[#] Folder Deleted : C:\ProgramData\Application Data\Ehohmaliamd
[#] Folder Deleted : C:\ProgramData\Application Data\Ehohmaliamd
[-] Folder Deleted : C:\Users\Jesse\AppData\Local\Temp\MPC
[-] Folder Deleted : C:\Users\Jesse\AppData\Local\app
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki

 

***** [ Files ] *****

 

[-] File Deleted : C:\END
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\Users\Jesse\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Menu.lnk
[-] File Deleted : C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
[-] File Deleted : C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
[-] File Deleted : C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

 

***** [ DLLs ] *****

 


***** [ WMI ] *****

 


***** [ Shortcuts ] *****

 


***** [ Scheduled tasks ] *****

 

[-] Task Deleted : SweetLabs App Platform

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_9e3260feb1b61bcd3d67c329c90471e0cbd123ec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_a65116cdc0b4377bed428e280c19949d56248d11
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351A01B5-849A-ECA5-2760-EE9665E223C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{593D67B9-3A50-EBAA-17BE-61A5EC986A22}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
[-] Key Deleted : HKCU\Software\StormAlertsApp
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\MaxPower
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67A4761C-277B-47D4-B17A-8B9B536FAD04}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DD17DA26-F6EE-4722-941C-3AD1F160C99E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{18BF9954-BDC0-4237-8169-CB19254C2581}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2C7B1FA7-8415-43C7-BB91-9E9C08A80F3C}]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Jesse\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bz065rhn.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "WebSearch+");
[-] [C:\Users\Jesse\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bz065rhn.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "WebSearch+");
[-] [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : secure.homepage-web.com
[-] [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : search.mpc.am
[-] [C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : search.mpc.am

 

*************************

 

:: "Tracing" keys deleted
:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [5442 bytes] - [13/06/2016 21:41:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5575 bytes] - [13/06/2016 21:37:48]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5588 bytes] ##########

Fixlog.txt

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Ok lets see what happens with this step....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...
 
Thank you,
 
Kevin..

 

 

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Attached is the fix log. For some reason, when I try to download Zemana, the set-up begins but it's stuck at 0% and won't budge.

Fixlog.txt

Share this post


Link to post
Share on other sites

Leave that step and move on to next...

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

 

Share this post


Link to post
Share on other sites

Strangely, when I click your link, a new tab opens up but it immediately closes. I googled the Sophos Free Virus Removal Tool, but I can't seem to get past the EULA. Even if I scroll all the way down, check the box and click submit, it takes me right back to the same page.

I then got a notification that it couldn't be downloaded; same thing happened with Zemana.

 

 

 

Share this post


Link to post
Share on other sites

Ive zipped up the installer for Zemana and attached to this reply. Unzip to your desktop, install and run and post the produced log...

Sophos is too large to attach so give this a try after Zemana completes...

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is Checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable security software!

Thank you,

Kevin...

Zemana.AntiMalware.Setup.zip

Share this post


Link to post
Share on other sites

Hi Kevin, sorry for responding so late.

Even the zipped version of Zemana won't open. Even after disabling my AntiVirus and AntiSpyware, ESET Online Scanner won't download either.

Something in this process must have caused the inability to download these programs. I haven't tried to download anything else but those three programs, but they have all failed. RogueKiller was the last thing I was able to successfully download.

It seems as though my computer is in perfect working condition, however. There are no more pop-ups, my Internet connection is fine and my Antivirus program is running. I haven't noticed anything out of the ordinary besides being unable to download those three programs.

 

 

Share this post


Link to post
Share on other sites

Which browser are you using to download programs, one specific or have you tried others? Do your security programs update ok?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.