Computer running but screen black

[kevinf80]

Thanks for the logs/update, yes you can run Malwarebytes overnight. Before scanning I want you to enable a couple of entries...

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes select "Export Summary" then "Copy to ClipBoard" to copy the log, you can paste that to your reply...

 

[Ehussein]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/14/16
Scan Time: 4:53 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.735
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: CLAIRE\Erin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406726
Time Elapsed: 3 hr, 31 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 22
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT REMINDER,
Delete-on-Reboot, [9224], [254646],1.0.735
PUP.Optional.OnlineIO,
HKLM\SOFTWARE\MICROLEAVES\{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561},
Delete-on-Reboot, [696], [339688],1.0.735
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\CLASSES\PCSU.Registry,
Delete-on-Reboot, [7692], [241616],1.0.735
PUP.Optional.ProCleaningSoftware,
HKLM\SOFTWARE\WOW6432NODE\PPC-software, Delete-on-Reboot, [1292],
[315311],1.0.735
PUP.Optional.ProPCCleaner,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-SOFTWARE\PPC-SOFTWARE,
Delete-on-Reboot, [440], [261928],1.0.735
PUP.Optional.ProPCCleaner,
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PPC-software_RASAPI32,
Delete-on-Reboot, [440], [261012],1.0.735
PUP.Optional.ProPCCleaner,
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PPC-software_RASMANCS,
Delete-on-Reboot, [440], [261012],1.0.735
PUP.Optional.ProPCCleaner,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-SOFTWARELANGUAGE,
Delete-on-Reboot, [440], [261929],1.0.735
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online
Application Installer, Delete-on-Reboot, [696], [333868],1.0.735
PUP.Optional.StartGo123,
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Delete-on-Reboot,
[865], [318109],1.0.735
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io
Application, Delete-on-Reboot, [696], [317312],1.0.735
PUP.Optional.SlitherIO,
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\slitherio_RASAPI32,
Delete-on-Reboot, [1033], [339371],1.0.735
PUP.Optional.SlitherIO,
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\slitherio_RASMANCS,
Delete-on-Reboot, [1033], [339371],1.0.735
PUP.Optional.ProPCCleaner,
HKLM\SOFTWARE\WOW6432NODE\PPC-SOFTWARE\PPC-SOFTWARE, Delete-on-Reboot,
[440], [261930],1.0.735
PUP.Optional.ProntSpooler,
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ProntSpooler,
Delete-on-Reboot, [17690], [260417],1.0.735
PUP.Optional.InstallCore,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\csastats,
Delete-on-Reboot, [8], [260986],1.0.735
PUP.Optional.InstallCore,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\ICSW1.23,
Delete-on-Reboot, [8], [239562],1.0.735
PUP.Optional.InterStat,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\Interstatnogui,
Delete-on-Reboot, [1697], [333863],1.0.735
Adware.NowUSeeIt,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\NowUSeeItPlayer,
Delete-on-Reboot, [17456], [251334],1.0.735
PUP.Optional.ProCleaningSoftware,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-software,
Delete-on-Reboot, [1292], [315310],1.0.735
PUP.Optional.SlitherIO,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\SlitherIO,
Delete-on-Reboot, [1033], [339365],1.0.735
PUP.Optional.DailyBee,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\APPDATALOW\SOFTWARE\DailyBee,
Delete-on-Reboot, [690], [335016],1.0.735

Registry Value: 8
PUP.Optional.CleanBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINLOGON|Userinit, Replace-on-Reboot, [1863],
[335008],1.0.735
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT
REMINDER|ICON, Delete-on-Reboot, [9224], [254646],1.0.735
PUP.Optional.ProPCCleaner,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-SOFTWARE\PPC-SOFTWARE|CUSTOM1,
Delete-on-Reboot, [440], [261928],1.0.735
PUP.Optional.ProPCCleaner,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-SOFTWARE\PPC-SOFTWARE|CUSTOM2,
Delete-on-Reboot, [440], [261928],1.0.735
PUP.Optional.ProPCCleaner,
HKU\S-1-5-21-3658803638-144345712-1652931034-1001\SOFTWARE\PPC-SOFTWARELANGUAGE|LANG,
Delete-on-Reboot, [440], [261929],1.0.735
Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINLOGON|USERINIT, Replace-on-Reboot, [634],
[291015],1.0.735
PUP.Optional.ProPCCleaner,
HKLM\SOFTWARE\WOW6432NODE\PPC-SOFTWARE\PPC-SOFTWARE|PATH,
Delete-on-Reboot, [440], [261930],1.0.735
Trojan.DNSChanger,
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6813c7d3-fcb7-49b7-81c5-4550bfecd1bf}|NameServer,
Replace-on-Reboot, [2109], [293693],1.0.735

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.EasyFileOpener, C:\Users\Erin\AppData\Roaming\efo\langs,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener, C:\USERS\ERIN\APPDATA\ROAMING\EFO,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\dump,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\USERS\ERIN\APPDATA\LOCAL\mstrn32,
Delete-on-Reboot, [11527], [175232],1.0.735
Adware.NowUSeeIt, C:\USERS\ERIN\APPDATA\LOCAL\NOWUSEEITPLAYER,
Delete-on-Reboot, [17456], [251333],1.0.735
PUP.Optional.AmazonDotD, C:\USERS\ERIN\APPDATA\LOCAL\SHORTCUT
INSTALLER, Delete-on-Reboot, [1214], [337557],1.0.735
PUP.Optional.DailyBee,
C:\Users\Erin\AppData\Local\DailyBee\Cache\index-dir,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Local
Storage, Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Cache,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee, C:\USERS\ERIN\APPDATA\LOCAL\DailyBee,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate, Delete-on-Reboot, [14545], [182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\PROGRAM FILES\COMMON FILES\Noobzo,
Delete-on-Reboot, [14545], [182252],1.0.735

File: 42
PUP.Optional.StartGo123, C:\WINDOWS\System32\drivers\NetUtils2016.sys,
Delete-on-Reboot, [865], [325509],0.0.0
PUP.Optional.EasyFileOpener,
C:\USERS\ERIN\APPDATA\ROAMING\EFO\EFO.EXE.CONFIG, Delete-on-Reboot,
[4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\danish_efo_da.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\Dutch_efo_nl.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\english_efo_en.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\finish_efo_fi.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\French_efo_fr.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\german_efo_de.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\italian_efo_it.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\japanese_efo_ja.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\norwegian_efo_no.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\portuguese_efo_ptbr.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\langs\russian_efo_ru.ini,
Delete-on-Reboot, [4037], [261970],1.0.735
PUP.Optional.EasyFileOpener,
C:\Users\Erin\AppData\Roaming\efo\efo.exe, Delete-on-Reboot, [4037],
[261970],1.0.735
PUP.Optional.FakeIELaunch,
C:\USERS\ERIN\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK
LAUNCH\LAUNCH INTERNET-EXPLORER BROWSER.LNK, Delete-on-Reboot,
[17334], [246452],1.0.735
Trojan.Agent, C:\WINDOWS\SYSWOW64\SENDREQUEST ERROR, Delete-on-Reboot,
[22], [315888],1.0.735
PUP.Optional.Mstrn,
C:\Users\Erin\AppData\Local\mstrn32\dump\25d41977-34a3-4ee9-8083-f69c4d056936.dmp,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\cookies,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\db.sqlite,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\Setting.ini,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\urls.txt,
Delete-on-Reboot, [11527], [175232],1.0.735
PUP.Optional.Mstrn, C:\Users\Erin\AppData\Local\mstrn32\urls.txt.bak,
Delete-on-Reboot, [11527], [175232],1.0.735
Adware.NowUSeeIt,
C:\USERS\ERIN\APPDATA\LOCAL\NOWUSEEITPLAYER\NOWUSEEITPLAYER.DAT,
Delete-on-Reboot, [17456], [251333],1.0.735
PUP.Optional.AmazonDotD, C:\USERS\ERIN\APPDATA\LOCAL\SHORTCUT
INSTALLER\AMAZON DEAL OF THE DAY.ICO, Delete-on-Reboot, [1214],
[337557],1.0.735
PUP.Optional.DailyBee,
C:\Users\Erin\AppData\Local\DailyBee\Cache\index-dir\the-real-index,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee,
C:\Users\Erin\AppData\Local\DailyBee\Cache\index, Delete-on-Reboot,
[690], [324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Local
Storage\file__0.localstorage, Delete-on-Reboot, [690],
[324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Local
Storage\file__0.localstorage-journal, Delete-on-Reboot, [690],
[324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\cookies,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee,
C:\Users\Erin\AppData\Local\DailyBee\cookies-journal,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Web Data,
Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.DailyBee, C:\Users\Erin\AppData\Local\DailyBee\Web
Data-journal, Delete-on-Reboot, [690], [324760],1.0.735
PUP.Optional.CleanBrowser, C:\WINDOWS\RUN.VBS, Delete-on-Reboot,
[1863], [335008],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\sma.exe, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\smci32.dll, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\smi32.exe, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\smi64.exe, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\smu.exe, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\SMUninstall.exe, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.Goobzo.Gen, C:\Program Files\Common
Files\Noobzo\GNUpdate\smw.sys, Delete-on-Reboot, [14545],
[182252],1.0.735
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS,
Delete-on-Reboot, [865], [318109],1.0.735
PUP.Optional.HijackHosts.Gen, C:\WINDOWS\SYSTEM32\AEO\DHOV\OSIO.DAT,
Delete-on-Reboot, [19377], [301770],1.0.735

Physical Sector: 0
(No malicious items detected)


(end)

[kevinf80]

Thanks for that log, we still need to run an AV scan to ensure your system is totally clean..

Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see that log in your reply, also tell me if there are any remaining isues or concerns..... You can also revert the settings we changed on Malwarebytes.. Thank you, Kevin...

[Ehussein]

Wow - that scan took almost 24 hours to run!

2 threats were found.  Here is the log.

2016-12-15 15:31:59.887    Sophos Virus Removal Tool version 2.5.6
2016-12-15 15:31:59.887    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-12-15 15:31:59.887    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-12-15 15:31:59.887    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-12-15 15:31:59.887    Checking for updates...
2016-12-15 15:31:59.935    Update progress: proxy server not available
2016-12-15 15:32:10.191    Option all = no
2016-12-15 15:32:10.191    Option recurse = yes
2016-12-15 15:32:10.191    Option archive = no
2016-12-15 15:32:10.191    Option service = yes
2016-12-15 15:32:10.191    Option confirm = yes
2016-12-15 15:32:10.191    Option sxl = yes
2016-12-15 15:32:10.191    Option max-data-age = 35
2016-12-15 15:32:10.191    Option vdl-logging = yes
2016-12-15 15:32:10.191    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-12-15 15:32:10.191    Machine ID:    0c7ec181a1c64adeaa75b87cae13207b
2016-12-15 15:32:10.191    Component SVRTcli.exe version 2.5.6
2016-12-15 15:32:10.191    Component control.dll version 2.5.6
2016-12-15 15:32:10.207    Component SVRTservice.exe version 2.5.6
2016-12-15 15:32:10.207    Component engine\osdp.dll version 1.44.1.2270
2016-12-15 15:32:10.207    Component engine\veex.dll version 3.67.0.2270
2016-12-15 15:32:10.207    Component engine\savi.dll version 9.0.5.2270
2016-12-15 15:32:10.207    Component rkdisk.dll version 1.5.31.1
2016-12-15 15:32:10.207    Version info:    Product version    2.5.6
2016-12-15 15:32:10.207    Version info:    Detection engine    3.67.0
2016-12-15 15:32:10.207    Version info:    Detection data    5.32
2016-12-15 15:32:10.207    Version info:    Build date    10/4/2016
2016-12-15 15:32:10.207    Version info:    Data files added    499
2016-12-15 15:32:10.207    Version info:    Last successful update    (not yet updated)
2016-12-15 15:32:42.676    Downloading updates...
2016-12-15 15:32:42.676    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-15 15:32:42.676    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=]
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I49502] sdds.data0910.xml: found supplement IDE535 LATEST path= baseVersion= [included from product IDE534 LATEST path=]
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE535 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE535 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product IDE535 LATEST path=]
2016-12-15 15:32:42.676    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path=
2016-12-15 15:32:42.676    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-12-15 15:32:43.129    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2016-12-15 15:32:43.129    Update progress: [I19463] Product download size 151003858 bytes
2016-12-15 15:32:45.287    Update progress: [I19463] Syncing product IDE533 LATEST path=
2016-12-15 15:32:45.506    Update progress: [I19463] Product download size 2192549 bytes
2016-12-15 15:32:46.705    Update progress: [I19463] Syncing product IDE534 LATEST path=
2016-12-15 15:32:46.705    Update progress: [I19463] Product download size 2006903 bytes
2016-12-15 15:32:47.361    Update progress: [I19463] Syncing product IDE535 LATEST path=
2016-12-15 15:32:47.361    Update progress: [I19463] Product download size 1915695 bytes
2016-12-15 15:32:47.627    Update progress: [I19463] Syncing product IDE536 LATEST path=
2016-12-15 15:32:47.627    Update progress: [I19463] Product download size 1542525 bytes
2016-12-15 15:32:47.784    Installing updates...
2016-12-15 15:32:48.409    Error level 1
2016-12-15 15:33:18.800    Update successful
2016-12-15 15:33:32.394    Option all = no
2016-12-15 15:33:32.394    Option recurse = yes
2016-12-15 15:33:32.394    Option archive = no
2016-12-15 15:33:32.394    Option service = yes
2016-12-15 15:33:32.394    Option confirm = yes
2016-12-15 15:33:32.394    Option sxl = yes
2016-12-15 15:33:32.394    Option max-data-age = 35
2016-12-15 15:33:32.394    Option vdl-logging = yes
2016-12-15 15:33:32.410    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-12-15 15:33:32.410    Machine ID:    0c7ec181a1c64adeaa75b87cae13207b
2016-12-15 15:33:32.410    Component SVRTcli.exe version 2.5.6
2016-12-15 15:33:32.410    Component control.dll version 2.5.6
2016-12-15 15:33:32.410    Component SVRTservice.exe version 2.5.6
2016-12-15 15:33:32.410    Component engine\osdp.dll version 1.44.1.2270
2016-12-15 15:33:32.410    Component engine\veex.dll version 3.67.0.2270
2016-12-15 15:33:32.410    Component engine\savi.dll version 9.0.5.2270
2016-12-15 15:33:32.410    Component rkdisk.dll version 1.5.31.1
2016-12-15 15:33:32.410    Version info:    Product version    2.5.6
2016-12-15 15:33:32.410    Version info:    Detection engine    3.67.0
2016-12-15 15:33:32.410    Version info:    Detection data    5.32
2016-12-15 15:33:32.410    Version info:    Build date    10/4/2016
2016-12-15 15:33:32.410    Version info:    Data files added    499
2016-12-15 15:33:32.410    Version info:    Last successful update    12/15/2016 10:33:18 AM

2016-12-16 02:20:35.084    Could not open C:\hiberfil.sys
2016-12-16 02:20:35.084    Could not open C:\pagefile.sys
2016-12-16 02:55:22.952    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 02:57:12.653    Could not open C:\swapfile.sys
2016-12-16 02:57:13.399    Could not open C:\System Volume Information\{08ea38da-c234-11e6-82d2-5c93a2b31efe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-16 02:57:13.399    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-16 02:57:13.399    Could not open C:\System Volume Information\{4fe02532-c244-11e6-82d4-5c93a2b31efe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-16 02:57:13.399    Could not open C:\System Volume Information\{7305dc62-c23a-11e6-82d3-5c93a2b31efe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-16 02:57:13.415    Could not open C:\System Volume Information\{da03926b-c1fa-11e6-82cf-5c93a2b31efe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-12-16 03:01:44.923    >>> Virus 'Mal/Generic-S' found in file C:\Users\Erin\AppData\Local\Microsoft\Windows\INetCache\IE\7U7YOBAR\brastub6abb_trmbl_inst[1].exe
2016-12-16 03:01:44.923    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3658803638-144345712-1652931034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-12-16 03:01:44.923    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3658803638-144345712-1652931034-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-12-16 03:23:13.967    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
2016-12-16 03:23:17.995    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
2016-12-16 03:23:22.085    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk
2016-12-16 03:23:26.147    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
2016-12-16 03:23:30.185    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9c93b53bfda55388\Google Chrome.lnk
2016-12-16 03:23:34.348    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
2016-12-16 03:23:38.409    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
2016-12-16 03:23:42.575    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
2016-12-16 03:23:46.644    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
2016-12-16 03:23:52.147    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
2016-12-16 03:23:56.308    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
2016-12-16 03:24:00.363    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-16 03:24:07.847    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\Desktop\Google Chrome.lnk
2016-12-16 03:24:11.924    >>> Virus 'Mal/HiBrowLnk-A' found in file C:\Users\Erin\Desktop\Internet Explorer.lnk
2016-12-16 04:09:27.860    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-12-16 04:09:27.860    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-12-16 04:09:37.143    Could not open C:\Windows\System32\config\BBI
2016-12-16 04:09:37.212    Could not open C:\Windows\System32\config\COMPONENTS
2016-12-16 04:09:37.328    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-12-16 04:09:37.343    Could not open C:\Windows\System32\config\RegBack\SAM
2016-12-16 04:09:37.361    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-12-16 04:09:37.365    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-12-16 04:09:37.365    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-12-16 06:07:02.827    Could not open LOGICAL:0004:00000000
2016-12-16 06:07:02.831    Could not open E:\
2016-12-16 06:07:03.121    The following items will be cleaned up:
2016-12-16 06:07:03.121    Mal/Generic-S
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
2016-12-16 06:07:03.121    Mal/HiBrowLnk-A
 

 

 

 

[kevinf80]

How is your system responding now, are there any remaining issues or concerns..

[Ehussein]

Hi!  I clicked on start cleaning.  It seemed to clean and then I restarted.  It is now hanging on the restarting screen and has been for an hour.  It's the blue screen that says restarting and has little white dots chasing each other around in a circle.  It's just frozen - the dots are static not moving.  I have unplugged and will see what the situation is when the battery runs down completely.  

[kevinf80]

Use the power button and power off the system, when off remove the battery and make sure no cable is connected... Hold in the power button for 30 seconds... Refit the battery, refit power cable and re-boot...

Is the system ok...

[Ehussein]

Just came home and the battery had already completely run down so I plugged back in and started the laptop.  Started right up - not making that horrible whirring noise it had been making.  I am going to run Sophos and Mbam one more time each just to make absolutely sure.

It does look like my google chrome and internet explorer are both still gone but I can download them again.

 

Thank you so much.  You really are a Forum Deity and a Christmas miracle!

Now no more access to my laptop for my son.

 

[kevinf80]

Thank you for those kind words, let me know the outcome of scans.....

[Ehussein]

Here is the report from Mbam:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/18/16
Scan Time: 6:14 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.782
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: CLAIRE\Erin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411674
Time Elapsed: 26 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [864], [318108],1.0.782

Physical Sector: 0
(No malicious items detected)

(end)

[kevinf80]

Did you also run Sophos one more time...?

[Ehussein]

I did run Sophos one more time.  It took several hours but not as long as it had the previous times.  It said no threats and that my computer is clean. There wasn't any report.

[kevinf80]

Any remaining issues or concerns...? if none we can clean up...

Uninstall Sophos via Programs and Features..

Next,

Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

Edited December 20, 2016 by kevinf80

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!