Cannot sign into windows account after qt

[Richard2112]

I just upgraded to Malwarebytes 3.0 and after running a scan it identified12 threats. If I qt these I get a message from windows that it cannot locate account and to try signing in again. I did not get these threat warnings from my previous version of Malwarebytes. Attached is the scan report. Should I just ignore these threat warnings?

scan2.txt

[Aura]

Hi Richard

When you quarantine the threats Malwarebytes detects, and then become unable to sign in your account, do you restore to a previous restore point (using System Restore) to go back and be able to sign in?

[Richard2112]

Hi Aura

I just restore the quarantined Registry Keys through Malwarebytes and then restart windows. Then I can sign in normally. I don't know if these PUP.Optional.Reimage registry keys are actual threats or maybe have something to do with when I upgraded to Windows 10. My computer seems to be working normally.

[Richard2112]

I suppose I could quarantine them one at a time and figure out which one is causing this problem.

[Aura]

Alright, please follow the instructions in the thread below, and provide me the FRST.txt and Addition.txt logs.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

[Aura]

Just now, Richard2112 said:

I suppose I could quarantine them one at a time and figure out which one is causing this problem.

That's another of way of proceeding.

[Richard2112]

Here are the Farbar files

 

FRST.txt

Addition.txt

[Aura]

Let's see if AdwCleaner can remove them, without damaging your userprofile.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), let the database update, then click on Scan;
  
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
  

[Richard2112]

After cleaning with AdwCleaner and restarting I was initially unable to sign in to my account. I was able to sign in on the 2nd attempt though. Running MB scan now.

 

# AdwCleaner v6.043 - Logfile created 15/02/2017 at 13:21:56
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Richard - RICHARD-DESKTOP
# Running from : C:\Users\Richard\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\extensions

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper.1.0
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper.1.0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cdn.printnicer.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\printnicer.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.printnicer.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\printnicer.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cdn.printnicer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\printnicer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.printnicer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\printnicer.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com

***** [ Web browsers ] *****

[-] [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6185 Bytes] - [15/02/2017 13:21:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [6149 Bytes] - [15/02/2017 13:20:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6331 Bytes] ##########

  

[Richard2112]

MB scan results. Still 2 threats.

scan3.txt

[Aura]

Are you able to sign in your account normally? If so, before moving on, create a Restore Point so we can fallback on it if anything happens.

https://support.microsoft.com/en-ca/instantanswers/e6bbddb0-9db4-4d88-9063-42c52c79a96e/create-a-system-restore-point

Once done, quarantine the threats detected by Malwarebytes and try to login in your account after. If it fails, try a second time like you just did.

[Richard2112]

I was able to sign in normally after quarantining the 2 threats detected by Malwarebytes. Malwarebytes scan now shows 0 threats.

 

Thank you Aura

[Aura]

No problem Richard, you're welcome  

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!