Windows Drive Problem after Removing Smart Virus

[RainbowFish]

Hi there,

A few months ago, my Windows PC was infected by a smart virus, igfxmtc. After removing it with the help of Malwarebytes and people from this forum, I no longer have the virus. However, my computer keeps showing a message that says repairing disk drive whenever I start my computer. Furthermore, since the smart virus incident, when I install new programs, the program content folders frequently cannot be located after the programs are successfully installed according to instructions.

Would someone help me with this issue please? Thank you so much!

[RainbowFish]

Please find below my startup screen showing repairing drive, as well as my post when I got infected with igfxmtc:

 

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

[RainbowFish]

Hi Nasdaq,

Thank you so much for help out!

Sure, please find below the FRST.txt and the Addition.txt from the scans.

FRST.txt

Addition.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found in your logs.

--RogueKiller--

• Download & SAVE to your Desktop Download RogueKiller
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or above, right-click the program file and select "Run as Administrator"
• Accept the user agreements.
• Execute the scan and wait until it has finished.
• If a Windows opens to explain what [PUM's] are, read about it.
• Click the RoguKiller icon on your taksbar to return to the report.
• Click open the Report
• Click Export TXT button
• Save the file as ReportRogue.txt
• Click the Remove button to delete the items in RED  
• Click Finish and close the program.
• Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  

=======

[RainbowFish]

Hi Nasdaq,

Thank you. Attached are the ReportRogue.txt and a screenshot of the threats detected. Nothing came up in red though so I left them as is.

ReportRogue.txt

[nasdaq]

Hi,

This is very annoying. Can you get out of that message or is the computer locked.
However, my computer keeps showing a message that says repairing disk drive whenever I start my computer.

You may have to Refresh your copy of Windows 10 without losing your data
How to:
https://www.dell.com/support/article/us/en/04/sln297920/reset-or-reinstall-windows-10-on-your-dell-computer?lang=en#Refresh

Run the Tweaking tool first.
Let me see the results before proceeding.
===

Furthermore, since the smart virus incident, when I install new programs, the program content folders frequently cannot be located after the programs are successfully installed according to instructions.

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here

• Install and then run the program
• Execute the instructions on Step 1 Important
• Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
• On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
• Click Repairs - Open Repairs in the bottom right corner
• Uncheck the All repair button then select just the item(s) listed below
• 
  

  01 - Repair Registry Permissions
  03 - Reset Service permissions
  04 - Register System Files
  05 - Repair WMI
  10 - Remove Policies Set By Infections
  16 - Repair Windows Updates
  20 - Repair MSI (Windows Installer)
  25 - Restore Important Windows Services
  26 - Set Windows Service to Default Startup

• Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
• Please copy and paste the Contents of this file on your next reply.

===

Restart the computer normally.

Can you now locate your programs?

[RainbowFish]

Hi Nasdaq,

Thanks for the instructions. Attaching the Pre-scan report below. I've run the repair in safe mode but it appears that the program did not generate any reports or error messages. The computer was restarted upon completion. The "scanning and repairing drive" message is still there at startup (and yes, the computer was locked at that stage). The message only stays on the screen for a short few seconds.

I'll try locating my programs and let you know if the old problems are fixed.

Tweaking.com - Windows Repair 2018 - Pre-Scan.txt

[RainbowFish]

Sorry to bother here, a new and separate problem has come up. Last night I was trying to install a program called Daemon Lite downloaded from online and it was bundled with a bunch of other applications that installed automatically. Now my computer has a "Chromium" application which I cannot uninstall in the normal way. Chromium shows up at startup with Yahoo Search. It has also added extensions to my Chrome. 

I ran AdwCleaner and Malwarebytes in Safe Mode to delete these extensions, they found over 400 threats, mostly extensions and Trojan. However they didn't pick up Chromium as a virus. After restarting the computer, the deleted extensions came back again and now Chromium doesn't show up on my list of installed programs. How can I delete the virus + the Chromium completely?

Thanks a lot, Nasdaq. Attaching the log from AdwCleaner, the 2 reports from a refreshed FRST scan,  a log from Hitman Pro, and a Malwarebytes log which was run last, after deleting 400 threats.

 

 

AdwCleaner[C00].txt

HitmanPro_20180922_0244.log

Malwarebytes Scan 02.txt

Addition.txt

FRST.txt

[nasdaq]

Hi,

I need to see the FRST.TXT log from the Farbar Scan.

Before you post the log please take care of this.

Avast as some 55 reparse points to fix.

I suggest you download and run their uninstall  utility.

https://www.avast.com/en-ca/uninstall-utility

When done restart the computer normally.

Do not reinstall the program just yet.

====

After a restart run the Farbar program and post a fresh FRST.TXT log for my review.

Let me know what problem persists.

 

 

[RainbowFish]

Thanks a lot. Here's the FRST report after running avastclear. The Chromium browser continues to pop up at start up.

 

 

FRST.txt

[nasdaq]

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Chromium (HKLM-x32\...\{936B7BAB-C3EB-AA2B-726B-DAABA2EB092B}) (Version:  - )
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any remaining issues with this computer.

fixlist.txt

[RainbowFish]

Hey thank you so much Nasdaq! The problem's fixed now - no more Chromium or addition of browser extensions! My other programs seem to be working fine too. So for now I'm fine with leaving the "repairing drive" message as it is, if it doesn't cause other troubles. What do you think?

 

 

[nasdaq]

Hi,

So for now I'm fine with leaving the "repairing drive" message as it is, if it doesn't cause other troubles. What do you think?

This is the Volume/Partition. It has 0 byte. Nothing can become of it.
\\?\Volume{9ad1c6a8-0c1d-409f-989d-c83c350f5f06}\ () (Fixed) (Total:0 GB) (Free:0 GB) 

It may be annoying with time.

===

It can be deleted but with great care.

Using Diskpart to create, extend or delete a disk partition
https://www.windowscentral.com/how-clean-and-format-storage-drive-using-diskpart-windows-10

This is not malware and not my forte.
If you decide to remove it I suggest you start a topic in the Windows 10 forum here.
https://www.bleepingcomputer.com/forums/f/229/windows-10-support/
An expert should be able to guide you.

Glad we could help.

[RainbowFish]

I see! It only delays the startup process by a few seconds so guess I can live with it. Thank you so much for fixing my computer again, Tweaking.com really did the trick.

[nasdaq]

Glad we could help.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks