Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to use Internet then puter freezes up


  • This topic is locked This topic is locked
24 replies to this topic

#1 i82much

i82much

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 01:45 PM

When i try to access internet, the computer freezes, then I have to hard boot computer.

I've tried to access the restore point but puter freezes again. I was able to run the FST scan, I had a hard time transferring logs to thumb drive so i could post log using laptop

Thanks for your time

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 24 February 2017 - 01:52 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Did you set a ProxyServer:
[S-1-5-21-2407739858-643924651-461579560-1001] => http=127.0.0.1:49769;https=127.0.0.1:49769
 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 03:13 PM

"Did you set a ProxyServer:
[S-1-5-21-2407739858-643924651-461579560-1001] => http=127.0.0.1:49769;https=127.0.0.1:49769"

I did not set up a proxy

Working on the scans

Thanks for your time



#4 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 03:28 PM

Copied all programs to thumb drive

"Infected" computer wont display drives in explorer and spends minutes trying to show file and folders only to stall again.

Ill keep trying.Thanks



#5 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 24 February 2017 - 04:13 PM

Please let me know if you still cannot run the scans.

If yes, we can do another thing before scanning.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 04:33 PM

I was able to run security scan, trying to get txt file to thumb

Ran Malware twice and computer freezes (mouse still moves?)

Thanks again

 

Adware found 39 threats.

Clean? 

 

Computer froze while trying to get log file

Lost all info

Run again?


Edited by i82much, 24 February 2017 - 05:07 PM.


#7 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 04:55 PM

Adwclearner file attached

Same problem with Malware and security txt

 

 

ran security scan again

log file atached

Attached Files


Edited by i82much, 24 February 2017 - 05:05 PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 24 February 2017 - 04:58 PM


:step1: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 05:34 PM

I ran the cleaner and its "stuck" in restart mode

How long should this take, or should I reboot?

Thanks again



#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 24 February 2017 - 06:14 PM

Hello,

reboot now and then try this please:
 

***


Log on to all your Windows user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2407739858-643924651-461579560-1001\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ProxyServer: [S-1-5-21-2407739858-643924651-461579560-1001] => http=127.0.0.1:49769;https=127.0.0.1:49769
RemoveProxy:
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {691A42D7-AFD6-4FB8-AF80-42E5B3CABC77} - \Validate Installation -> No File <==== ATTENTION
Task: {C5D30CC0-D574-4C0E-A635-53A8E4A63B9E} - System32\Tasks\{13C01A6E-411C-5C24-F8EB-3CD59B7A2F6B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\19d36249\1c0f3582.dll" <==== ATTENTION
Task: {C84BB500-1D89-455C-BFE8-40639645A26C} - \Check Updates -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %<===== ATTENTION
HKU\S-1-5-21-2407739858-643924651-461579560-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2407739858-643924651-461579560-1001\Software\Classes\.exe: exefile => "%1" %<===== ATTENTION
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner


---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 February 2017 - 07:25 PM

Running the fix option and its taking a long time(been an hour so far).

How long should I wait?

Thanks again


Edited by i82much, 24 February 2017 - 07:26 PM.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 25 February 2017 - 02:08 AM

Please restart the pc in safe mode with networking and then run the fix option again.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 25 February 2017 - 09:54 AM

Rebooted  into safe mode but hangs during "restart"



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:47 AM

Posted 25 February 2017 - 10:10 AM

Ok, looks like we cannot help in that way.

Do you have a backup of your privat data?
If not, please make a backup of important files now.

After that try this: How To Refresh A Windows 8.1 Installation Without Losing Your Data

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 i82much

i82much
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 25 February 2017 - 10:44 AM

In a last ditch effort to avoid a refresh, I tried one more time and it worked.

When computer restarted it was in safe mode. Change it back now or wait

Fixlog attached

Tanks again

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users