Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank screen


  • This topic is locked This topic is locked
5 replies to this topic

#1 TADMINZ

TADMINZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 23 May 2017 - 09:05 AM

Hello, am using Windows 8.1 and my screen shows blank with a cursor. I think its a virus problem. please help. thank you

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

Edited by boopme, 24 May 2017 - 01:58 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:45 AM

Posted 24 May 2017 - 01:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by SYSTEM on MININT-RTQ9TQ4 (24-05-2017 14:26:15)
Running from D:\
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-01-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-29] (IvoSoft)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1221400 2016-07-14] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [465320 2014-11-21] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [273920 2014-11-21] (Microsoft Corporation)
HKLM\...\RunOnce: [*NormalBoot] => bcdedit /deletevalue {current} safeboot
Startup: C:\Users\ClinicDataEntry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-04-20]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1221400 2016-07-14] (Kaspersky Lab ZAO)
S2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [2538608 2016-07-14] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2305816 2016-01-07] (Broadcom Corporation.)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2015-10-01] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-12-11] (Intel Corporation)
S2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [316880 2010-03-26] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-19] ()
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-29] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-01-13] (Realtek Semiconductor)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-29] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [104248 2015-12-30] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2016-01-07] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [10491152 2015-06-03] (Broadcom Corporation)
S3 dpK00701; C:\Windows\System32\drivers\dpK00701.sys [64016 2010-02-24] (DigitalPersona, Inc.)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-01] (Intel Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-01] (Intel Corporation)
S3 ewsercd; C:\Windows\system32\DRIVERS\ewsercd.sys [112896 2016-12-22] (Huawei Technologies Co., Ltd.)
S3 ewsercd; C:\Windows\SysWOW64\DRIVERS\ewsercd.sys [112896 2016-12-22] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [116864 2016-12-22] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\SysWOW64\DRIVERS\ewusbfake.sys [116224 2016-12-22] (Huawei Technologies Co., Ltd.)
S3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [31848 2015-08-29] (Kaspersky Lab)
S3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [111976 2016-07-07] (Kaspersky Lab ZAO)
S1 KLFLTDEV; C:\Windows\system32\DRIVERS\klfltdev.sys [44880 2016-06-25] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [677776 2016-07-07] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-06-23] (AO Kaspersky Lab)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87936 2016-06-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [197512 2016-06-29] (Kaspersky Lab ZAO)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-24] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-24] (Malwarebytes)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 usbdpfp; C:\Windows\System32\drivers\usbdpfp.sys [67088 2010-02-24] (DigitalPersona, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
S3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 01:21 - 2017-05-24 01:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SEARCHCLINICFP-Windows-8.1-Pro-(64-bit).dat
2017-05-24 01:21 - 2017-05-24 01:21 - 00000000 ____D C:\RegBackup
2017-05-24 00:19 - 2017-05-24 03:09 - 00251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-05-24 00:19 - 2017-05-24 03:09 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-05-24 00:19 - 2017-05-24 00:19 - 00187320 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-05-24 00:19 - 2017-05-24 00:19 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-24 00:18 - 2017-05-24 00:18 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-24 00:18 - 2017-05-09 05:37 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-05-24 00:16 - 2017-05-24 00:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-24 00:16 - 2017-05-24 00:16 - 00000000 ____D C:\Users\personale\AppData\Roaming\Obsidium
2017-05-23 23:59 - 2017-05-23 23:59 - 00000000 _____ C:\Users\personale\Desktop\Tweaking.com - Windows Repair
2017-05-23 23:57 - 2017-05-23 23:57 - 00000000 _____ C:\Users\personale\Desktop\Tweaking.com
2017-05-23 23:44 - 2017-05-24 02:14 - 00002175 _____ C:\Users\personale\Desktop\Tweaking.com - Windows Repair.lnk
2017-05-23 23:44 - 2017-05-24 02:14 - 00000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-05-23 23:44 - 2017-05-23 23:44 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-05-23 23:43 - 2017-05-24 02:14 - 00848624 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-05-23 12:30 - 2017-05-23 12:30 - 00000000 ____D C:\Windows\pss
2017-05-23 10:58 - 2017-05-24 14:20 - 00000000 _____ C:\Recovery.txt
2017-05-23 05:24 - 2017-05-18 03:18 - 03907584 _____ C:\Windows\System32\Clinic_Data_ARCHIVE.accdb
2017-05-23 03:42 - 2017-05-23 13:01 - 00000000 ____D C:\FRST
2017-05-23 00:08 - 2017-05-23 12:28 - 01019094 _____ C:\Windows\ntbtlog.txt
2017-05-22 23:47 - 2017-05-22 23:47 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2017-05-20 08:30 - 2017-05-20 08:30 - 00000000 ____D C:\Users\ClinicDataEntry\Desktop\New folder (3)
2017-05-18 05:23 - 2017-05-18 05:25 - 00010134 _____ C:\Users\ClinicDataEntry\Desktop\PREP AMBASSADORS.xlsx
2017-05-18 00:03 - 2017-05-22 20:45 - 00005022 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SEARCHCLINICFP-ClinicDataEntry SEARCHCLINICFP
2017-05-16 04:57 - 2017-05-16 04:57 - 00000000 ____D C:\Users\ClinicDataEntry\Desktop\Final SEARCH Phase 11 Adverts
2017-05-16 04:57 - 2017-05-15 23:59 - 06621528 _____ C:\Users\ClinicDataEntry\Desktop\Final SEARCH Phase 11 Adverts.ZIP
2017-05-16 02:02 - 2017-05-16 02:02 - 07995573 _____ C:\Users\ClinicDataEntry\Desktop\Bugono_Backup.rar
2017-05-14 11:58 - 2017-05-20 00:52 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\LocalLow\BitTorrent
2017-05-13 06:13 - 2017-05-13 06:14 - 00000000 ____D C:\Users\ClinicDataEntry\Documents\Youcam
2017-05-11 23:41 - 2017-05-18 03:19 - 00030664 _____ C:\Users\ClinicDataEntry\Desktop\Randomized PrEP Participants not in ANY PrEP Datasets Mbale.XLSX
2017-05-08 00:36 - 2017-05-08 00:41 - 01531651 _____ C:\Users\ClinicDataEntry\Desktop\census_bugono.CSV
2017-05-05 01:57 - 2017-05-16 20:42 - 00000000 ____D C:\Users\ClinicDataEntry\Desktop\New folder (2)
2017-04-25 05:17 - 2017-04-26 00:50 - 00025132 _____ C:\Users\ClinicDataEntry\Desktop\CATTHY.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 03:09 - 2016-08-26 07:55 - 00000000 ____D C:\users\personale
2017-05-24 02:05 - 2013-08-22 06:44 - 00482536 _____ C:\Windows\System32\FNTCACHE.DAT
2017-05-23 12:29 - 2014-11-20 23:38 - 01182020 _____ C:\Windows\System32\PerfStringBackup.INI
2017-05-23 12:29 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2017-05-23 12:18 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-23 12:17 - 2016-09-15 09:50 - 00000000 __SHD C:\Users\personale\IntelGraphicsProfiles
2017-05-23 12:16 - 2016-10-13 12:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-05-23 02:45 - 2016-10-14 01:13 - 00000000 __SHD C:\Users\Supervisor\IntelGraphicsProfiles
2017-05-22 21:49 - 2016-10-14 01:19 - 00000000 __SHD C:\Users\ClinicDataEntry\IntelGraphicsProfiles
2017-05-22 20:36 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\System32\config\BBI
2017-05-22 20:31 - 2017-04-14 13:12 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\Roaming\BitTorrent
2017-05-22 20:31 - 2016-10-19 05:53 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\Local\ClassicShell
2017-05-22 20:17 - 2016-10-14 06:38 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ADC49313-2FA0-41DD-9DCE-07E5735F7D80}
2017-05-21 00:34 - 2016-10-18 11:30 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\Roaming\vlc
2017-05-19 08:32 - 2016-10-14 05:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3630324379-3284004203-613074852-1008
2017-05-19 03:53 - 2016-10-14 01:19 - 00000000 ____D C:\users\ClinicDataEntry
2017-05-18 00:14 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 04:33 - 2017-03-21 04:54 - 00014892 _____ C:\Users\ClinicDataEntry\Desktop\Query1.xlsx
2017-05-12 02:41 - 2017-03-21 04:54 - 00014736 _____ C:\Users\ClinicDataEntry\Desktop\Backup of Query1.xlk
2017-05-11 02:29 - 2016-10-14 06:50 - 00000000 ____D C:\Users\ClinicDataEntry\Documents\SQL Server Management Studio
2017-05-10 00:22 - 2017-02-28 04:00 - 00940064 _____ C:\Users\ClinicDataEntry\Desktop\Copy of Cumulative_NotonART_-_E-Uganda_v11jan2017(1)(1).xlsx
2017-05-07 04:35 - 2017-04-10 02:26 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\Roaming\DMCache
2017-05-05 04:30 - 2017-04-15 04:55 - 00000000 ____D C:\Users\ClinicDataEntry\Desktop\movies
2017-04-28 00:13 - 2016-10-21 11:21 - 00000000 ____D C:\Users\ClinicDataEntry\AppData\Roaming\dvdcss

Files to move or delete:
====================
C:\Users\Supervisor\7z.exe
C:\Users\Supervisor\backup_clinic_id_data.bat


Some files in TEMP:
====================
2017-05-19 01:48 - 2012-07-18 18:59 - 56517928 ____R () C:\Users\ClinicDataEntry\AppData\Local\Temp\Setup.exe
2016-08-26 08:48 - 2014-01-27 08:10 - 0178824 ____R (Microsoft Corporation) C:\Users\personale\AppData\Local\Temp\ose00000.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-11-21 00:14] - [2014-11-21 00:14] - 2501368 _____ (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE

C:\Windows\SysWOW64\explorer.exe
[2014-11-21 00:14] - [2014-11-21 00:14] - 2207488 _____ (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: Network => The system is configured to boot to Safe Mode <===== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-05-14 04:55
Restore point date: 2017-05-21 21:41
Restore point date: 2017-05-22 20:34
Restore point date: 2017-05-22 20:38
Restore point date: 2017-05-22 20:43
Restore point date: 2017-05-22 20:50
Restore point date: 2017-05-22 21:28
Restore point date: 2017-05-22 21:30
Restore point date: 2017-05-22 21:32
Restore point date: 2017-05-22 21:42
Restore point date: 2017-05-22 21:45
Restore point date: 2017-05-22 21:49
Restore point date: 2017-05-22 21:52
Restore point date: 2017-05-22 21:57
Restore point date: 2017-05-22 23:42
Restore point date: 2017-05-22 23:49
Restore point date: 2017-05-23 00:04
Restore point date: 2017-05-23 00:13
Restore point date: 2017-05-23 00:35
Restore point date: 2017-05-23 01:37
Restore point date: 2017-05-23 02:33
Restore point date: 2017-05-23 03:08
Restore point date: 2017-05-23 03:22
Restore point date: 2017-05-23 03:43
Restore point date: 2017-05-23 03:43
Restore point date: 2017-05-23 05:43
Restore point date: 2017-05-23 05:58
Restore point date: 2017-05-23 11:45
Restore point date: 2017-05-23 12:06
Restore point date: 2017-05-23 12:17
Restore point date: 2017-05-24 01:16

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4016.67 MB
Available physical RAM: 3299.3 MB
Total Virtual: 4016.67 MB
Available Virtual: 3316.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:194.97 GB) (Free:135.72 GB) NTFS
Drive d: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
Drive f: () (Fixed) (Total:270.45 GB) (Free:36.41 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BB03702)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 03418066)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

LastRegBack: 2017-05-22 20:26

==================== End of FRST.txt ============================


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:45 AM

Posted 24 May 2017 - 01:42 PM

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

Explorer.exe

It then should look like:

Search: Explorer.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 TADMINZ

TADMINZ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 24 May 2017 - 05:46 PM

thank you.

I did run it again and this is the result.

Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by SYSTEM (25-05-2017 01:35:39)
Running from D:\
Boot Mode: Recovery

================== Search Files: "Explorer.exe" =============

C:\Windows\explorer.exe
[2014-11-21 00:14][2014-11-21 00:14] 2501368 _____ (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE

C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d144c4b81daa3b6\explorer.exe
[2014-11-21 00:14][2014-11-21 00:14] 2207488 _____ (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129

C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bfa1f94d79e1bb\explorer.exe
[2014-11-21 00:14][2014-11-21 00:14] 2501368 _____ (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE

C:\Windows\SysWOW64\explorer.exe
[2014-11-21 00:14][2014-11-21 00:14] 2207488 _____ (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129

====== End of Search ======

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:45 AM

Posted 24 May 2017 - 06:27 PM

The system seems configured to boot in Safe mode with networking. Was that done by you?
 
 
Download the enclosed file. [attachment=194549:Fixlist.txt] Save it in the same location FRST is saved.
  • Start FRST (FRST64)as you did before
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

If able to boot in Normal or Safe Mode with Networking follow these steps.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Edited by JSntgRvr, 24 May 2017 - 07:18 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:45 AM

Posted 29 May 2017 - 05:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users