[broadcastec]

fixlog and mbrdump attached

Attached Files

•  Fixlog.txt   343bytes   198 downloads
•  MBRDUMP.txt   512bytes   263 downloads

[Advertisements]

Thanks for the info.

 

Step#1 - Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

 

 

Let me know once this is done. Thanks.
 

[BrianDrab]

Thanks for the info.

 

Step#1 - Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

 

 

Let me know once this is done. Thanks.
 

[broadcastec]

Brian, I don't have Chrome installed on this machine.  I only use IE 11.

[BrianDrab]

Interesting, thanks. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   1.75KB   187 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste or type Chrome into the Search box and click the Search Registry button.
   
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Items for your next post

1. FRST Fixlog

2. Search results

[broadcastec]

Brian, this issue with my computer has corrupted the ability to paste into a post and when I right click to paste anything (such as the requested messages), it shuts down the browser (IE11)  Thus, the two logs are attached as files

Attached Files

•  Fixlog.txt   4.08KB   195 downloads
•  Search.txt   195.06KB   215 downloads

[BrianDrab]

Understood. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   1.39KB   192 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please attach the file in your reply.

[broadcastec]

This last process has rendered my computer looking like it's in a state of Safe Mode-- large, elongated graphics, but without the "Safe Mode" indicators at the top & bottom...and I do have some limited flexibility to get online, although it is not easily functional for my other uses.

Attached Files

•  Fixlog.txt   4.55KB   225 downloads

[broadcastec]

I tried to reboot and hit F8 several times, to get into the choice screen and then highlighted "Start Windows Normally," however, I am "stuck" with this quaisi-looking safe mode screen

[BrianDrab]

We'll fix this fairly quick. Can you first see if Malwarebytes will open/run in this state?

[BrianDrab]

After you verify if Malwarebytes will open and run you can do the following to get back to your previous state.

Go to Previous Restore Point
1. Click your Start button and type restore into the search box.
2. Click System Restore that comes up in the search results
3. Click Next and ensure you select the most recent restore point.
4. Click Next and then click Finish to confirm your restore point.
 
This should get you back to the previous state.

[broadcastec]

Malwarebytes will not open in the present state.   I also have a copy of Kaspersky's TDSSkiller in my security file and that will not open as well.  Should I continue to go back to the restore point as mentioned above, even without Malwarebytes being able to open?

[BrianDrab]

Yes, please do.

[broadcastec]

The system restore was successful.  Monitor looking normal.  One other characteristic of this "whatever" is, I get a lot of "Internet Explorer is Shutting Down" messages or "Stopped working, Windows is looking for a fix."  That coupled with the fact that many times I have to reload a page in order to get it to load tells me something is not right.

[BrianDrab]

Thanks for the info. I'd like to get your MBRs a different way. When time permits, please do the following.
 
MBRTool
1. Download the MBRTool and save to your desktop. Double-click MBRtool_Setup.exe and install the tool.
2. Plug in a USB drive that we can use for this. Note: All the data on the USB drive will be wiped so please plan accordingly.
3. Click your Start button and you should see an entry that was added that says Bootable USB disk builder. Click on this and answer Yes if the UAC prompt comes up.
4. Click next on the first screen that comes up
5. IMPORTANT! Please select your USB drive from the drop-down list. Ensure you don't select your main hard drive. If you have a question, please ask.
6. Click Create and answer Yes to confirm you want to do this.
7. Click OK once you receive a message that it was successfully created.

8. Boot your machine to your USB drive. If you need help doing this, please see this or let me know and I'll try to provide specific instructions for your machine.

9. It should boot up to a screen with two options. Just hit enter on the keyboard to select Start MBR Tool.

10. Type the number 2 on the keyboard and hit enter. This will select perform automatic backup of all MBRs to file.

11. After a few moments it will be complete.

12. Disconnect your USB drive and hit CTRL-ALT-DEL on your keyboard to reboot your machine.

13. Once you are back in Windows, plug back in your USB drive and please zip up and attach any files on the USB drive that begin with MBR_BACK.

 

 

[broadcastec]

Two MBR_Back files attached, 128 & 129

Attached Files

•  MBR_BACK.zip   510bytes   180 downloads
•  MBR_BACK (2).zip   657bytes   195 downloads