|
Post by rdg2013 on Oct 11, 2013 18:03:23 GMT -8
I just successfully started Windows in normal user and Administrator mode without the Ransomware screen.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 11, 2013 18:24:20 GMT -8
Looks like you don't have any PUP's either to deal with, so On with step 4, Complete system check and cleanup of items and tools used. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed. I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of downloading the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. Quads
|
|
|
Post by rdg2013 on Oct 11, 2013 20:33:06 GMT -8
[Removed attachment]
I've attached the results of the EST scan.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 11, 2013 20:45:08 GMT -8
Download OTL www.bleepingcomputer.com/download/otl/ On to the Desktop Click on the Blue Button on the download page Download Now @ Authors Site Disable Norton / Symantec for say 30mins Start OTL, (Right click and from the menu choose "Run as Administrator") Click the Scan All Users checkbox. Change file age to 90 days Press the An OTL.txt and extras.txt will be created. To attach back in a post Quads
|
|
|
Post by rdg2013 on Oct 11, 2013 21:10:14 GMT -8
[Removed attachments]
Done
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 11, 2013 21:50:16 GMT -8
Uninstall ESET Online Scanner from the Programs list in Control Panel, then
Disable Norton for say 30 minutes or more Start OTL (like before), under Copy and paste Copy the entire contents of what is below inside the Code Box (include the : at the start of :OTL and all the way to the end / bottom) and run the script. (Red Run Fix Button) :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2013/10/11 21:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/10/11 19:40:35 | 000,000,000 | ---D | C] -- C:\FRST [2013/10/11 19:40:16 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Robbie\Desktop\FRST64.exe [2013/10/09 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Local\NPE [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
:Files C:\Users\Robbie_2\AppData\Local\Temp\jar_cache5525161406278908809.tmp C:\Users\Robbie_2\AppData\Local\Temp\jar_cache6822860184024445434.tmp C:\Users\Robbie_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\737293c0-3f704a53 C:\Users\Robbie_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\b5f58cc-57d7a066 C:\Users\Robbie_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\54bc1f0d-4b23e97a C:\Users\Robbie_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\54d94d51-452f1d6f C:\Users\Robbie_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3eda496-56e62ad9
:Reg
:Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [REBOOT]
The output log, should be placed in the C:\_OTL\MovedFiles folder after, to attach back here. Looks like a txt file not a Folder Quads
|
|
|
Post by rdg2013 on Oct 12, 2013 5:53:34 GMT -8
OTL fix results.
[Removed attachment]
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 12, 2013 9:50:05 GMT -8
How is your system running now?? All going well, one more step. Quads
|
|
|
Post by rdg2013 on Oct 12, 2013 9:57:54 GMT -8
My system seems to be back to its old self. Everything appears to be normal. Ready for the next step.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 12, 2013 10:09:36 GMT -8
Disable Norton Start OTL again but this time click the Black CleanUp button, then make sure the C:\_OTL folder is deleted after OTL deletes itself. After that you are free to go on your merry way. You are now fixed / Solved. Quads
|
|