In Progress Win 10 - infected?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
I posted in a separate forum and was told to post in this section. Here's a link to that previous post:
https://forums.techguy.org/threads/disk-management-blank.1166122/#post-9206603

My personal laptop details:
HP 15-f305dx Notebook PC purchased with Windows 10 Home preinstalled
Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics 2.00 GHz
Installed memory: 4.00 GB
System type:64-bit OS, x64-based processor

Computer Issues:

I noticed days ago that disks/volumes is blank in Disk Management. (screen shot included below).
Also, Diskpart > list disk, result was "There are no fixed disks to show."
sfc /scannow showed no errors and check disk showed no errors.
Restarting the computer did not fix the problem.

I posted about this today. Not long thereafter, I did a restart, which took a long time even though fast boot is enabled, and all of a sudden Disk Management was normal but the icons I'd pinned to the start menu deleted themselves and the control panel would not open. CPU was 50% with no programs open.

I did a restart but control panel still will not open. I tried to replace the start menu items but instead of beying able to move the newly placed start menu icons, the "weather" app turned grey and was unmovable and the news app created an image which won't go away that I am currently having to try to type over. (screen shots for this included below.

Suffice it to say, I think my computer is infected. I would appreciate any help. Thanks!Screenshot (34).png Screenshot (42).png Screenshot (45).png
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,389
Hello MEO123 and welcome to TSG,

Continue as follows please:

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

    'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

Post those logs in your reply.....

Thank you,

Kevin
 

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
Thank you for your help. I am having a lot of trouble pasting the logs because when I ctrl+v to paste, Google Chrome keeps going to the, Aw, snap! Something went wrong, page. So I will post a separate reply with each log. Maybe that'll help.
 

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2016
Scan Time: 9:31 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.16.07
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: My-PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325116
Time Elapsed: 26 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
I cannot post the FRST log because no matter how I break up the text (in case too much text in one post is the problem?) it goes to the Aw Snap! page, so I will upload the FRST log along with Addition. I hope that's okay.
 

Attachments

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : My-PC [Administrator]
Started from : C:\Users\My-PC\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/17/2016 00:04:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2483564810-605880800-3172170305-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2483564810-605880800-3172170305-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp15-comm.msn.com/?pc=HRTE -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2483564810-605880800-3172170305-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2483564810-605880800-3172170305-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 93b8ec4a747a8d53f0db456563f0a924
[BSP] c79dd24e7e25c603a61634e74751ab64 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - Basic data partition | Offset (sectors): 796672 | Size: 476550 MB
User = LL1 ... OK
User = LL2 ... OK
 

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
I hope you don't mind my supplying extra, potentially superfluous information, but I notice Disk Management shows 128 MB unallocated space which I don't recall seeing before. I attempted to "Extend Volume" Windows (C:) to merge that space with (C:) but I cannot. Screenshot included.

Screenshot (58).png
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,389
There is no obvious malware or infection in the logs you`ve posted, what isues concerns do you have... If you are unsure about partitioning maybe you can try Aomei Partion Assisteant, standard edition is free and simple to use.

Download link here: http://www.disk-partition.com/windows-10/add-unallocated-spce-windows-10-0528.html

Instruction manual here: http://www.disk-partition.com/manual.html

If you are not confident maybe you should post to Windows 10 forum here: https://forums.techguy.org/forums/windows-10.102/

Thank you,

Kevin
 

MEO123

Thread Starter
Joined
Feb 14, 2016
Messages
13
I don't care about partitioning though thanks for the info. I was concerned why my start menu icons delete themselves and the cpu is so high w/ out open programs, etc. How strange given there is no infection. Thanks for reviewing the logs.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,389
What is the current status of your system, do you still need help?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top