Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Computer blocked up for "safety reasons" - tried everything
Message
<blockquote data-quote="kc1983" data-source="post: 140159" data-attributes="member: 13781"><p>Ok, some signs of life - I am able to log in and get to my desktop after running scan with FRST. </p><p></p><p>Problem - I can't download the Malwarebytes program - when I click on the link you provided I get an error that reads "mbar-1.07.0.1007.exe contained a virus and was deleted"</p><p>Also, you said to "unzip" but it's a .exe file </p><p></p><p>Here is the log file - </p><p></p><p>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013</p><p>Ran by SYSTEM at 2013-10-16 21:07:04 Run:1</p><p>Running from H:\</p><p>Boot Mode: Recovery</p><p>==============================================</p><p></p><p>Content of fixlist:</p><p>*****************</p><p>HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)</p><p>C:\Program Files (x86)\SearchProtect</p><p>HKU\bella58\...\Run: [SearchProtect] - C:\Users\bella58\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)</p><p>C:\Users\bella58\AppData\Roaming\SearchProtect</p><p>HKU\bella58\...\Run: [Exetender] - C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)</p><p>C:\Program Files (x86)\Free Ride Games</p><p>Startup: C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk</p><p>ShortcutTarget: brdfr8o.lnk -> C:\PROGRA~3\o8rfdrb.plz (Nolet Jeneverstokerij Corporation)</p><p>C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk</p><p>S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)</p><p>C:\Program Files (x86)\Google\Desktop\Install</p><p>S1 cuhjnfyf; \??\C:\Windows\system32\drivers\cuhjnfyf.sys [x]</p><p>C:\Windows\system32\drivers\cuhjnfyf.sys</p><p>2013-10-12 10:30 - 2013-10-14 13:22 - 00000000 _____ C:\ProgramData\brdfr8o.ctrl</p><p>2013-10-12 10:30 - 2013-10-12 10:30 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\brdfr8o.pzz</p><p>2013-10-12 10:29 - 2013-10-14 13:39 - 00883746 _____ C:\ProgramData\brdfr8o.pff</p><p>2013-10-12 10:29 - 2013-10-12 10:29 - 00192512 _____ (Nolet Jeneverstokerij Corporation) C:\ProgramData\o8rfdrb.plz</p><p>C:\$Recycle.Bin\S-1-5-21-2653063519-948153882-2980548328-1000\$7e1fb74fa5017bb5156bbb5561cf3be3</p><p>C:\Users\bella58\AppData\Local\Google\Desktop\Install</p><p></p><p>*****************</p><p></p><p>HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.</p><p>C:\Program Files (x86)\SearchProtect => Moved successfully.</p><p>HKU\bella58\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.</p><p>C:\Users\bella58\AppData\Roaming\SearchProtect => Moved successfully.</p><p>HKU\bella58\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.</p><p>C:\Program Files (x86)\Free Ride Games => Moved successfully.</p><p>C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk => Moved successfully.</p><p>C:\PROGRA~3\o8rfdrb.plz => Moved successfully.</p><p>"C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk" => File/Directory not found.</p><p>CltMngSvc => Service deleted successfully.</p><p>C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.</p><p>cuhjnfyf => Service deleted successfully.</p><p>"C:\Windows\system32\drivers\cuhjnfyf.sys" => File/Directory not found.</p><p>C:\ProgramData\brdfr8o.ctrl => Moved successfully.</p><p>C:\ProgramData\brdfr8o.pzz => Moved successfully.</p><p>C:\ProgramData\brdfr8o.pff => Moved successfully.</p><p>"C:\ProgramData\o8rfdrb.plz" => File/Directory not found.</p><p>C:\$Recycle.Bin\S-1-5-21-2653063519-948153882-2980548328-1000\$7e1fb74fa5017bb5156bbb5561cf3be3 => Moved successfully.</p><p>C:\Users\bella58\AppData\Local\Google\Desktop\Install => Moved successfully.</p><p></p><p>==== End of Fixlog ====</p></blockquote><p></p>
[QUOTE="kc1983, post: 140159, member: 13781"] Ok, some signs of life - I am able to log in and get to my desktop after running scan with FRST. Problem - I can't download the Malwarebytes program - when I click on the link you provided I get an error that reads "mbar-1.07.0.1007.exe contained a virus and was deleted" Also, you said to "unzip" but it's a .exe file Here is the log file - Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by SYSTEM at 2013-10-16 21:07:04 Run:1 Running from H:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit) C:\Program Files (x86)\SearchProtect HKU\bella58\...\Run: [SearchProtect] - C:\Users\bella58\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit) C:\Users\bella58\AppData\Roaming\SearchProtect HKU\bella58\...\Run: [Exetender] - C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.) C:\Program Files (x86)\Free Ride Games Startup: C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk ShortcutTarget: brdfr8o.lnk -> C:\PROGRA~3\o8rfdrb.plz (Nolet Jeneverstokerij Corporation) C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit) C:\Program Files (x86)\Google\Desktop\Install S1 cuhjnfyf; \??\C:\Windows\system32\drivers\cuhjnfyf.sys [x] C:\Windows\system32\drivers\cuhjnfyf.sys 2013-10-12 10:30 - 2013-10-14 13:22 - 00000000 _____ C:\ProgramData\brdfr8o.ctrl 2013-10-12 10:30 - 2013-10-12 10:30 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\brdfr8o.pzz 2013-10-12 10:29 - 2013-10-14 13:39 - 00883746 _____ C:\ProgramData\brdfr8o.pff 2013-10-12 10:29 - 2013-10-12 10:29 - 00192512 _____ (Nolet Jeneverstokerij Corporation) C:\ProgramData\o8rfdrb.plz C:\$Recycle.Bin\S-1-5-21-2653063519-948153882-2980548328-1000\$7e1fb74fa5017bb5156bbb5561cf3be3 C:\Users\bella58\AppData\Local\Google\Desktop\Install ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully. C:\Program Files (x86)\SearchProtect => Moved successfully. HKU\bella58\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully. C:\Users\bella58\AppData\Roaming\SearchProtect => Moved successfully. HKU\bella58\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully. C:\Program Files (x86)\Free Ride Games => Moved successfully. C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk => Moved successfully. C:\PROGRA~3\o8rfdrb.plz => Moved successfully. "C:\Users\bella58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brdfr8o.lnk" => File/Directory not found. CltMngSvc => Service deleted successfully. C:\Program Files (x86)\Google\Desktop\Install => Moved successfully. cuhjnfyf => Service deleted successfully. "C:\Windows\system32\drivers\cuhjnfyf.sys" => File/Directory not found. C:\ProgramData\brdfr8o.ctrl => Moved successfully. C:\ProgramData\brdfr8o.pzz => Moved successfully. C:\ProgramData\brdfr8o.pff => Moved successfully. "C:\ProgramData\o8rfdrb.plz" => File/Directory not found. C:\$Recycle.Bin\S-1-5-21-2653063519-948153882-2980548328-1000\$7e1fb74fa5017bb5156bbb5561cf3be3 => Moved successfully. C:\Users\bella58\AppData\Local\Google\Desktop\Install => Moved successfully. ==== End of Fixlog ==== [/QUOTE]
Insert quotes…
Verification
Post reply
Top