Boot scan asking if sure file is a Windows folder, infected with win32 malwa-gen

So many problems today. Basically my laptop is dead. :frowning: After doing a scan with Malware antibytes I removed over 1000 virus’s and restarted. Now when I log on I get about 20 error messages all saying
Disk error- “secureassist.dll us either not designed to run on windows or it contains an error.”
The top part of the error says “Chrome.exe” “Windows.exe” and a whole bunch more.

I can’t do much on the laptop, I can’t even access the internet on it!

So I did a scan with Avast and it took me to the boot scan, and at 99% it started saying if I’m sure I want to move the file to chest because its in a windows folder… Is it safe to do this?

I really need help, anyone know anything I should do to try and fix this? I can’t download anything as I can’t get on the internet!!

Thanks in advance

secureassist.dll seems to be part of adware.

https://forum.avast.com/index.php?topic=53253.0

Ok I see… I clicked 1 for Yes move to chest.

Nothing has changed and my computer still comes up with the errors and I can’t connect to the internet. I seem to get less error messages after that though. I still get about 15-20 and every now and then for example: “dsrlte.exe - bad image. C:zwindows\system32\secureassist.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original media or contact your system administator or the software vendor for support”

The only thing that changes in the error messages is “dsrlte.exe” will change to “windows.exe” “chrome.exe” etc…

What should I do next?

Do you have access to Malwarebytes scan log so we can see what was found and removed? …if so attach it here

I wish I did… but when I got the errors I searched online and people said best thing to do is system restore… so I did a system restore and malwarebytes was removed from my computer.

If you think the filelog is still on my computer can you tell me where to find it? Thanks

I guess it is gone with Malwarebytes…

Are you able to download and run a diagnostic tool?

I can’t get on the internet :confused:
I’m connected, this computer im using now is on the same network and works fine, but my laptop when I go on chrome or IE doesn’t work, if I type google.com it says it can’t connect. It was working this morning too, and it says its connected to the internet… not sure at all whats going on! :frowning:

You may need to download on another computer and move it over with a USB stick

See instructions here https://forum.avast.com/index.php?topic=53253.0
Scroll down to Farbar Recovery Scan Tool …run as instructed and attach the two diagnostic logs

If you can’t get on the internet, then how do you post here? :wink:
Download the tools, put them on a usb-stick, cd or something and run them on the system with problems.

Ok thanks for getting back to me, I appreciate it

I’m going to look and ask around for a USB stick so I can do this, I will post the results as soon as I can but I don’t know how long its gonna take me to find one :confused:

Thanks again

I found a USB

I’ve done the scan I can post the txt files, how do I post files on here? :confused:

Oh just figured it out! Here they are thanks in advance hope this helps :smiley:

Thank you

OK this one has very few MS files on it, most are adware. So let redress the balance

First from control panel > programmes and features uninstall the following programmes. If one will not uninstall then go to the next one

Buzzdock
FreeSoftToday
Groovorio
InboxAce Toolbar Chrome Extension
istart123 uninstall
Movies Toolbar for Chrome
Movies Toolbar for Internet Explorer
MyPC Backup
PepperZip 1.0
RegClean-Pro
Remote Desktop Access (VuuPC)
SecretSauce
Severe Weather Alerts
Shop-wit
SpeedUpMyPC
SupraSavings
WindowsMangerProtect20.0.0.502
Yahoo! Search

THEN

Download the attached fixlist.txt to the USB
Transfer the USB to the poorly computer
Copy the fixlixt.txt to the same location as FRST (this is very important, if FRST is on the desktop then that is where the fixlist.txt must be)
Run FRST and press Fix
The run may take a while but once it has finished it will ask to reboot
OK that

THEN

There will be a very high probability that you will now be able to get online

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

NEXT

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

FINALLY

Run a fresh FRST scan so that I can see what is left

Thank you so much essexboy, I tried deleting all on the list. Some of them are missing files to unistall (due to me unistalling them earlier and then doing a system backup and a couple of them are clearly virus’ and just wouldn’t unistall…

But I’m “fixing” now, so I’ll keep you updated :slight_smile:

I appreciate everyone’s help. I’ve been trying to fix it for like 8-9 hours now and its my only day off this week, couldn’t afford to take it to computer repair shop, they’d of charged a whod of cash for the service you’ve given me that’s my I’m very greatful :confused:

I’ll let you know how I get on :slight_smile:

OK. If FRST appears to hang on the emptytemp command give it ten minutes or so, also the boot will give a black screen for a few minutes as FRST finishes off so do not panic :slight_smile:

thank you

The internet is working !!!
There is no error signs!!!

thank you

Did you do this?

FINALLY Run a fresh FRST scan so that I can see what is left

Sorry I took so long, below are the files requested.

Thank you

It is past midnight here in europe now…Essexboy will be back online tomorrow

OK now that looks a world better, just some orphans to remove :slight_smile:

How is the computer behaving now ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-11-08 17:11 - 2014-08-28 15:01 - 00000000 ____D () C:\Users\Public\33406BBDCFD844AD9C782C434FCB0EB5 CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File CustomCLSID: HKU\S-1-5-21-952618997-3494704294-2079771477-1001_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\martin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.