Possible infection? Any help really appreciated.

system · October 26, 2015, 8:00pm

Hi there,

Yesterday evening I was watching a video on Amazon Prime when the sound stopped working, not being able to figure out why, I restarted my laptop, upon restarting I was unable to open any apps or programmes, and so restarted again - this time the laptop would not get passed the ‘loading circle’ which appears when windows 10 is starting up.
Today, I have managed to get it started, but it took me several attempts and sometimes the laptop would start but nothing at all would happen. Once I got it going I decided to run a virus scan - however, when trying to run scans - I tried a quick scan, a full system scan and a smart scan, none would progress further than 0%, despite being running for ages, and the laptop is also running extremely slowly today, taking ages to open things, if it opens them at all.

I had some kind of infection before, and a similar problem with Avast alerted me to it - don’t know if the problems booting or the fact I have recently upgraded to Windows 10 would have anything to do with it. Anyway, I got some great help on this forum last time, so if anyone could help me out I would be really grateful.

Thanks

essexboy · October 26, 2015, 8:17pm

It could be a hardware problem, but lets see

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

system · October 27, 2015, 6:11pm

Hi,

Thanks for your reply.

Here are the FRST scan results

essexboy · October 27, 2015, 7:42pm

Nothing readily apparent, I will clear some orphans and tidy up and see if that does anything

Did this occur after you upgraded to Windows 10 ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File 2015-10-25 20:08 - 2015-10-25 20:08 - 00000000 _____ C:\Users\Claire\AppData\Local\{3FAF2A1F-DE26-4399-A715-89704F96641A} 2015-10-25 20:06 - 2015-10-25 20:06 - 00000000 _____ C:\Users\Claire\AppData\Local\{3F2140CB-2075-4E7F-9DB3-5507B9296D4B} CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-787459892-3356432982-2326843635-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File Task: {0F934326-CD49-4665-8E2A-EC4FD61DE1DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {107369B1-D531-49E2-A33F-21FCC107C9FB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {59D5EFEC-885F-443D-841A-7DEC4DDBE394} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {68F7B77F-2529-4520-8B6C-2D99F74C5BA2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {714BC9C1-4D1F-4335-8420-32B1F670B6C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {7807B2FE-44FA-4CA2-B7B6-4C34B3666EBB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {A60C9106-2123-4C34-820F-E8218C060D99} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B93D4E45-D48C-4CC1-A3A7-9E04C1FF9F43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {BF5235E5-849E-408D-A3F1-53317AC03C7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C48A2052-E92A-4ED7-B2C4-E5F1639BCE77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {EFEC3CD4-99BC-44CE-9970-CCEE69A9BAF3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

system · October 28, 2015, 9:26pm

Hi again,

I upgraded to Windows 10 about 6 weeks ago, and hadn’t had any problems until this week

here is the fix log from FRST

essexboy · October 29, 2015, 2:57pm

Is there any change ?

system · October 29, 2015, 5:47pm

No, still having the same problems unfortunately

Do you reckon it might be a hardware problem?

essexboy · October 29, 2015, 6:06pm

It could well be, have you tried a refresh on windows 10 ?

system · October 29, 2015, 6:11pm

However, I am able to run a virus scan on avast now which I wasn’t before - so that’s good

I haven’t tried a refresh - could you tell me how to do that and I will give it a try?

Thanks

essexboy · October 29, 2015, 6:19pm

A nice little tutorial here http://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

system · October 29, 2015, 8:03pm

Great, thanks, will give this a go

Possible infection? Any help really appreciated.

Announcements