https://speccy.piriform.com/results/MczCtLpda7AUllWI2VSMpNc
My daughter wanted some freeware called PaintTool Sai. I researched it, seemed legit, and gave her permission to DL it. This is the website;
https://painttool-sai.en.softonic.com/
I run comodo and I installed it and gave it permission.
Next I saw a video downloader tool on the desktop and also some kind of speedier PC icon. I deleted those two icons from the desktop and there was still a loading icon going;
and then it installed the Painttool sai.
Next thing I noticed on firefox my browser had been changed to
http://www.webswitch.tk
Also on my desktop it is asking if I wanted to download a software update
I have random tabs popping up asking to help
It is looking fishy from the processes
I killed the only odd process I see under explorer.exe, and the grey processes won't let me cease those through comodo killswitch.
It is even happening right now, another tab opened.
I used advanced uninstaller to remove the programs and remove the traces, but to no avail.
I ran Comodo and it removed some items but nothing. I ran malwarebytes and it removed some items but no change.
I tried booting to safe mode and it stalls on the pulg n play monitor driver.
So then I used Comodo's rescue disk and it removed some items (HEUR.packed, bassmod) but still no change.
Any help would be appreciated!
Thanks,
Chris
Step 1 Please
Download Emsisoft Emergency Kit to your desktop.
· Please double click
EmsisoftEmergencyKit.exe this will install
Emsisoft Emergency Kit
· Next choose
Extract it will put program in
C:\EEK
· Navigate to
C:\EEK then click "
Start Emergency Kit Scanner .exe "
· Click
Yes to
User Account Control (UAC)
· Click
Yes to
Update Signature Definitions
· Now click "
Smart Scan "and select
Yes " to "
Detect Potently Unwanted Programs (PuPs) "
· Click
Delete Selected then click
View Report and save as
EEK.log .
· Click
Finish and post
EEK.log on next post.
Step 2 Scan with Malwarebytes Anti-Malware Malwarebytes Anti-Malware and save it to your desktop. · Please Install the Malwarebytes and select update . · Next, click the Settings , on the the left panel choose Detections & protection and Tick Scan for Rootkits . · Then Click the Scan tab, on bottom right click Main Menu then choose Threat Scan make sure radio button is selected on Threat and click Scan Now . · Click the Apply Actions button to remove threats if any. You will now be prompted to reboot. Click Yes . · After the reboot, click the History tab. · Click Application Logs and double-click the Scan Log . · At the bottom click Export and choose Text file . Save the file to your desktop and post log file contents in your next reply. Step 3 Please download AdwCleaner (by Xplode) and save it to your Desktop
Right-click on AdwCleaner.exe and Run as administrator . Click Scan. ( AdwCleaner will now scan for Adware.) Once scan finishes, click Clean , now follow the on screen prompts. Your computer should now reboot. A log file will automatically open. Please Copy and Paste when you replay in your next post.
Note: The log can also be found in here: C:\AdwCleaner\ Step 4 Scan with Farbar Recovery Scan Tool
Please download
Farbar Recovery Scan Tool x64 and save it to your Desktop.
Right-click on Run as Administrator to start the tool.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt .
Please copy and paste their content into your next reply.
its not allowing to delete or quarantine for Emsisoft Emergency Kit? try running it in safe mode
That is what I am saying, it wouldn't delete anything. I would hit the delete, it would ask if ok, then all the items would stay on the list.
try running it in safe modeVIDEO
Yeah buddy, I can't get into safe mode, which is what I was saying there in the original post. It hangs up at PNP monitor driver and then never actually goes into safe mode, because you lose monitor.
![[Image: jjjjjj_zpswrwshrvo.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/jjjjjj_zpswrwshrvo.jpg)
![[Image: hi_zpsbz13j4dz.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/hi_zpsbz13j4dz.jpg)
![[Image: jj_zpsg5gnt8vo.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/jj_zpsg5gnt8vo.jpg)
![[Image: jjjj_zpsijezyfqj.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/jjjj_zpsijezyfqj.jpg)
![[Image: hijack_zpsxyf85gd4.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/hijack_zpsxyf85gd4.jpg)
![[Image: h_zpskhspxfdd.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/h_zpskhspxfdd.jpg)
![[Image: jjjjj_zpstd9l4lvm.jpg]](https://i284.photobucket.com/albums/ll27/Zoe_Ariella_Harper/jjjjj_zpstd9l4lvm.jpg)
![[Image: jjjjjj_zpswrwshrvo.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/jjjjjj_zpswrwshrvo.jpg.html)
![[Image: hi_zpsbz13j4dz.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/hi_zpsbz13j4dz.jpg.html)
![[Image: jj_zpsg5gnt8vo.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/jj_zpsg5gnt8vo.jpg.html)
![[Image: jjjj_zpsijezyfqj.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/jjjj_zpsijezyfqj.jpg.html)
![[Image: hijack_zpsxyf85gd4.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/hijack_zpsxyf85gd4.jpg.html)
![[Image: h_zpskhspxfdd.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/h_zpskhspxfdd.jpg.html)
![[Image: jjjjj_zpstd9l4lvm.jpg]](https://s284.photobucket.com/user/Zoe_Ariella_Harper/media/jjjjj_zpstd9l4lvm.jpg.html)
![[Image: Emsisoft-Emergency-Kit.jpg]](https://briteccomputers.co.uk/forum/tutorials/Emsisoft-Emergency-Kit.jpg)
Please ![[Image: malwarebytes-icon.png]](https://briteccomputers.co.uk/forum/tutorials/malwarebytes-icon.png){kind=icon}
![[Image: adwcleane.png]](https://briteccomputers.co.uk/forum/tutorials/adwcleane.png)
![[Image: FRST.png]](https://briteccomputers.co.uk/forum/tutorials/FRST.png)
![[Image: RunAsAdmin.jpg]](https://briteccomputers.co.uk/forum/tutorials/RunAsAdmin.jpg)