New
#1
Not BSOD, but lots of issues - OS corrupt or virus (or both)?
If I should post this in another forum, I am happy to do so (I couldn't find a forum that quite fit my problem).
I was deployed for the last 18 months and my wife intermittently used the computer but often left it off and certainly didn't purposely maintain the computer. As time when on, she started telling me about more and more issues (freezing, acting strangely, etc). I am now back and indeed something is up.
Here are some of the issues when I arrived:
- I could not type in the search window (near the start button)
- The start button didn't always work (but did sometimes)
- I am unable to open Task Manager (it opens and then closes with nothing but the tabs every showing)
- A number of processes say the Windows 10 software is missing
I suspected 1) a virus or malware or 2) corrupt OS 3) both
Regarding the OS:
- Updated Windows and it froze at the reboot (I left it for 24 hours and it never got past 20% installed).
- Windows 10 Update Assistant tells me I need to update but gives me an unspecified error when I run it
- sfc.exe from an admin command prompt and it found problems it couldn't fix
- Did a memory and dskcheck /f - both fine
- Used CrystalDisk to check my boot drive - green
- Tried manual install a Windows update but every version I tried said something like "this update doesn't apply to your system"
- Had to create a USB boot on my laptop as MediaCreationTool gave me an error when I tried to create a boot USB
- Tried to "recover" from a USB boot and the USB loaded, but then said it was not able to recover and that I should try from within Windows
- Tried to “recover” from within Windows using USB and it said there was an error
Virus check:
- I use Windows Defender as my virus program - no issues noted
- I downloaded MalwareBytes and installed – “unable to connect service” error when I tried to run it
- Downloaded Bitdefender and installed but when I tried to logon on I got “Unexpected error” with no details
- I downloaded and ran Emsisoft Start Emergency Kit and found 11 “items” some of which looked like real virus issues (report below) but not all could be deleted – rescan (second report below) found 7 “items”.
First Report from Emsisoft
C:\Users\Scott\AppData\Local\Temp\52332234\ic-0.cbca147c4805f.exe Trojan.GenericKD.12070136 (B)
C:\Users\Scott\AppData\Local\ntuserlitelist\regtool\regtool.exe Gen:Variant.Johnnie.14657 (B)
C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\73f97e91c4500232dd42d2197d54827a.exe Application.Generic.1741633 (B)
C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\ca2b7813c03b10c8b5367fc3e56c043e.exe Gen:Variant.Zusy.250175 (B)
C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\19830114bbf25c0e3205d31daa8a3e87.exe Gen:Variant.Zusy.250175 (B)
Key: HKEY_USERS\S-1-5-21-721001023-2188217060-1018798448-1001\SOFTWARE\WAJIENHANCE Application.Toolbar (A)
C:\Users\Scott\AppData\Local\ntuserlitelist Trojan.Trafmous (A)
C:\Users\Scott\AppData\Local\inmzkbs\ntetz\ct.exe Trojan.GenericKD.5732155 (B)
C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe Application.Agent.ASX (B)
C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe Application.Agent.ASY (B)
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe Gen:Variant.Application.LinenO.1 (B)
Second Report from Emsisoft
C:\Users\Scott\AppData\Local\inmzkbs\ntetz\ct.exe detected: Trojan.GenericKD.5732155 (B) [krnl.xmd]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
C:\Users\Scott\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool\regtool.exe detected: Gen:Variant.Johnnie.14657 (B) [krnl.xmd]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
Sorry this is so long, but I figured details might be useful. I attached my zip file. I know enough about computers to make me dangerous, but I welcome any thoughts on what to do next before I save my important files and wipe the drive and start over with a new install (painful!).
Thanks