Malware Chinese Characters

Hi Blues,

We're hoping this will now solve the start up error....

Open up Autoruns, make sure you are on the 'everything' tab. Scroll down until you see this entry: (I have attached screenshot too of it)

• BVTConsumer File not found: KernCap.vbs

Right click it and delete it. Reboot the machine, do you still get the error, yes or no?

 

I had no idea you had issues with the start menu. Again, one thing at a time. Not promising deleting that entry will fix start menu.

 

I'm consulting with Chaslang about this, hang in there.

 

So please tell me what issues still remain and provide exact details. I know you just said there is a problem with the Start button but I'm not clear on exactly what the problem is (doesn't work is not sufficient). It does not sound like a malware problem though. Also exactly when did the each problem begin.

 

Sorry for the delay. Real work and issues at home have kept me super busy this week and I had little time to be here. I have a some more steps that I wanted to take. One was to see if I could help with the startup issue you have related to run.vbs. I will be posting something in a little while. I want to look over a few things in your previous logs first.

 

Okay first please run MSconfig and make sure that your PC is set for Normal Startup mode. Then continue with the below.

Download the attached fixlist.txt file found at the bottom of this message and save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Please attach the above two log first before you continue with the below.

Also at this point, I want to double check the status of your PC by having you run another scan with FRST like you have done previously. Please also attach the new FRST.txt.

 

I don't understand your last message. You said you fix the run.vbs issue but that fix was already given Kestrel13! quite awhile ago.
However now even though you said you fixed this, you are still saying startup does not work. So I'm not clear on exactly what you problem is. Could you tell me exactly what you mean?

Don't run anything from my previous fix now!!!! Please just do the below instead so that we can get a new status set of logs from a NEW version of MGtools.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista, Win7, Win8, or Win10, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below logs:

• C:\MGlogs.zip

 

But Kestrel13! had you fix this with a registry patch back on Feb 6th in Post # 44.

 

Okay now run MSconfig and select Normal Startup Mode. You don't have to be concerned about the kind of warning Kestrel13! gave you for using MSconfig to enter Safe Boot Mode. Normal Startup is the mode you should always be running in unless you are debugging problems. Reboot your PC after selecting normal startup mode. Then let's get a new log from AutoRuns ( same as you did previously - zip it and attach it ).

 

Okay now run AutonRuns again and look for anything related to Tencent or Baidu and select them one at a time and right click on it and select delete.
I saw the below in your last log. It may be the only one left:

Code:

SRepairDrv   Tencent SRepairDrv(电脑管家修复模块)    Tencent c:\windows\gjfix\srepairdrv 12/11/2015 2:08 AM 

Do you still have a problem at startup now after putting your PC into normal startup mode?

 

So when you boot up your PC, you go thru a login prompt? And then after login, you get a black screen ( Is it totally empty with no icons )? That is like explorer.exe is not running automatically ?

 

Please answer my questions from my last message and then also do the below.

See the below link and open up an elevated permissions command prompt window.

http://www.tenforums.com/tutorials/2790-elevated-command-prompt-open-windows-10-a.html#option1

• Now in the command prompt window type the below and click OK. Note: There is a space after the sfc.
  • sfc /scannow
• This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.
• When it finishes, you should just see the command line prompt return.
• Reboot your PC after this has finished running.
• Any change?

 

I'm still not getting a clear idea of your problem.

• After you login to Windows 10, does you Desktop appear with all your icons on it?
• Is the Start Button missing?
• Or is the Start Button there but does not work when you click on it? As in nothing happens?
• Or do you mean the Start Button is there button when you open it there are no other icons showing in it?
• What happens when you press the Windows Logo Key on your keyboard? Normally this pops up the Start Menu.
• Is the Taskbar present? If yes, are there other icons on it?
• Was this problem present when you first came here to work on your malware problems or did it start later?

Start button issues seem to be rather widespread in Windows 10.

 

Please try creating a new user account on your PC. Then logout of your original user account ( or reboot ) and then login into your new account and see if the Start Button works in this new account. If it does then reboot your PC and login to your original user account and see if the Start Button now works.

 

I don't understand what you mean about an error with jpgs. Do you mean that your problem is that you cannot upload JPG files here to the forum? Or do you mean that you cannot open them for viewing on your PC?

 

fixme.reg is not a JPG. It is a registry patch file. And it has nothing to do with trying to open a JPG. It seems you have your file associations messed up, and you will have to fix them by associating them with the correct applications.

You can try running the Windows Repair program that you ran way back in message # 22 on Feb 5th, but only select the below option.

23 - Repair File Associations (12 )

Then reboot and see if it helped.

 

Had you completely logged out of your original user account before you logged into the new user account?

 

It is really starting to sound like Windows 10 is very broken. Try going to downloading the below FixWin for Windows 10 tool and see if some of these Microsoft fixes will work for you. There are fixes in there for a damage Store and also for Start Menu problems.

http://www.majorgeeks.com/files/details/fixwin_for_windows_10.html

Since I already had you run the System File Checker the other day, you can just skip this recommended step.

 

Well we are quickly approach a point where you may have to do a reinstall of Windows 10 or a repair to the install to see if that can help. Before doing that I want to try restoring a few items from Quarantine folders just to see if it will help. Am not very confident that it will change anything because based on all previous logs, I cannot see anything that removed that could cause all these problems. It seems more like something has broken your Windows installation.

To that end, I will work up a script to run with FRST and will post it as soon as I can.

 

You're welcome.

Well the only other fixed may be a repair install ( which trys to preserve your current files and just fixes problems ) or a complete reinstall which would wipe everything and start over. Neither of which would be topics for the Malware Forum. One link that contains some info on a repair install is https://neosmart.net/wiki/windows-10-repair-installation/ See the section named Windows 10 repair installation

Also similar/additional info can be read here: http://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html


But let's try the below first.

Download the attached fixlist.txt file found at the bottom of this message and save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Any change to your Start Button problem?