DUMB hard virus removal, need help

From Safe Mode with Networking.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

[IMG alt=“icon2.jpg”]https://pchelpforum.net/attachments/icon2-jpg.794/

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

[IMG alt=“frst disclaimer.jpg”]https://pchelpforum.net/attachments/...aimer-jpg.795/

[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][/ol]

[IMG alt=“frst.jpg”]https://pchelpforum.net/attachments/frst-jpg.796/

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

[IMG alt=“2016-08-12_152002.jpg”]https://pchelpforum.net/attachments/...52002-jpg.797/

Please Copy and Paste the contents of these logs in your next post for review by our Security Team[/IMG]

If you are able to do so, open up the batch file on your computer and then take a picture of it with your phone upload it to imgur.com paste the link to the picture here in your next reply.

[MEDIA=imgur]a/3N3wltz[/MEDIA]
[MEDIA=imgur]a/lKDJoJd[/MEDIA]

Photos were to large to upload. Screen shot of the code for first and the latter is the outcome.

It’s extremely tricky to get the computer into safe mode. Shift + restart just restarts the computer.

Boot in the Recovery Environment

[ul]
[li]To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:[/li][li]Restart the computer[/li][li]Once you’ve seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears[/li][li]Use the arrow keys to select Repair your computer, and press on Enter[/li][li]Select your keyboard layout (US, French, etc.) and click on Next[/li][li]Click on Command Prompt to open the command prompt[/li]Note: If you can’t access the Recovery Environment using the F8 method above, you’ll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

• [li]To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums[/li][li]Note: If you can’t access the Recovery Environment using the method above, you’ll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. [/li]
  • [li]To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums[/li][li]Note: If you can’t access the Recovery Environment using the method above, you’ll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums[/li][li]After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.[/li][li]On the boot options, select Troubleshooting > Advanced Options > Command prompt.[/li][/ul]

Once in the command prompt

[ul]
[li]Plug your USB Flash Drive in the infected computer[/li][li]In the command prompt, type notepad and press on Enter[/li][li]Notepad will open. Click on the File menu and select Open[/li][li]Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad[/li][li]In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter[/li][li]Note: Replace the letter e with the drive letter of your USB Flash Drive[/li][li]FRST will open[/li][li]Click on Yes to accept the disclaimer[/li][li]First press the Scan button. [/li][li]These actions will produce a log, Please copy and paste them in your reply[/li][/ul]

Or, if you are able to download FRST to your USB and drag it to the desktop of the infected machine and see if you are able to run it.

Another trick you may be able to do…

Open the command prompt and type [COLOR=rgb(184, 49, 47)]hh h (or Do this from the start search bar)
Hit enter.
Click on the question mark in the top left of the user interface.
Click on Jump to URL
Type in this URL Downloads - ProcessClose - Download Now - ToolsLib
Save Process Close to your desktop.
Make sure that you have FRST on the desktop as well.
Right click Process close run as admin. ( in your case double click as you may not have admin privilege )
Select […] Browse.
Go to the users folder, double click it.
Then select your user id
Then select Desktop
Right click FRST and run as admin.[/COLOR]

I tried all the steps you recommended, I run into a pack of admin privileges or windows won’t do anything. I think a hard reset is in order. How do I go about doing that knowing my situation?

Have you tried the steps in my other post involving the hh h browser and process close?

Also, this tool may run from a USB if you drag it to your desktop.
May also be able to download it with the hh h browser.

windows doesn’t do anything, I get no error yet it doesn’t start anything. I somehow completed a sfc /scannow and have the logs for it. You want to see the cbs.log?

Can you use the USB with windows 10 on it to boot into the recovery console?

See if you are able to run one of these versions of Rkill