Computer Hope
Software => Computer viruses and spyware => Topic started by: TheMailMan on June 18, 2019, 06:36:45 PM
-
I am having trouble after a virus. I cleaned out most of it but i am still having problems. Programs keep opening in the background and are making it run slow. Many programs i try to open will try to open and then crash soon after. Also when i boot up the computer, it always comes up saying 'repairing drive' and lists one thing and continues. it goes by too fast to really see what it is. i have McAfee Total protection antivirus program. It cant seem to find anything. I have tried many things i have found online to try to fix this. i have also tried to Recover and Reset the computer but when I try, nothing happens. It acts like i didnt even click on anything or enter a command. please help.
-
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-18-2019
# Duration: 00:00:15
# OS: Windows 8.1 Connected
# Cleaned: 62
# Failed: 0
***** [ Services ] *****
Deleted CltMngSvc
Deleted WCAssistantService
Deleted pgt_svc
Deleted windowsmanagementservice
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Amazon\ABB
Deleted C:\Program Files (x86)\LenovoBrowserGuard
Deleted C:\Program Files (x86)\ProxyGate
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro (Verified)
Deleted C:\Users\Heidi\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Heidi\AppData\Local\LenovoBrowserGuard
Deleted C:\Users\Heidi\AppData\Roaming\AGData
Deleted C:\Users\Heidi\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Heidi\AppData\Roaming\Microleaves
Deleted C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted C:\Users\Heidi\AppData\Roaming\UpProVerified
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
***** [ Files ] *****
Deleted C:\Users\Heidi\Downloads\SysInfo.exe
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\AGPROXYCHECK
***** [ Registry ] *****
Deleted HKCU\Software\Classes\pokki
Deleted HKCU\Software\DreamTrips
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\SetupCompany
Deleted HKCU\Software\WebDiscoverBrowser
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3C6CD8E-EB6A-4764-AF6D-55E1CE8840EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck
Deleted HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\foldershare
Deleted HKLM\Software\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\LenovoBrowserGuard
Deleted HKLM\Software\Wow6432Node\SHMADDON
Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|AnonymizerGadget
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\s5m
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{716D2234-E822-4AB0-874A-1DD7F75047DB}_is1
Deleted HKLM\Software\Wow6432Node\xs
Deleted HKLM\Software\foldershare
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\WebDiscoverBrowser
***** [ Chromium (and derivatives) ] *****
Deleted Amazon Assistant for Chrome
***** [ Chromium URLs ] *****
Deleted Bing
Deleted http://search.conduit.com/?ctid=CT3298578&SearchSource=48&CUI=UN22948076422779013&UM=2
Deleted http://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2
Deleted http://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2&UP=SP056BBF62-07ED-4013-8B9D-11B3A716A8A0
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [6959 octets] - [18/06/2019 18:23:37]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Download and install: Please download Malwarebytes' scanner (http://downloads.malwarebytes.org/file/mbam) to your desktop.
Double Click mbam-setup.exe to install the application.
- It should update automatically if the computer is connected to the internet.
- Click on Threat Scan and click on Scan Now.
- The scan may take some time to finish,so please be patient.
- When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
- Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
- When disinfection is completed you can click on "Copy to Clipboard".
- Paste the log in you next reply (CTRL+ V)
*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.
Security Check (http://www.bleepingcomputer.com/download/securitycheck/)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Google Chrome (74.0.3729.169)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
Will not open malware-bytes. i get an error that says can not to connect to service. I tried a few work around from online and nothing has worked.
-
Please turn on your Windows Security center. You could try running MBAM in Safe mode.