After Virus - Repair

[TheMailMan]

I am having trouble after a virus. I cleaned out most of it but i am still having problems. Programs keep opening in the background and are making it run slow. Many programs i try to open will try to open and then crash soon after. Also when i boot up the computer, it always comes up saying 'repairing drive' and lists one thing and continues. it goes by too fast to really see what it is. i have McAfee Total protection antivirus program. It cant seem to find anything. I have tried many things i have found online to try to fix this. i have also tried to Recover and Reset the computer but when I try, nothing happens. It acts like i didnt even click on anything or enter a command. please help.

[TheMailMan]

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-18.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-18-2019
# Duration: 00:00:15
# OS:       Windows 8.1 Connected
# Cleaned:  62
# Failed:   0


***** [ Services ] *****

Deleted       CltMngSvc
Deleted       WCAssistantService
Deleted       pgt_svc
Deleted       windowsmanagementservice

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Amazon\ABB
Deleted       C:\Program Files (x86)\LenovoBrowserGuard
Deleted       C:\Program Files (x86)\ProxyGate
Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted       C:\ProgramData\Lavasoft\Web Companion
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro (Verified)
Deleted       C:\Users\Heidi\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted       C:\Users\Heidi\AppData\Local\LenovoBrowserGuard
Deleted       C:\Users\Heidi\AppData\Roaming\AGData
Deleted       C:\Users\Heidi\AppData\Roaming\Lavasoft\Web Companion
Deleted       C:\Users\Heidi\AppData\Roaming\Microleaves
Deleted       C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted       C:\Users\Heidi\AppData\Roaming\UpProVerified
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser

***** [ Files ] *****

Deleted       C:\Users\Heidi\Downloads\SysInfo.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\AGPROXYCHECK

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\pokki
Deleted       HKCU\Software\DreamTrips
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\SetupCompany
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3C6CD8E-EB6A-4764-AF6D-55E1CE8840EA}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck
Deleted       HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\foldershare
Deleted       HKLM\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\LenovoBrowserGuard
Deleted       HKLM\Software\Wow6432Node\SHMADDON
Deleted       HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|AnonymizerGadget
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\s5m
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{716D2234-E822-4AB0-874A-1DD7F75047DB}_is1
Deleted       HKLM\Software\Wow6432Node\xs
Deleted       HKLM\Software\foldershare
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\WebDiscoverBrowser
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\S-1-5-18\Software\WebDiscoverBrowser

***** [ Chromium (and derivatives) ] *****

Deleted       Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

Deleted       Bing
Deleted       http://search.conduit.com/?ctid=CT3298578&SearchSource=48&CUI=UN22948076422779013&UM=2
Deleted       http://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2
Deleted       http://search.conduit.com/?ctid=CT3302998&SearchSource=48&CUI=UN30487700961502075&UM=2&UP=SP056BBF62-07ED-4013-8B9D-11B3A716A8A0

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

• Delete Tracing Keys
• Reset Winsock

*************************

AdwCleaner[S00].txt - [6959 octets] - [18/06/2019 18:23:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[TheMailMan]

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Google Chrome (74.0.3729.169)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[TheMailMan]

Will not open malware-bytes. i get an error that says can not to connect to service. I tried a few work around from online and nothing has worked.

[SuperDave]

Please turn on your Windows Security center. You could try running MBAM in Safe mode.