Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem starting StartupCheckLibrary.dll


  • Please log in to reply

#1
Mingo_TTV

Mingo_TTV

    New Member

  • Member
  • Pip
  • 5 posts

Afternoon. I've recently run into a couple issues on startup when using my built PC. For around a month, I've received a popup box on startup saying "There was a problem starting StartupCheckLibrary.dll" and "The specified module could not be found". Otherwise there haven't been any issues until early this week. 

 

My 2 most recent startups have had a new issue. I am first brought to my log-in screen as per normal. Then, once I have entered my password and brought to my desktop, both monitors flicker black rapidly and the previously mentioned pop-up box opens. I am unable to click on anything in the flashing taskbar or bring up the start menu with the windows key. I am able hit ctrl+alt+delete and am brought to that screen without issue or flickering. I can then bring up the task manager and use that, however the desktop behind it continues to flicker. This goes on for about 2 minutes until finally my desktop background loads and then I am able to use my PC as per normal until the next reboot. 

 

I have attached both logs as when pasted, the post was too long to submit.

 

Attached Files


  • 0

Advertisements


#2
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts

Hi, Mingo_TTV.

 

Welcome to Geeks to Go Forums. :)

 

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within four days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


========================================================

I am currently reviewing your logs and will be back to you as soon as I can.


 


  • 0

#3
Mingo_TTV

Mingo_TTV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thanks for looking into this for me DR M


  • 0

#4
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts

Hi, Mingo_TTV.

These are my comments/instructions regarding your logs:

1. Hosts file

You are using a method to bypass activation of some programs. Therefore, the specific programs are pirated. Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. If you don't remove them, have in mind that my instructions will ask you to remove the method you use, and your programs may stop working properly.


2. P2P programs

You have μTorrent and uTorrent installed in your computer. These are P2P programs. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep them, DON'T use them during the cleaning procedure.
  • If you decide to uninstall them, then do the following:

Uninstall P2P programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
µTorrent 
uTorrent Web
  • Select the above programs, one at a time, and click Uninstall.
  • Restart the computer.

 

3. Notifications

Did you intentionally enable notifications from the following sites?

www.cashrewards.com.au;
hxxps://www.guilded.gg


4. Web Companion

Did you intentionally installe Web Companion (Lavasoft)? It is supposed to be a legitimate program, but it also may have been bundled with a third party software, and has to be uninstalled. If you decide to uninstall it, please do that using the instructions in step 2 above.


5. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {EBA86AD4-FC9A-4961-B8F6-50811DB3689F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF Homepage: Mozilla\Firefox\Profiles\w11yp6xr.default-release -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF NewTab: Mozilla\Firefox\Profiles\w11yp6xr.default-release -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

6. Search with FRST

  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search: box:
    StartupCheckLibrary.dll
    
  • Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

 

7. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

In your next reply please post:

  • Your reply about Notifications and Web Companion.
  • The fixlog.txt
  • The Search.txt
  • The new FRST.txt and Addition.txt

  • 0

#5
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts

Hi, Mingo_TTV.

 

Do you need any help regarding the above?


  • 0

#6
Mingo_TTV

Mingo_TTV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi DR M

 

Thank you so much for all of the help so far with this one. 

 

In regards to the notifications, yes, I have manually approved both of those sites but can appreciate the concern. As for the Web Companion, no, I don't ever recall installing it so I have uninstalled it as per your instructions. 

 

Since running the Fix I have restarted my PC once and it is still flickering for around 2 minutes before becoming good again. However, the startup .dll doesn't display as missing on startup which is good.

 

I have attached the requested logs again as it said my post was too long when pasting it in the post.

Attached Files


  • 0

#7
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts

Hi, Mingo_TTV.

 

Thank you for the logs.

 

We are first going to deal with the infections and then with everything else.

 

I will be back. :)


  • 0

#8
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts
Hi, Mingo_TTV.

I apologize for the delay.
 
Please, proceed with the following:
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [utweb] => "C:\Users\origi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
GroupPolicy: Restriction ? <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
Hosts:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
2. Run AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
 
3. Run Malwarebytes
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.Under the title Windows Security Center (Premium only) is unchecked.Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
 
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
 
4. Antivirus
 
Your logs show that both Kaspersky and Defender are enabled as your antivirus software. It's preferable to run only one antivirus at a time to avoid conflicts. If you want to keep Kaspersky, I will give you instructions to disable Defender.
 
 
In your next reply, please post:
  • The fixlog
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
  • Your reply about the antivirus

  • 0

#9
Mingo_TTV

Mingo_TTV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you again DR M.

 

I initially downloaded Kapersky when I got my PC but have mainly been relying on Windows Defender. If you don't mind, which of the two would you recommend? I don't have the paid version of Kapersky at this stage.

I've included the created logs below;

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by origi (23-11-2020 20:09:47) Run:2
Running from C:\Users\origi\Desktop
Loaded Profiles: origi
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [utweb] => "C:\Users\origi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
GroupPolicy: Restriction ? <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\a559bv13.default -> hxxps://searchdefault.co/homepage?hp=1&bitmask=9996&pId=BT171001&iDate=2019-12-25 10:02:22&bName=
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
FF SearchPlugin: C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml [2020-11-11]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
Hosts:
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully
"HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"Firefox newtab" => removed successfully
C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\a559bv13.default\searchplugins\bing-lavasoft-ff59.xml => moved successfully
C:\Users\origi\AppData\Roaming\Mozilla\Firefox\Profiles\w11yp6xr.default-release\searchplugins\bing-lavasoft-ff59.xml => moved successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"C:\Program Files (x86)\Lavasoft" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14902169 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 63564206 B
Edge => 0 B
Chrome => 392208818 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2986 B
origi => 2254655293 B
 
RecycleBin => 945324 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End 2 Fixlog 20:10:26 ====
 
 
AdwCleaner[S00].txt:
 
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-11-12.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-23-2020
# Duration: 00:00:17
# OS:       Windows 10 Pro
# Scanned:  31909
# Detected: 8
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
Malwarebytes report:
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/23/20
Scan Time: 8:29 PM
Log File: 65fac326-2d6e-11eb-9dfe-b42e9988d824.json
 
-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33306
License: Trial
 
-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
User: DESKTOP-Q4STC4U\origi
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 345632
Threats Detected: 24
Threats Quarantined: 0
Time Elapsed: 3 min, 12 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
PUP.Optional.Conduit, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, , , , , , 
PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 193, 236865, 1.0.33306, , ame, , , 
 
Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, 193, 236865, 1.0.33306, , ame, , , 
PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, 193, 236865, 1.0.33306, , ame, , , 
 
Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1797817695-3140524087-3623043744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, 193, 293058, 1.0.33306, , ame, , , 
 
Data Stream: 0
(No malicious items detected)
 
Folder: 4
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , , 
 
File: 13
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.1\STANDALONEPHASE1.DAT, No Action By User, 7995, 393793, 1.0.33306, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 201, 838845, , , , , CDD524D995F243D631502C37CB9C0782, 2004F077A0053DEE8273AF44502DF1850E00318538DC6EF53EAFD8940F580D79
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.log, No Action By User, 201, 838845, , , , , 29DE7A816BB78BA36C9F37F311044C23, D5E15C22C69007A3C00D7D693C538123AE1BC291B6C0D64014CAEF2FDCAA3D88
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, No Action By User, 201, 838845, , , , , 30D9EE442BBFCB2B05E371065C773B9F, C48330A5DF98021D89DCD1358F6FFD54CE9D61B6C12FF61658EC0291C8CB52C3
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 201, 838845, , , , , 92496B1AA1639608A8434683ADDB7C50, 17C07E562081C58EDFE738F3F1598804CAEC09FEAD8633EDF1FAA1369413496F
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 201, 838845, , , , , FEB9FE0004EAB87AFD6CCD276CAE568D, B6C212AB1A6096432FDF251E1AC491BBCB79296DFA07BF358A4BCA8C3B9EB0BF
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 201, 838845, , , , , AD4A88C5B444BEF570E260AC9ECFE093, 78D1F164486A3A975306707A0B6D204FDBF26BB70B5B75574F45E0E42A05CD24
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.33306, , ame, , 9B4D46DA4CEB803F1CDCA16B58A151EC, 5C91DA7CD2DDA9BFEAF5CC8699ED6CF95DE4144BE5405BD9D07103544F5619C5
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.33306, , ame, , 9B4D46DA4CEB803F1CDCA16B58A151EC, 5C91DA7CD2DDA9BFEAF5CC8699ED6CF95DE4144BE5405BD9D07103544F5619C5
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.33306, , ame, , 9B4D46DA4CEB803F1CDCA16B58A151EC, 5C91DA7CD2DDA9BFEAF5CC8699ED6CF95DE4144BE5405BD9D07103544F5619C5
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.33306, , ame, , 9B4D46DA4CEB803F1CDCA16B58A151EC, 5C91DA7CD2DDA9BFEAF5CC8699ED6CF95DE4144BE5405BD9D07103544F5619C5
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,355 posts

Hi, Mingo_TTV.

1. Run AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all threads found and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open (Note: previous scan showed no pre-installed software in your machine, so you can skip these sub steps).
      • Click OK to close it.
    • Check any pre-installed software items you want to remove (previous scan showed no pre-installed software in your machine, so you can skip this).
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start ADWCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items both options are set to Always.
    
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • Since threats were found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Antivirus

Actually staying with the built-in Windows 10 antivirus solution, Microsoft Defender, is a really good choice. It can keep you safe, assuming that you follow the safe computing rules. It's your choice of course.

If you want to uninstall Kaspersky, please read here how you can do it using the Removal Tool. Uninstall all the Kaspersky products in the computer:

Kaspersky Secure Connection
Kaspersky Total Security

Make sure you restart the computer every time you deal with a product.


4. Run FSS

  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. Your decision about the antivirus
  4. FSS.txt

 


  • 0

#11
Mingo_TTV

Mingo_TTV

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi DR M,

 

Just finished running through your instructions again. As an update, I am still running into the issue of the black screen and the flashing task bar for 2 minutes on every restart.

 

I have also uninstalled Kapersky from my computer. FYI the link you provided me regarding removing Kapersky didn't work for me, however I still managed.

 

The requested logs are below;

 

AdwCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-11-23.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-24-2020
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  9
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2188 octets] - [23/11/2020 20:16:41]
AdwCleaner[S01].txt - [2357 octets] - [24/11/2020 19:36:59]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Malewarebytes:
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/24/20
Scan Time: 7:43 PM
Log File: 2709a952-2e31-11eb-803b-b42e9988d824.json
 
-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33342
License: Trial
 
-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 346399
Threats Detected: 17
Threats Quarantined: 17
Time Elapsed: 8 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 4
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
 
File: 13
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.1\STANDALONEPHASE1.DAT, Quarantined, 7996, 393793, 1.0.33342, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 201, 838845, , , , , CDD524D995F243D631502C37CB9C0782, 2004F077A0053DEE8273AF44502DF1850E00318538DC6EF53EAFD8940F580D79
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.log, Quarantined, 201, 838845, , , , , 09C736BEFAC89D52272B7DB6A11DAD79, C57383A833996C0DAE6237C285A6BD258C8A3F211D18137404601369943AA1C2
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, Quarantined, 201, 838845, , , , , 30D9EE442BBFCB2B05E371065C773B9F, C48330A5DF98021D89DCD1358F6FFD54CE9D61B6C12FF61658EC0291C8CB52C3
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 201, 838845, , , , , 5F5AE6C4E35F125E7370B90285995284, E9799E36C41811FB14423C1013219A385FADE06CFFC22727A495A1CAD96953C0
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 201, 838845, , , , , D027FDF9C27323A93234D5D12AF9CF59, 51624243C8AEA0154AF51E010481B92BE6032F281F93A566210D2B0A2C8A029B
PUP.Optional.PushNotifications.Generic, C:\Users\origi\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 201, 838845, , , , , AD4A88C5B444BEF570E260AC9ECFE093, 78D1F164486A3A975306707A0B6D204FDBF26BB70B5B75574F45E0E42A05CD24
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.33342, , ame, , 6795C9F031DC3D1A35BF59817FF3FC9F, F5864CD8D061E6EC35781EED8F18A2D26A354829B9CCB8F1B64BEA9EB792DF39
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.33342, , ame, , 6795C9F031DC3D1A35BF59817FF3FC9F, F5864CD8D061E6EC35781EED8F18A2D26A354829B9CCB8F1B64BEA9EB792DF39
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.33342, , ame, , 6795C9F031DC3D1A35BF59817FF3FC9F, F5864CD8D061E6EC35781EED8F18A2D26A354829B9CCB8F1B64BEA9EB792DF39
PUP.Optional.PushNotifications.Generic, C:\USERS\ORIGI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.33342, , ame, , 6795C9F031DC3D1A35BF59817FF3FC9F, F5864CD8D061E6EC35781EED8F18A2D26A354829B9CCB8F1B64BEA9EB792DF39
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
FSS:
 
Farbar Service Scanner Version: 09-11-2020
Ran by origi (administrator) on 24-11-2020 at 19:55:50
Running from "C:\Users\origi\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Windows Security:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    Mingo_TTV

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP