Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92792 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Maybe infected


  • This topic is locked This topic is locked
22 replies to this topic

#1 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 30 June 2020 - 03:36 AM

My laptop 3 day ago starts to be very slow. especially with internet connection

I have checked the connection speed with a second laptop and is OK

Attached Files


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 30 June 2020 - 03:18 PM

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
Task: {C0F76BCB-EC63-4DEC-BC5B-6D2866D54C46} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FCDA05B1-5FB0-4FF7-ADFF-68FD0C56A64B} - \WPD\SqmUpload_S-1-5-21-2555437703-3487995665-1624086675-1001 -> No File <==== ATTENTION
SearchScopes: HKLM-x32 -> {799AB903-C2F1-4ADE-B4A4-8D9D3001F018} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2555437703-3487995665-1624086675-1001 -> {0C16FF58-81D1-458F-89E4-997CC4E2D984} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&intl=it&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2555437703-3487995665-1624086675-1001 -> {799AB903-C2F1-4ADE-B4A4-8D9D3001F018} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [bollbfeakabenkobaocgakdibphdnanj] - <no Path/update_url>
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> No File
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ShortcutWithArgument: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Users\Marco\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
ShortcutWithArgument: C:\Users\Marco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Users\Marco\AppData\Local\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server
FirewallRules: [{7CEC368D-A3FA-4D5F-BC46-801F8EBA1D3D}] => (Allow) C:\Users\Marco\AppData\Local\Temp\7zS3C6D\hppiw.exe => No File
FirewallRules: [{3AA2E560-9C52-4A66-A778-379042D464C6}] => (Allow) C:\Users\Marco\AppData\Local\Temp\7zS3C6D\hppiw.exe => No File
FirewallRules: [{875562EC-033C-4C4C-BE3F-14ECFE6B6769}] => (Block) C:\program files (x86)\d-link\d-viewcam\mainconsole.exe => No File
FirewallRules: [{F6A9A694-4307-43D0-A48A-DD4B437ECCF9}] => (Block) C:\program files (x86)\d-link\d-viewcam\mainconsole.exe => No File
FirewallRules: [UDP Query User{3B06924D-25E0-4728-B8B8-460FF69B7B84}C:\tnlenterprises\sentryvision\controlpanel.exe] => (Block) C:\tnlenterprises\sentryvision\controlpanel.exe => No File
FirewallRules: [TCP Query User{FE6F5FFE-7940-4DCE-824B-802D8194DFDA}C:\tnlenterprises\sentryvision\controlpanel.exe] => (Block) C:\tnlenterprises\sentryvision\controlpanel.exe => No File
FirewallRules: [{8D1B898C-2E7E-46FE-8FD9-2B343CA92A6D}] => (Allow) C:\Program Files (x86)\PCTV Systems\DistanTV\RemoteTVApp.exe => No File
FirewallRules: [{E8009070-8BBB-4F3C-9E57-A3809D6579DA}] => (Allow) C:\Program Files (x86)\PCTV Systems\DistanTV\RemoteTVApp.exe => No File
FirewallRules: [{70BC6082-A28F-4018-BF80-B5F62F3C702D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{F41DDC03-9CF1-40B5-B042-43F531706240}] => (Allow) E:\Advanced\autorun.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

 

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.
  • ==============
  • RogueKiller Scan
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit).
  • Move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Start Scan button in the right panel, which will bring up another tab, and click on it again (this time it'll be in the bottom right corner).
  • Wait for the scan to complete.
  • On the completion of the scan, the results will be displayed.
  • REMOVAL STEPS
  • Check only those entries that you are sure are malware (threat found), and click on the Remove Selected button.
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner).
  • This will open the report in Notepad. Please copy and paste the contents of the report into your next reply.


  • Please post these 3 logs when finished.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 01 July 2020 - 01:54 AM

Done you can reports attached

Attached Files



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 01 July 2020 - 04:11 AM

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • slick the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    You may have already used the below scanner, and if you have, please look in your add remove programs in the control panel and remove it.

    ESET Online Scanner

    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
    ---------------

    Please post these 2 logs when finished and tell me what your computer is doing now.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 01 July 2020 - 12:02 PM

MBAN report clean

I cant scan with esets

 on line

I have downloaded from your linck

but it doesn't work the application stops



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 01 July 2020 - 02:12 PM

Let's see if we can get this one to work

You will probably have to temporarily disable your antivirus security to download and run the below scanner.

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post the log when finished, is the computer running any better?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 02 July 2020 - 11:29 AM

Hi Juliet,

My pc has improved its performance a little.
After each restart the speed is satisfactory but with passing
dell ore goes down constantly.
I have interpreted the scan with the emergency kit and attach the log.
Eset on line scan now works but the scan is still in progress

I will post the report as soon as the scan finish

Attached Files



#8 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 02 July 2020 - 11:30 AM

some problems with english

My pc has improved its performance a little.
After each restart the speed is satisfactory but with passing
of the hours goes down constantly.
I have performed the scan with the emergency kit and attached the log.
Eset on line scan now works but the scan is still in progress



#9 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 02 July 2020 - 04:53 PM

what comes to mind looking over logs, you have a heavy duty internet security app on here,  Kaspersky, it's a good app and, can cause havoc at times with resources.
If in the back ground there is another item task to run, I could see lag happening.
I'm not saying by any means that this is exactly whats happened but let's keep that in mind.
 
Whats been found so far is light compared to others by means of infections but,  we haven't tried a root kit scan
After you complete what your doing with Eset on line scan follow the below.

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwa...t-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 July 2020 - 05:47 AM

Hi Juliet,

Esetonline scan has been completed and you find the report attached

Attached Files

  • Attached File  Eset.txt   1.11KB   13 downloads

    Advertisements

Register to Remove


#11 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 July 2020 - 05:50 AM

malwarebyte rootkit completed

nothing found

Today the PC seem to work properly

Attached Files



#12 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 03 July 2020 - 06:52 AM

Right now,  I don't think it's infection. What was and has been found has been removed.

Let's give it a day.  Use the computer but do not download anything.

 

Then give me an update.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 03 July 2020 - 08:58 AM

OK



#14 Marco1

Marco1

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 04 July 2020 - 08:15 AM

Hi Juliet,

Today afetr restarting my pc works really really slow

I have tried to disable kaspersky protection but nothing has changed :mellow:



#15 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,501 posts
  • Interests:Boo!....
  • MVP

Posted 05 July 2020 - 04:44 AM

How's it doing this morning?

 

Have you rebooted again?


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users