1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved trojan/virus

Discussion in 'Virus & Other Malware Removal' started by JDStreet, Aug 13, 2019.

Advertisement
  1. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    I have the same problem as others, StartuCheckLibrary.dll not found. Could you please fix this issue.
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 12244 Mb
    Graphics Card: AMD Radeon(TM) HD 8350, 1024 Mb
    Hard Drives: C: 930 GB (266 GB Free);
    Motherboard: Dell Inc., 0D28YY
    Antivirus: Windows Defender, Disabled
     
  2. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    Here are the files according to the instructions
     

    Attached Files:

  3. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    I'm new to this so please forgive me if my info seems short.
    My issue is that when i boot up my computer it gives me 2 errors.
    Error 1, it states that the StartupCheckLibrary.dll, module could not be found
    Erro 2, it states that (I believe it is msrrv.dll or similar) module could not be found.
    It would be greatly appreciated with any help I can receive.
    Thank you.
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi JDStreet, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    Do you recognize this registry entry?

    ---------------------------------------------------
    Uninstall a Program
    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following programs on the list:
      Code:
      Web Companion
    • Select each program and click Uninstall.
    • Restart the computer if prompted.

    ---------------------------------------------------
    Uninstall a Chrome Extension
    • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    • Click the trash can icon next to the following extension(s):
      Code:
      PDF Converter Hub
      
    • A confirmation dialog will appear. Click Remove.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      SystemRestore: On
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      HKLM-x32\...\Run: [] => [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      Task: {097496DC-5804-4450-91E6-1413ECE60EED} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
      Task: {73D507DD-76AA-46FA-AA7D-82C2DB9F1B5A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
      Task: {9F7F174E-DC47-406C-BB9C-120EED25479A} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
      Task: {C6A1032A-BBB4-4764-A487-BC7D4B0057C0} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
      Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
      CHR NewTab: Default -> "active": false,
                  "entry": "chrome-extension://bceiakgkigbijnpkjgaohfcnffemnnmh/newtab/quicknewtabpage.html"
      S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2019-03-26] (Lavasoft Limited -> )
      2019-08-13 01:10 - 2019-08-13 01:10 - 000002400 _____ C:\WINDOWS\System32\Tasks\DriverToolkit Autorun
      2019-07-22 09:06 - 2019-07-22 09:41 - 000000000 ____D C:\Users\Jason\AppData\Roaming\MajorAV
      2019-07-22 09:06 - 2019-07-22 09:41 - 000000000 ____D C:\Program Files (x86)\MajorAV
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
      
      IE trusted site: HKU\S-1-5-21-1935747559-502016880-3565975014-1001\...\webcompanion.com -> hxxp://webcompanion.com
      
      C:\Program Files\Common Files\AVAST Software
      C:\Program Files (x86)\DriverToolkit
      C:\Program Files (x86)\Lavasoft
      Virustotal: C:\Users\Jason\cmd.exe
      CMD: Bitsadmin /Reset /Allusers
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • AdwCleaner[S0*].txt
    • Let me know how the computer is doing.
     
  5. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    I do not rcognize this entry
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
     
  6. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    Here are the results.
    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
    Ran by Jason (14-08-2019 07:50:27) Run:1
    Running from C:\Users\Jason\Downloads
    Loaded Profiles: Jason (Available Profiles: Jason & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    SystemRestore: On
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Task: {097496DC-5804-4450-91E6-1413ECE60EED} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
    Task: {73D507DD-76AA-46FA-AA7D-82C2DB9F1B5A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
    Task: {9F7F174E-DC47-406C-BB9C-120EED25479A} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
    Task: {C6A1032A-BBB4-4764-A487-BC7D4B0057C0} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
    CHR NewTab: Default -> "active": false,
    "entry": "chrome-extension://bceiakgkigbijnpkjgaohfcnffemnnmh/newtab/quicknewtabpage.html"
    S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2019-03-26] (Lavasoft Limited -> )
    2019-08-13 01:10 - 2019-08-13 01:10 - 000002400 _____ C:\WINDOWS\System32\Tasks\DriverToolkit Autorun
    2019-07-22 09:06 - 2019-07-22 09:41 - 000000000 ____D C:\Users\Jason\AppData\Roaming\MajorAV
    2019-07-22 09:06 - 2019-07-22 09:41 - 000000000 ____D C:\Program Files (x86)\MajorAV
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    IE trusted site: HKU\S-1-5-21-1935747559-502016880-3565975014-1001\...\webcompanion.com -> hxxp://webcompanion.com
    C:\Program Files\Common Files\AVAST Software
    C:\Program Files (x86)\DriverToolkit
    C:\Program Files (x86)\Lavasoft
    Virustotal: C:\Users\Jason\cmd.exe
    CMD: Bitsadmin /Reset /Allusers

    *****************

    SystemRestore: On => completed
    Error: (0) Failed to create a restore point.
    Processes closed successfully.
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{097496DC-5804-4450-91E6-1413ECE60EED}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097496DC-5804-4450-91E6-1413ECE60EED}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{73D507DD-76AA-46FA-AA7D-82C2DB9F1B5A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73D507DD-76AA-46FA-AA7D-82C2DB9F1B5A}" => removed successfully
    C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F7F174E-DC47-406C-BB9C-120EED25479A}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F7F174E-DC47-406C-BB9C-120EED25479A}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6A1032A-BBB4-4764-A487-BC7D4B0057C0}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A1032A-BBB4-4764-A487-BC7D4B0057C0}" => removed successfully
    C:\WINDOWS\System32\Tasks\DriverToolkit Autorun => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverToolkit Autorun" => removed successfully
    C:\WINDOWS\Tasks\DriverToolkit Autorun.job => moved successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
    "HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
    "Chrome NewTab" => removed successfully
    "entry": "chrome-extension://bceiakgkigbijnpkjgaohfcnffemnnmh/newtab/quicknewtabpage.html" => Error: No automatic fix found for this entry.
    WCAssistantService => service not found.
    "C:\WINDOWS\System32\Tasks\DriverToolkit Autorun" => not found
    C:\Users\Jason\AppData\Roaming\MajorAV => moved successfully
    C:\Program Files (x86)\MajorAV => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    HKU\S-1-5-21-1935747559-502016880-3565975014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
    "C:\Program Files\Common Files\AVAST Software" => not found
    C:\Program Files (x86)\DriverToolkit => moved successfully
    "C:\Program Files (x86)\Lavasoft" => not found
    VirusTotal: C:\Users\Jason\cmd.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)

    ========= Bitsadmin /Reset /Allusers =========


    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright Microsoft Corp.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 7888896 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12759155 B
    Java, Flash, Steam htmlcache => 441 B
    Windows/system/drivers => 274208 B
    Edge => 40525 B
    Chrome => 43065324 B
    Firefox => 99007007 B
    Opera => 142238 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 4522 B
    LocalService => 0 B
    NetworkService => 0 B
    NetworkService => 0 B
    Jason => 564102100 B
    Administrator => 29913 B

    RecycleBin => 0 B
    EmptyTemp: => 693.6 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 07:51:30 ====
     
  7. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    ere are the ressults of ADW
    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.0.0
    # -------------------------------
    # Build: 07-23-2019
    # Database: 2019-08-13.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 08-14-2019
    # Duration: 00:00:27
    # OS: Windows 10 Pro
    # Scanned: 35493
    # Detected: 16


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.DriveTheLife C:\ProgramData\DRIVERTALENT
    PUP.Optional.DriveTheLife C:\Users\Jason\AppData\Roaming\DRIVERTALENT
    PUP.Optional.DriverTalent C:\Program Files (x86)\OSTotoSoft
    PUP.Optional.Legacy C:\Users\Jason\AppData\Local\DriverToolkit

    ***** [ Files ] *****

    PUP.Optional.Legacy C:\Users\Jason\Downloads\SysInfo.exe

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    PUP.Optional.DriveTheLife HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
    PUP.Optional.Legacy HKCU\Software\DriverToolkit
    PUP.Optional.Legacy HKCU\Software\WebDiscoverBrowser
    PUP.Optional.Legacy HKLM\Software\WebDiscoverBrowser
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\WebDiscoverBrowser
    PUP.Optional.Legacy HKU\.DEFAULT\Software\WebDiscoverBrowser
    PUP.Optional.Legacy HKU\S-1-5-18\Software\WebDiscoverBrowser
    PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
    PUP.Optional.WebCompanion HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
    PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
  8. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    Computer seems to be running fine now, no notifications as of yet
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi JDStreet,

    Please uninstall the Chrome extension PDFMaker-live ads.

    Do you recognize the file C:\Users\Jason\cmd.exe?

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      HKLM\...\Policies\Explorer: [HideSCAHealth] 1
      C:\ProgramData\DRIVERTALENT
      C:\Users\Jason\AppData\Roaming\DRIVERTALENT
      C:\Program Files (x86)\OSTotoSoft
      C:\Users\Jason\AppData\Local\DriverToolkit
      Deletekey: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      Deletevalue: HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
      Deletekey: HKCU\Software\DriverToolkit
      Deletekey: HKCU\Software\WebDiscoverBrowser
      Deletekey: HKLM\Software\Wow6432Node\WebDiscoverBrowser
      Deletekey: HKU\.DEFAULT\Software\WebDiscoverBrowser
      Deletekey: HKU\S-1-5-18\Software\WebDiscoverBrowser
      Deletekey: HKCU\Software\Lavasoft\Web Companion
      Deletekey: HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
      Deletekey: HKLM\Software\Wow6432Node\Lavasoft\Web Companion
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.
     
  10. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    Do not recognize
    C:\Users\Jason\cmd.exe?
     
  11. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    Here are the results

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
    Ran by Jason (14-08-2019 16:23:05) Run:2
    Running from C:\Users\Jason\Downloads
    Loaded Profiles: Jason (Available Profiles: Jason & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    C:\ProgramData\DRIVERTALENT
    C:\Users\Jason\AppData\Roaming\DRIVERTALENT
    C:\Program Files (x86)\OSTotoSoft
    C:\Users\Jason\AppData\Local\DriverToolkit
    Deletekey: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Deletevalue: HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
    Deletekey: HKCU\Software\DriverToolkit
    Deletekey: HKCU\Software\WebDiscoverBrowser
    Deletekey: HKLM\Software\Wow6432Node\WebDiscoverBrowser
    Deletekey: HKU\.DEFAULT\Software\WebDiscoverBrowser
    Deletekey: HKU\S-1-5-18\Software\WebDiscoverBrowser
    Deletekey: HKCU\Software\Lavasoft\Web Companion
    Deletekey: HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
    Deletekey: HKLM\Software\Wow6432Node\Lavasoft\Web Companion

    *****************

    Restore point was successfully created.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
    C:\ProgramData\DRIVERTALENT => moved successfully
    C:\Users\Jason\AppData\Roaming\DRIVERTALENT => moved successfully
    C:\Program Files (x86)\OSTotoSoft => moved successfully
    C:\Users\Jason\AppData\Local\DriverToolkit => moved successfully
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
    "HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION\\DRIVERTALENT.EXE" => removed successfully
    HKCU\Software\DriverToolkit => removed successfully
    HKCU\Software\WebDiscoverBrowser => removed successfully
    HKLM\Software\Wow6432Node\WebDiscoverBrowser => removed successfully
    HKU\.DEFAULT\Software\WebDiscoverBrowser => removed successfully
    HKU\S-1-5-18\Software\WebDiscoverBrowser => not found
    HKCU\Software\Lavasoft\Web Companion => removed successfully
    HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService => removed successfully
    HKLM\Software\Wow6432Node\Lavasoft\Web Companion => removed successfully

    ==== End of Fixlog 16:23:37 ====
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Open File Explorer (press the Windows Key + E) please delete this file if present:

    Then empty the recycle bin by right-clicking the Recycle Bin desktop icon and selecting "Empty Recycle Bin."

    Let me know if you are able to successfully delete the file.
     
  13. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    C:\Users\Jason\cmd.exe did not exist in file explorer. Recycle bin was empty.
     
  14. JDStreet

    JDStreet Thread Starter

    Joined:
    Aug 13, 2019
    Messages:
    13
    My computer is acting very weird. It won't run my programs correctly.
     
  15. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi JDStreet,

    Do you receive an error message when attempting to open a program?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1231416

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice