Jump to content

Recommended Posts

So over the last few days I've noticed that my internet connection would drop for every device in the house when my PC was turned on. I tried changing to a wireless connection but unfortunately I would have the same problem. I think that it could be some sort of malware causing this and my suspicion of malware is only strengthened because I can't open Malware bytes. I've tried using Malwarebytes chameleon but that seems launch and scan, but always fails. I've tried other free malware/virus removers and they haven't found anything but my experience with malwarebytes in the past tells me the other program doesnt usually find the stuff MB does.

Link to post
Share on other sites

Hello MRPyro and welcome to Malwarebytes,

Run the following and post the two produced logs:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin....

Link to post
Share on other sites

On 7/14/2016 at 7:30 PM, kevinf80 said:

Hello MRPyro and welcome to Malwarebytes,

Run the following and post the two produced logs:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin....

I posted the files as a reply, if you find anything unusual please let me know, thanks!

Link to post
Share on other sites

14 hours ago, kevinf80 said:

Yes i`m looking through your logs now... Do you know of this program C:\Program Files (x86)\Kloudian

I think it's something that came with my motherboard driver disk because there's something called "orbweb" in that folder and I remember that being installed with the drivers.

Link to post
Share on other sites

What exactly does it do, it loads at boot under other service names. Do you actually need it?

Quote

() C:\Program Files (x86)\kloudian\svcmain.exe
() C:\Program Files (x86)\kloudian\Orbweb Me\cconsole-7.exe
() C:\Program Files (x86)\kloudian\svcac.exe
HKLM\...\Run: [Gesture] => C:\Program Files (x86)\Kloudian\Orbweb Me\cconsole-7.exe [11776 2014-08-12] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, C:\Program Files (x86)\kloudian\logonsession.exe,

How does your system connect to the internet, is it via modem....?

Quote

Error: (07/15/2016 07:19:52 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C671EC7C-E88D-4B27-8144-9D4C4FCA0F8A}: The user Will-PC\Will dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (07/15/2016 07:19:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={79C4163D-AD73-4B05-A570-7FB4655946FF}: The user Will-PC\Will dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

 

Link to post
Share on other sites

4 hours ago, kevinf80 said:

What exactly does it do, it loads at boot under other service names. Do you actually need it?

How does your system connect to the internet, is it via modem....?

 

I don't think I need it, at least I never manually launch it to do anything with it. I use a BT home hub the 4.0 Type-A model

Link to post
Share on other sites

Thanks for the update, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns...

Kevin..

Fixlist.txt

Link to post
Share on other sites

Thanks for all the help Kevin I really appreciate you giving your time! I couldn't use zemana because it had to connect to the internet and my problem is stopping me from accessing the internet. However I used the other programs and it looks like my computer is clean with 0 threats found and nothing needing to be removed. I'm still slightly concerned to why it is I cant open malwarebytes but anyway here are the logs you wanted.

Fixlog.txt

AdwCleaner[C2].txt

Link to post
Share on other sites

Can you d/l the following, transfer to the sick pc, run the scans and post the logs...

Farbar scanner, for use when connection or redirect issues:

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Next,

Please download MiniToolBox from here:

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Transfer to sick PC save to desktop and run it.

Checkmark the following checkboxes:
 
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points



Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Let me see those logs....

Thank you,

Kevin...

 

Link to post
Share on other sites

Good to hear all is good for you now, continue as follows to clean up...

Use the following uninstaller to remove Zemana and Sophos....

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.