Slow At Startup & Sometimes Server Took To Long To Reply Message

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by theremotedr, Apr 30, 2020.

  1. theremotedr

    theremotedr Master Sergeant

    Hi,
    As per title,
    Sometimes i need to wait before i can do anything,red lights on pc seem to be going crazy flickering away.

    So ive come here again to have a clear out.

    I have run the tools as advised if the READ & RUN ME FIRST post.
    Attached are the log files

    I await instructions for how to continue.
    Thanks

    Windows 7 Professional
     

    Attached Files:

    theremotedr, Apr 30, 2020
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please rerun ADWCleaner and remove:
    Adware.OnlineIO C:\Program Files\Microleaves
    Adware.OnlineIO C:\ProgramData\Microleaves
    Adware.OnlineIO C:\Users\Ian\AppData\Roaming\Microleaves
    Adware.TrustedLogos C:\Windows\TrustedLogos
    PUP.Optional.OnlineIO C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
    PUP.Optional.OnlineIO C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
    PUP.Optional.Reimage C:\Windows\Reimage.ini
    Adware.OnlineIO HKLM\Software\Microleaves
    PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
    PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
    PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
    PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
    PUP.Optional.PrxySvrRST HKLM\Software\TrustedLogos
    PUP.Optional.Reimage HKCU\Software\Reimage
    PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine
    PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine.1
    PUP.Optional.SpyHunter HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe

    Then run Hitman and MBAM and remove EVERYTHING they find.

    Last, Run RogueKiller and remove these itesm:
    >>>>>> XX - Software
    [PUP.OnlineIO|Adw.MicroLeaves (Malicious)] HKEY_LOCAL_MACHINE\Software\Microleaves -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\TENCENT -- N/A -> Found
    [Tr.ProxyAgent (Malicious)] HKEY_LOCAL_MACHINE\Software\TrustedLogos -- N/A -> Found
    [PUP.Reimage|PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2052246637-699227346-1952638870-1001\Software\Reimage -- N/A -> Found

    [Risk.Multikey (Malicious)] (file) multikey.sys -- C:\Windows\System32\drivers\multikey.sys -> Found
    [Tr.ProxyAgent (Malicious)] (folder) trustedlogos -- C:\Windows\trustedlogos -> Found
    [PUP.OnlineIO|Adw.MicroLeaves (Malicious)] (folder) Microleaves -- C:\Users\Ian\AppData\Roaming\Microleaves -> Found
    [PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\Ian\AppData\Local\AdvinstAnalytics -> Found
    [PUP.OnlineIO|Adw.MicroLeaves (Malicious)] (folder) Microleaves -- C:\ProgramData\Microleaves -> Found
    [PUP.OnlineIO|Adw.MicroLeaves (Malicious)] (folder) Microleaves -- C:\Program Files\Microleaves -> Found

    Reboot and rescan with all four tools and attach those new logs.
     
    TimW, May 1, 2020
    #2
  3. theremotedr

    theremotedr Master Sergeant

    Hi,
    Just going to Run RK which if by last night will take 2 hours.

    When i run / completed either HITMAN or MBAM it showed from memory say 4 items BUT it was asking for a product code key before it would delete anything.
     
    theremotedr, May 1, 2020
    #3
  4. theremotedr

    theremotedr Master Sergeant

    Ive run the software again and it was Hitman pro.
    I have attached its log.

    I am now going to run RK
     

    Attached Files:

    theremotedr, May 1, 2020
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Hitman!!

    Malware _____________________________________________________________________

    C:\Users\Ian\ZIP AND EXE\Adobe Lightroom 5.7\Keygen.exe

    Remove it.

    No scan should be asking for a key!!
     
    TimW, May 1, 2020
    #5
  6. theremotedr

    theremotedr Master Sergeant

    Hi,
    My mistake as didnt see the link etc to run free trail etc etc.
    I have done as above and after restart & running the 4 again i now attach there log files.
     

    Attached Files:

    theremotedr, May 1, 2020
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    C:\Users\Ian\ZIP AND EXE\Adobe Lightroom 5.7\Keygen.exe!!

    Warning about cracked software Cracked Software.

    Otherwise you are clean. But if you continue using cracked software, you will again get infected and the continued use of this piece will probably result in stealth downloads of additional malware!!
     
    TimW, May 1, 2020
    #7
  8. theremotedr

    theremotedr Master Sergeant

    Hi,
    Now deleted as per advice,many thanks.

    This morning i have run all 4 again.
    Logs attached only for tool that found something.
    I see you said clean above but should i also delete these ?
    I mean if tool found it would it be better for me to just also delete them.

    My issue which is why i decided to run the tools again was when i first switch on th pc i need to wait at least 5 minutes because the red light is working like crazy.
    If i try to open anything it freezes or hangs for a long time.
    Once whatever is finished all day its great so issue just when i first switch it on.

    Do you have any advice or a tool that i can narrow done maybe whats going on then decide etc should i just delete the item as its getting beyond a joke.

    Have a nice day.
     

    Attached Files:

    theremotedr, May 2, 2020
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. There are numerous reasons for a slow startup, so I suggest you post in the software forum for additional assistance.

    aIf you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    3. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. After doing the above, you should work thru the below link:
     
    TimW, May 2, 2020
    #9
  10. theremotedr

    theremotedr Master Sergeant

    Many thanks,now completed.
    I will pop over to the other group now.
     
    theremotedr, May 2, 2020
    #10
    TimW likes this.
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good luck. :)
     
    TimW, May 2, 2020
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds